| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: win32.AutoRun.tmp trojaner lässt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.01.2011, 00:14
| #1 |
 |  win32.AutoRun.tmp trojaner lässt sich nicht entfernen Hi. Ich habe folgendes Problem: Spybot meldet den oben genannten Trojaner und verweigert mir mit Hinweis auf mangelnde Administratorrechte eine Bereinigung. Da ich mein Administratorpasswort vergessen habe (oder wurde es vielleicht vom Trojaner geändert???-bin nicht sicher  ) habe ich über den abgesicherten Modus einen neuen Adminstratoraccount angelegt. Jetzt ist allerdings auch mein Account den ich sonst immmer genutzt habe total verändert (temporäerer Account!??).Merke bis jetzt sonst nichts von einem Befall, außer dass mein Rechner immer langsamer wird  .Antivir findet keine infizierten Dateien. Hier kommt ein Post von den durchgeführten Scannprogrammen (OTL, Malware): OTL. Text:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.01.2011 21:29:55 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Admini\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,79 Gb Total Space | 76,02 Gb Free Space | 52,87% Space Free | Partition Type: NTFS Drive D: | 140,29 Gb Total Space | 135,72 Gb Free Space | 96,74% Space Free | Partition Type: NTFS Drive F: | 698,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MANFRED-ACER-LA | User Name: Admini | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.03 21:29:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admini\Downloads\OTL.exe PRC - [2011.01.03 20:44:20 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Admini\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010.12.12 01:46:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.12.12 01:46:02 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe PRC - [2010.09.07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.07.15 12:43:10 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 14:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\SpybotSD.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.10.03 23:58:58 | 000,962,480 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2008.10.03 23:55:12 | 004,378,000 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2008.10.03 22:40:00 | 000,165,144 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2008.10.03 22:39:54 | 000,554,264 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe PRC - [2008.03.24 18:37:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.02.25 09:53:24 | 000,518,656 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.02.25 09:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.01.24 03:29:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.24 03:28:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2008.01.09 18:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2008.01.02 14:17:28 | 000,707,080 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE PRC - [2007.12.20 11:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe PRC - [2007.12.20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.11.27 18:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2007.11.22 09:01:00 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.11.22 09:01:00 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.10.10 06:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007.10.01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.09.20 13:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.09.19 14:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.09.06 11:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007.08.17 15:13:20 | 000,364,192 | ---- | M] () -- C:\Windows\System32\atwtusb.exe PRC - [2007.06.25 17:12:36 | 001,969,824 | ---- | M] () -- C:\Windows\System32\WTMKM.exe ========== Modules (SafeList) ========== MOD - [2011.01.03 21:29:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admini\Downloads\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.07.15 12:43:10 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.07.15 12:43:09 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.15 10:48:20 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.12.23 10:44:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.10.03 22:39:54 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) SRV - [2008.02.25 09:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.11.27 18:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.11.22 09:01:00 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.10.01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.09.20 13:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.09.19 14:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.08.17 15:13:20 | 000,364,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\atwtusb.exe -- (WTService) SRV - [2005.02.09 10:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VHIDMini.sys -- (VHidMinidrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VcommMgr.sys -- (VcommMgr) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\VComm.sys -- (VComm) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\btcusb.sys -- (Btcsrusb) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\btnetdrv.sys -- (BT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio) DRV - [2010.10.02 12:25:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.09.16 13:09:44 | 000,027,432 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2010.09.14 14:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.09.07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010.09.07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010.09.07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010.09.07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010.09.07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009.05.22 22:24:01 | 000,306,816 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.12.23 12:08:25 | 000,971,168 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm140.sys -- (tdrpman140) Acronis Try&Decide and Restore Points filter (build 140) DRV - [2008.12.23 12:08:20 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2008.12.23 12:08:20 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2008.12.23 12:08:15 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380) DRV - [2008.12.17 09:42:26 | 000,004,352 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\activmouse.sys -- (prmvmouse) DRV - [2008.12.17 09:42:16 | 000,055,424 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\activhidsermini.sys -- (ActivHidSerMini) DRV - [2008.11.17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.03.25 15:04:50 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2008.03.11 03:11:00 | 008,240,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.01.30 09:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.01.24 03:29:00 | 001,950,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.01.24 03:29:00 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2008.01.24 03:29:00 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2008.01.24 03:29:00 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2008.01.24 03:29:00 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2008.01.24 03:29:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2008.01.24 03:29:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008.01.24 03:28:00 | 000,192,816 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008.01.04 16:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.01.03 04:07:26 | 000,059,952 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk) DRV - [2008.01.03 04:07:24 | 000,018,480 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2008.01.03 04:07:24 | 000,016,432 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007.11.22 09:05:00 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007.09.26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.08.08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.03 15:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007.07.03 15:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007.07.03 15:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007.07.03 09:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2007.06.12 09:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.06.05 15:12:04 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2007.06.05 15:11:24 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2007.03.21 04:46:00 | 000,598,379 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ovtcam2.sys -- (OM2800) DRV - [2007.01.04 08:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.02 14:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.12.21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA) DRV - [2005.12.21 09:14:52 | 000,019,712 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio) DRV - [2005.12.21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA) DRV - [2005.12.21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA) DRV - [2005.04.17 12:21:00 | 000,085,248 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctxusbtv.sys -- (CTXUSBTV) USB Hybrid Video Capture (DVB-T/PAL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {144D1513-0819-4538-AD26-D515AF443AE7}:1.1.0.1 FF - prefs.js..extensions.enabledItems: {3F4D6A2C-841D-403C-8CD8-48E54192DDEB}:1.0.0.5 FF - prefs.js..extensions.enabledItems: {4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2}:1.0.0.5 FF - prefs.js..extensions.enabledItems: {7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}:1.0.0.5 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2008.7.7 FF - prefs.js..extensions.enabledItems: {B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD}:1.0.0.8 FF - prefs.js..extensions.enabledItems: {C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}:1.0.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {EC1B67CA-A2CD-4931-915A-63D5341D1285}:1.0.0.5 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 01:46:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 01:46:03 | 000,000,000 | ---D | M] [2011.01.03 21:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admini\AppData\Roaming\mozilla\Extensions [2011.01.03 21:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admini\AppData\Roaming\mozilla\Firefox\Profiles\816d0xr1.default\extensions [2011.01.03 21:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admini\AppData\Roaming\mozilla\Firefox\Profiles\816d0xr1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.03 21:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admini\AppData\Roaming\mozilla\Firefox\Profiles\816d0xr1.default\extensions\staged-xpis [2010.11.04 08:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.06.29 16:11:21 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7} [2008.06.29 16:11:25 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB} [2008.06.29 16:11:23 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2} [2008.06.29 16:11:19 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} [2009.06.14 14:19:00 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2008.06.29 16:11:10 | 000,000,000 | ---D | M] (eBay Statusbar Button) -- C:\Programme\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD} [2008.06.29 16:11:27 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Programme\Mozilla Firefox\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C} [2010.06.24 22:10:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.07.22 22:35:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.04 08:02:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2008.06.29 16:11:26 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285} [2008.06.29 16:11:21 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{144D1513-0819-4538-AD26-D515AF443AE7} [2008.06.29 16:11:25 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB} [2008.06.29 16:11:23 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2} [2008.06.29 16:11:19 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} [2009.06.14 14:19:00 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{8AA36F4F-6DC7-4C06-77AF-5035170634FE} [2008.06.29 16:11:10 | 000,000,000 | ---D | M] (eBay Statusbar Button) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD} [2008.06.29 16:11:27 | 000,000,000 | ---D | M] (Preispiraten) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C} [2008.12.21 19:56:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.05.15 14:00:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.09.01 23:44:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010.06.24 22:10:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.07.22 22:35:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.04 08:02:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2008.06.29 16:11:26 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{EC1B67CA-A2CD-4931-915A-63D5341D1285} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.12.23 21:02:39 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.06.12 02:24:05 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.12 02:24:05 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.12 02:24:05 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.12 02:24:05 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.12 02:24:05 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.22 20:41:47 | 000,417,104 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 14409 more lines... O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST) O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten\IEButtonAmazonInterface.dll () O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten\IEButtonEbayInterface.dll () O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Programme\Preispiraten\IEButtonPPInterface.dll () O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten\preispiraten3ie.exe () O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten\preispiraten3ie.exe () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - File not found O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - File not found O9 - Extra Button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - File not found O13 - gopher Prefix: missing O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.15 20:04:32 | 000,000,169 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.03 21:21:26 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Roaming\Adobe [2011.01.03 21:18:04 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Roaming\Mozilla [2011.01.03 21:18:04 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Local\Mozilla [2011.01.03 20:45:26 | 000,000,000 | -H-D | C] -- C:\Users\Admini\AppData\Local\acer eNM [2011.01.03 20:44:50 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Roaming\ATI [2011.01.03 20:44:50 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Local\ATI [2011.01.03 20:43:57 | 000,000,000 | R--D | C] -- C:\Users\Admini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.01.03 20:43:57 | 000,000,000 | R--D | C] -- C:\Users\Admini\Searches [2011.01.03 20:43:57 | 000,000,000 | R--D | C] -- C:\Users\Admini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.01.03 20:43:45 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Roaming\Identities [2011.01.03 20:43:42 | 000,000,000 | R--D | C] -- C:\Users\Admini\Contacts [2011.01.03 20:43:41 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Local\VirtualStore [2011.01.03 20:43:32 | 000,000,000 | -HSD | C] -- C:\Users\Admini\AppData\Local\Verlauf [2011.01.03 20:43:32 | 000,000,000 | -HSD | C] -- C:\Users\Admini\AppData\Local\Temporary Internet Files [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Vorlagen [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Startmenü [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\SendTo [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Recent [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Netzwerkumgebung [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Lokale Einstellungen [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Documents\Eigene Videos [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Documents\Eigene Musik [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Eigene Dateien [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Documents\Eigene Bilder [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Druckumgebung [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Cookies [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\AppData\Local\Anwendungsdaten [2011.01.03 20:43:31 | 000,000,000 | -HSD | C] -- C:\Users\Admini\Anwendungsdaten [2011.01.03 20:43:29 | 000,000,000 | --SD | C] -- C:\Users\Admini\AppData\Roaming\Microsoft [2011.01.03 20:43:29 | 000,000,000 | R--D | C] -- C:\Users\Admini\Videos [2011.01.03 20:43:29 | 000,000,000 | R--D | C] -- C:\Users\Admini\Saved Games [2011.01.03 20:43:29 | 000,000,000 | R--D | C] -- C:\Users\Admini\Pictures [2011.01.03 20:43:29 | 000,000,000 | R--D | C] -- C:\Users\Admini\Music [2011.01.03 20:43:29 | 000,000,000 | R--D | C] -- C:\Users\Admini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.01.03 20:43:29 | 000,000,000 | R--D | C] -- C:\Users\Admini\Links [2011.01.03 20:43:29 | 000,000,000 | R--D | C] -- C:\Users\Admini\Favorites [2011.01.03 20:43:29 | 000,000,000 | R--D | C] -- C:\Users\Admini\Downloads [2011.01.03 20:43:29 | 000,000,000 | R--D | C] -- C:\Users\Admini\Documents [2011.01.03 20:43:29 | 000,000,000 | R--D | C] -- C:\Users\Admini\Desktop [2011.01.03 20:43:29 | 000,000,000 | R--D | C] -- C:\Users\Admini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.01.03 20:43:29 | 000,000,000 | -H-D | C] -- C:\Users\Admini\AppData [2011.01.03 20:43:29 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Local\Temp [2011.01.03 20:43:29 | 000,000,000 | ---D | C] -- C:\Users\Admini\Roaming [2011.01.03 20:43:29 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Local\Microsoft Help [2011.01.03 20:43:29 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Local\Microsoft [2011.01.03 20:43:29 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Roaming\Media Center Programs [2011.01.03 20:43:29 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Roaming\Macromedia [2011.01.03 20:43:29 | 000,000,000 | ---D | C] -- C:\Users\Admini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerProducer [2010.12.29 20:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2010.12.19 01:16:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.19 01:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2010.12.19 01:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.19 01:16:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.19 01:16:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.17 05:39:57 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.17 05:39:56 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.17 05:39:56 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.17 05:39:55 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.17 05:39:54 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.17 05:39:53 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.17 05:39:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.17 05:39:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.17 05:39:47 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.17 05:39:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.17 05:39:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.12.17 05:39:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.12.17 05:39:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.12.17 05:39:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.12.17 05:39:41 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.17 05:39:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.17 05:39:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.17 05:39:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.12.17 05:39:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.12.17 05:39:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.12.17 05:39:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.12.17 05:39:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.12.17 05:39:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.12.17 05:39:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.12.17 05:39:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.17 05:39:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.12 19:51:35 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.12.12 19:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2010.12.12 19:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEWZIP [2010.12.12 19:42:45 | 000,000,000 | ---D | C] -- C:\Programme\NEWZIP [2008.05.08 18:08:56 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.05.08 18:08:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2008.03.25 21:59:55 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.03 21:32:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.03 21:19:20 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.01.03 20:43:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.03 20:43:21 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 20:43:21 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 20:43:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.03 20:43:13 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2011.01.03 20:36:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.01.01 20:00:04 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2010.12.21 21:19:05 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.21 21:19:05 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.21 21:19:05 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.21 21:19:05 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.17 18:07:54 | 000,474,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.03 20:43:13 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2010.12.12 19:43:02 | 000,022,528 | ---- | C] () -- C:\Windows\zipsfx.bin [2010.12.12 19:43:00 | 000,130,560 | ---- | C] () -- C:\Windows\Zipdll.dll [2010.12.12 19:42:57 | 000,115,712 | ---- | C] () -- C:\Windows\Unzdll.dll [2010.08.20 11:13:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.08.20 10:44:31 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.07.23 14:49:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.15 13:31:19 | 000,000,190 | ---- | C] () -- C:\Windows\System32\Vista Services Optimizer.ini [2009.09.02 02:57:52 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2009.09.02 02:57:51 | 000,000,014 | ---- | C] () -- C:\Windows\schreib2.ini [2009.09.02 02:55:17 | 000,000,011 | ---- | C] () -- C:\Windows\schreib1.ini [2009.09.02 02:52:36 | 000,000,011 | ---- | C] () -- C:\Windows\LESEN1.INI [2009.09.02 02:47:01 | 000,000,135 | ---- | C] () -- C:\Windows\asym.ini [2009.09.02 00:34:38 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.06.04 18:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.03.08 19:03:28 | 000,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL [2009.03.08 19:03:28 | 000,013,951 | ---- | C] () -- C:\Windows\System32\Photoshop Elements.ini [2009.03.08 19:03:28 | 000,010,361 | ---- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini [2009.03.08 19:03:28 | 000,007,633 | ---- | C] () -- C:\Windows\System32\Vista.ini [2009.03.08 19:03:28 | 000,007,341 | ---- | C] () -- C:\Windows\System32\XP_2000.ini [2009.03.08 19:03:28 | 000,006,435 | ---- | C] () -- C:\Windows\aiptbl.ini [2009.03.08 19:03:28 | 000,000,574 | ---- | C] () -- C:\Windows\System32\MKProfile.ini [2008.08.29 01:45:07 | 001,882,112 | ---- | C] () -- C:\Windows\System32\statfi.dll [2008.08.12 13:29:00 | 000,000,133 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini [2008.07.28 13:35:50 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.06.26 22:15:07 | 000,000,024 | ---- | C] () -- C:\Windows\Medi8or.ini [2008.06.23 21:08:35 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll [2008.06.23 21:08:35 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll [2008.06.23 21:08:35 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll [2008.06.23 21:08:35 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll [2008.06.23 21:08:35 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll [2008.06.11 22:55:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.05.09 02:49:12 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2008.05.09 02:48:59 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.05.08 17:54:50 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.04.12 06:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.04.12 06:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.03.28 18:41:32 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.03.26 00:32:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.25 21:59:55 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.03.25 21:59:49 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.03.25 21:59:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.03.25 15:21:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.25 15:20:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2008.01.21 03:24:13 | 001,868,944 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004.09.16 21:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll [2003.03.24 05:03:00 | 000,279,552 | ---- | C] () -- C:\Windows\System32\FGWVB32.DLL [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:4C910840893E1766 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8 < End of report > Extras.Txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.01.2011 21:29:55 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Admini\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,79 Gb Total Space | 76,02 Gb Free Space | 52,87% Space Free | Partition Type: NTFS
Drive D: | 140,29 Gb Total Space | 135,72 Gb Free Space | 96,74% Space Free | Partition Type: NTFS
Drive F: | 698,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MANFRED-ACER-LA | User Name: Admini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{73311C73-F776-43AC-A72F-7158F9D68AF9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12900B2C-1F92-4CE9-AE04-BCA2CBA3937D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{193BF336-ABCE-47E3-8047-874A2FD3FCE1}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{1A4BA2F7-D67D-41DB-9DE5-4D4843CA223C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{3B354A10-D392-4DC5-BEAB-76057DD95CE2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{532B22F4-E2AE-4BE5-AEDF-0E298890F715}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{5EAC58ED-2D78-4B98-A126-2530EA9FFEBC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{64319142-A520-4177-BF35-9307B8D50165}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{68FFE427-941F-40BB-86F4-C8F342D35717}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{775984C0-041C-4331-85F5-BC5C583E1D3A}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{7D1671BF-6AE1-4C6B-865F-0C860ED7CD20}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{899583DE-CF2F-4D7F-96CB-0613433B0991}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{92C1B1EF-7372-4178-A600-C99EEC7E82A0}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{94C66258-B755-416F-BE57-04351B32B719}" = protocol=17 | dir=in | app=c:\program files\12voip.com\12voip\12voip.exe |
"{97857CAD-4278-4D3C-915A-26A6F0B537A4}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{A435E7EF-5AC3-40B1-976A-6261827828C6}" = protocol=6 | dir=in | app=c:\program files\12voip.com\12voip\12voip.exe |
"{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D435E31D-7F1F-4DBD-A476-8AABFF2C5D26}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{D5975B15-BFEE-4C1F-92DC-78488A84B7D0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{F5314740-E6A3-4A06-8F9F-52840F451AF4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{F595A901-C9CC-4E2D-B450-8F52C6B86A83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0463798B-0444-4803-AC1B-AB1904CA4F76}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{328EDD0A-25E8-46A8-894D-2CB731DAEA1D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4FB72DCF-EBE9-4EBC-B057-3362466614E8}F:\setup.exe" = protocol=6 | dir=in | app=f:\setup.exe |
"UDP Query User{A0A1A4D4-2597-412D-91FE-4D8CF081DEE9}F:\setup.exe" = protocol=17 | dir=in | app=f:\setup.exe |
"UDP Query User{E041BA00-7ADA-4679-884E-ADF2222BA34A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{ECE4EC12-BAC4-41A9-87C1-955AB237F74D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03F39988-365B-3491-2DE8-47D2F40B658C}" = Catalyst Control Center Localization Dutch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A0F6AD-9AF4-4162-8CB9-6776F43A4307}" = Formatwandler
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D38396A-26FD-4106-A149-99CE891AA6CA}" = aTube Catcher 1.0
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{11F14F73-5F6E-4E99-BDBD-F17CF68B4B04}" = FormatFactory
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1962A938-85FA-AEC7-A533-5D78D976621D}" = Catalyst Control Center Localization Danish
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1D54B4A2-9CF9-BEC1-BF40-FB67B64FBD37}" = Catalyst Control Center Localization Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2077FEAB-E2DE-A9C9-52EA-D059F78507A7}" = Catalyst Control Center Localization Turkish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232A093A-208F-5A12-1B55-199C0126D140}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A13103F-809F-4A5F-D5D5-0462B463CE26}" = Catalyst Control Center Localization German
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{30161931-E14F-42B5-BFC0-1AB5ADE4459B}" = muvee autoProducer 5.0
"{31F4E894-2B51-890F-3A04-89AA16C1B667}" = Catalyst Control Center Localization Russian
"{354A4677-23FE-454C-B70D-E8F2AB4A8AF2}" = Administative Templates for Windows Vista (.admx)
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{363D1E82-40C5-C298-4C73-BD72E58168B4}" = Catalyst Control Center Localization Greek
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4097D40F-FB75-869F-18A0-637635A5FAA0}" = Catalyst Control Center Localization Chinese Traditional
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{432B7B0E-D471-1A8A-B43D-99C52D0DF092}" = Catalyst Control Center Localization Norwegian
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{459F8ABE-28DB-4F9E-9F96-3149C332FA83}" = Lernwerkstatt 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{506C49D5-1A41-FEBF-8A0B-F4481C73F1DD}" = Catalyst Control Center Localization Swedish
"{5106480F-2039-420F-B315-213472966ED6}" = Samsung PC Studio 3
"{5313CFF7-E762-4752-BEC0-1E2CB2C685E4}" = uMedia uTV
"{544EC169-1787-4F95-B216-468F4C3E578D}" = Lernwerkstatt Sek I
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{584BFB71-3D12-8720-F222-7739726C3E7C}" = Catalyst Control Center Core Implementation
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5D5D742B-171C-2C00-810F-3DD837FDE520}" = Catalyst Control Center Localization Hungarian
"{61232CEF-6A36-A4F2-4242-605518175098}" = Catalyst Control Center Localization Finnish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E87F7DD-C1C8-44B2-8D54-BEB6FE26394F}" = Vista Services Optimizer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77B74177-25E3-6801-D4F6-514E0926F3B8}" = Catalyst Control Center Localization Chinese Standard
"{77BDD5AF-E4AC-E3F7-449C-5F5621A84A73}" = Catalyst Control Center Localization Italian
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F149393-7D14-B0EF-154F-3B83D57725AA}" = Catalyst Control Center Localization French
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{821D7BFA-918B-EDCE-15A5-6C6BAB0528A1}" = Catalyst Control Center Localization Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF4C172-FC1D-418A-ABDE-A6B30A03D8D8}" = StatFi 2007 GAOTD
"{8B961557-75BB-4336-8167-90267ED34267}" = Media Add-Ons für Acronis True Image 2009
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90300407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{93099B48-E36A-46C9-A03F-C85201D9B1C1}" = Foxit PDF IFilter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D22C3E-5C19-4633-BD0A-493FC94C5051}" = Schreiblabor 2
"{A0F147B7-115C-A8D8-EFB8-B891D0DB39D1}" = ATI Catalyst Install Manager
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF04BC19-3F00-2F3A-2499-19A998E84B95}" = Catalyst Control Center Localization Japanese
"{B1C2147A-54CE-070A-C844-E69C203A3202}" = ccc-core-static
"{B3251D6A-05E1-252C-64A6-4E6A7FE8F6B4}" = Catalyst Control Center Localization Portuguese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C40AEEAE-DB5D-F537-0A90-A5F75DEE192D}" = Catalyst Control Center Localization Spanish
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C9E9625A-47B5-4DED-A851-B394B51279FA}" = MatchWare OpenMind 2.0 Home
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CDBE2FB7-5098-0277-2AE9-145ECE3C0773}" = Catalyst Control Center Localization Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D299837D-74C1-41A9-8783-966610A9BED7}" = Preispiraten
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DA472378-2901-09E2-E9B9-019342B8CCD0}" = ccc-utility
"{DDC2B636-4F9F-4241-9B15-4DF12C97CF4A}" = Studio 11
"{DEAFFA41-FCE8-EBA5-3918-55F9672F75F8}" = Catalyst Control Center Localization Polish
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC7C8D7C-3360-4D34-B7AF-59C6A5EAEB54}" = Vista UsbCam_Vid_AF
"{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Ani...Paint Standard_is1" = Ani...Paint 3.1.3 Standard
"Any Video Converter_is1" = Any Video Converter 3.1.7
"AnyDVD" = AnyDVD
"Arbeitsblatt Profi" = Arbeitsblatt Profi
"Ashampoo Burning Studio 7_is1" = Ashampoo Burning Studio 7.21
"Ashampoo Photo Commander 5_is1" = Ashampoo Photo Commander 5.40
"Ask Toolbar_is1" = Foxit Toolbar
"avast5" = avast! Free Antivirus
"BitZipper_is1" = BitZipper 2010
"Budenberg_is1" = Budenberg Software Mehrplatz 5/09 WIN
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5
"CloneDVD2" = CloneDVD2
"Defraggler" = Defraggler
"easy Whiteboard" = easy Whiteboard
"ELFE" = ELFE 1-6
"FormatFactory" = FormatFactory 2.45
"FotoSketcher_is1" = FotoSketcher - Version 1.6
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Updater" = Google Updater
"InstallShield_{544EC169-1787-4F95-B216-468F4C3E578D}" = Lernwerkstatt Sek I
"InstallShield_{95D22C3E-5C19-4633-BD0A-493FC94C5051}" = Schreiblabor 2
"Internet-Radio Player_is1" = Internet-Radio Player Version 2.01.4
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.4
"Klex11" = Tintenklex11
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatchWare Mediator 7 Pro Installation" = MatchWare Mediator 7 Pro Installation
"Mediator 7 Pro Service Pack 5.0" = Mediator 7 Pro Service Pack 5.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MindManager 2002" = MindManager 2002
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Nero PhotoShow Express 5" = Nero PhotoShow Express 5
"NewImage SuperCAM" = Uninstall NewImage SuperCAM
"NEWZIP version 1.6B1" = NEWZIP version 1.6B1
"Photo Commander Plugin Installation" = Photo Commander Plugin Installation
"PhotoFiltre" = PhotoFiltre
"Picasa 3" = Picasa 3
"Pointofix_is1" = Pointofix
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007
"Rmtablet" = Pen Pad Driver with Macro Key Manager
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Smoothboard" = Smoothboard
"Smoothboard 1.0" = Smoothboard 1.0
"StatFi 2007 GAOTD" = StatFi 2007 GAOTD
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wondershare Flash Slideshow Builder Giveaway Edition_is1" = Wondershare Flash Slideshow Builder Giveaway Edition (4.6.0)
"Wondershare Photo Story Gold Giveaway Edition_is1" = Wondershare Photo Story Gold Giveaway Edition version 3.0.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zarb" = Zarb 4.1
"Zattoo4" = Zattoo4 4.0.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.12.2010 19:24:53 | Computer Name = Manfred-acer-la | Source = EventSystem | ID = 4621
Description =
Error - 17.12.2010 00:25:29 | Computer Name = Manfred-acer-la | Source = WinMgmt | ID = 10
Description =
Error - 17.12.2010 01:27:55 | Computer Name = Manfred-acer-la | Source = EventSystem | ID = 4621
Description =
Error - 17.12.2010 13:08:34 | Computer Name = Manfred-acer-la | Source = WinMgmt | ID = 10
Description =
Error - 17.12.2010 15:25:01 | Computer Name = Manfred-acer-la | Source = EventSystem | ID = 4621
Description =
Error - 17.12.2010 18:07:40 | Computer Name = Manfred-acer-la | Source = WinMgmt | ID = 10
Description =
Error - 18.12.2010 19:56:43 | Computer Name = Manfred-acer-la | Source = WinMgmt | ID = 10
Description =
Error - 18.12.2010 20:35:52 | Computer Name = Manfred-acer-la | Source = WinMgmt | ID = 10
Description =
Error - 18.12.2010 21:38:43 | Computer Name = Manfred-acer-la | Source = EventSystem | ID = 4621
Description =
Error - 19.12.2010 09:29:56 | Computer Name = Manfred-acer-la | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 23.06.2008 14:00:21 | Computer Name = Manfred-acer-la | Source = ehRecvr | ID = 4
Description =
Error - 23.06.2008 16:14:10 | Computer Name = Manfred-acer-la | Source = ehRecvr | ID = 4
Description =
[ System Events ]
Error - 03.01.2011 15:39:39 | Computer Name = Manfred-acer-la | Source = Service Control Manager | ID = 7001
Description =
Error - 03.01.2011 15:39:39 | Computer Name = Manfred-acer-la | Source = Service Control Manager | ID = 7026
Description =
Error - 03.01.2011 15:39:39 | Computer Name = Manfred-acer-la | Source = Service Control Manager | ID = 7001
Description =
Error - 03.01.2011 15:39:39 | Computer Name = Manfred-acer-la | Source = Service Control Manager | ID = 7001
Description =
Error - 03.01.2011 15:39:39 | Computer Name = Manfred-acer-la | Source = Service Control Manager | ID = 7001
Description =
Error - 03.01.2011 15:39:39 | Computer Name = Manfred-acer-la | Source = Service Control Manager | ID = 7001
Description =
Error - 03.01.2011 15:43:15 | Computer Name = Manfred-acer-la | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 03.01.2011 15:43:28 | Computer Name = Manfred-acer-la | Source = Service Control Manager | ID = 7000
Description =
Error - 03.01.2011 15:43:30 | Computer Name = Manfred-acer-la | Source = Service Control Manager | ID = 7026
Description =
Error - 03.01.2011 15:46:02 | Computer Name = Manfred-acer-la | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
001DE0AB4199 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
[ TuneUp Events ]
Error - 18.12.2010 20:16:38 | Computer Name = Manfred-acer-la | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-19 01:16:38', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','2012',0)
Error - 18.12.2010 20:18:53 | Computer Name = Manfred-acer-la | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-19 01:18:53', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5036',0)
Error - 18.12.2010 20:36:13 | Computer Name = Manfred-acer-la | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-19 01:36:13', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','4896',0)
Error - 19.12.2010 09:41:56 | Computer Name = Manfred-acer-la | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-19 14:41:56', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','4012',0)
< End of report >
Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5449 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 04.01.2011 00:04:50 mbam-log-2011-01-04 (00-04-50).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 421998 Time elapsed: 2 hour(s), 1 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Ist es nötig und wenn ja möglich da was zu machen??? Im Voraus vielen Dank und Grüße |
|
04.01.2011, 14:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
04.01.2011, 16:47
| #3 |
| | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Hi Arne,
__________________es sind leider keine weiteren Logdateien gespeichert. Gruß Jonas |
|
04.01.2011, 19:21
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
@Alternate Data Stream - 24 bytes -> C:\Windows:4C910840893E1766
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.01.2011, 08:08
| #5 |
| | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Alles klar, werde nach der Arbeit deine Anweisungen befolgen. hab auf dem anderen Benutzerkonto noch andere Malwarebytes Logdateien gefunden. die poste ich jetzt schon mal, alles andere kommt später. Gruß Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5351 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 19.12.2010 01:34:15 mbam-log-2010-12-19 (01-34-15).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 162387 Laufzeit: 3 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5351 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 19.12.2010 14:45:51 mbam-log-2010-12-19 (14-45-51).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 162150 Laufzeit: 3 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
05.01.2011, 17:04
| #6 |
| | win32.AutoRun.tmp trojaner lässt sich nicht entfernen All processes killed ========== OTL ========== HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\#| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\&| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\?| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\+| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\=| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\MenuText| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\#| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\&| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\?| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\+| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\=| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\MenuText| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\#| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\&| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\?| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\+| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\=| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\MenuText| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\#| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\&| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\?| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\+| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\=| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\MenuText| /E : value set successfully! ADS C:\Windows:4C910840893E1766 deleted successfully. ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Admini ->Temp folder emptied: 448285 bytes ->Temporary Internet Files folder emptied: 67034 bytes ->FireFox cache emptied: 69490173 bytes ->Flash cache emptied: 1276 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 83 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Manfred ->Temp folder emptied: 203012713 bytes ->Temporary Internet Files folder emptied: 81367535 bytes ->Java cache emptied: 43148942 bytes ->FireFox cache emptied: 112160007 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 15074 bytes User: Public User: sterne ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 3775626 bytes ->Flash cache emptied: 563 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 72 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17072 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 490,00 mb OTL by OldTimer - Version 3.2.20.1 log created on 01052011_165836 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
05.01.2011, 19:23
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2011, 21:35
| #8 |
| | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Hi Arne, hab combofix durchlaufen lassen. Spybot meldet keine Funde mehr. Hier die combofix logfile: Combofix Logfile: Code:
ATTFilter ComboFix 11-01-05.05 - Admini 06.01.2011 13:40:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1467 [GMT 1:00]
ausgeführt von:: c:\users\Admini\Downloads\cofi.exe.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Manfred\AppData\Roaming\.#
D:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-06 bis 2011-01-06 ))))))))))))))))))))))))))))))
.
2011-01-06 12:22 . 2011-01-06 12:22 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2011-01-06 12:22 . 2011-01-06 12:22 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2011-01-06 12:22 . 2009-11-16 11:25 17224 ----a-w- c:\windows\system32\authuitu.dll
2011-01-06 12:22 . 2009-11-16 11:25 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2011-01-05 15:58 . 2011-01-05 15:58 -------- d-----w- C:\_OTL
2011-01-03 20:28 . 2011-01-03 20:29 602112 ----a-w- c:\program files\OTL.exe
2011-01-03 19:43 . 2011-01-03 19:43 -------- d-----w- c:\users\Admini
2011-01-01 18:57 . 2011-01-01 18:57 -------- d-----w- c:\users\Manfred\AppData\Roaming\Apple Computer
2010-12-20 11:33 . 2010-12-20 11:33 -------- d-----w- c:\users\Manfred\AppData\Roaming\FavMan20
2010-12-19 00:16 . 2010-12-19 00:16 -------- d-----w- c:\users\Manfred\AppData\Roaming\Malwarebytes
2010-12-19 00:16 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 00:16 . 2010-12-19 00:16 -------- d-----w- c:\programdata\Malwarebytes
2010-12-19 00:16 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 00:16 . 2011-01-03 20:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-12 18:51 . 2010-12-12 18:51 -------- d-----w- c:\program files\7-Zip
2010-12-12 18:43 . 2000-04-30 10:00 22528 ----a-w- c:\windows\zipsfx.bin
2010-12-12 18:43 . 2000-03-29 21:00 130560 ----a-w- c:\windows\Zipdll.dll
2010-12-12 18:42 . 2000-03-29 21:00 115712 ----a-w- c:\windows\Unzdll.dll
2010-12-12 18:42 . 2010-12-12 18:43 -------- d-----w- c:\program files\NEWZIP
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2005-12-21 73728]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-03 4378000]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-03 962480]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-03 165144]
"MacrokeyManager"="WTMKM.exe" [2007-06-25 1969824]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
c:\users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-4-16 4685824]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckMedi8or]
2002-09-05 14:25 36864 ----a-w- c:\program files\Mediator 7 Pro\CheckNewUser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
2007-03-21 12:41 145496 ----a-w- c:\program files\Pinnacle\Studio 11\LaunchList2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
2008-02-12 15:09 353544 ----a-w- c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-01-22 09:14 200704 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-11 22:19 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 136176]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [2008-12-17 55424]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
R3 CTXUSBTV;USB Hybrid Video Capture (DVB-T/PAL);c:\windows\system32\drivers\ctxusbtv.sys [2005-04-17 85248]
R3 OM2800;NewImage SuperCam;c:\windows\system32\Drivers\ovtcam2.sys [2007-03-21 598379]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [2008-12-17 4352]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-02 691696]
S0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\DRIVERS\tdrpm140.sys [2008-12-23 971168]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2007-08-17 364192]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2011-01-06 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
2010-07-23 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2010-06-18 18:47]
2010-07-22 c:\windows\Tasks\Defraggler Volume D Task.job
- c:\program files\Defraggler\df.exe [2010-06-18 18:47]
2011-01-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-11 13:03]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 21:21]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 21:21]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{9E029088-432F-4EBF-9537-0171A4C37870} - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr
IE: {{E79005A3-0F92-434B-9F7B-51131FC7168F} - Alle Marktplatz-News
FF - ProfilePath - c:\users\Admini\AppData\Roaming\Mozilla\Firefox\Profiles\816d0xr1.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Amazon Startcenter: {144D1513-0819-4538-AD26-D515AF443AE7} - c:\program files\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
FF - Ext: Google Kontextmenü: {3F4D6A2C-841D-403C-8CD8-48E54192DDEB} - c:\program files\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB}
FF - Ext: eBay-Kontextmenü: {4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2} - c:\program files\Mozilla Firefox\extensions\{4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2}
FF - Ext: eBay-Startcenter: {7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} - c:\program files\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}
FF - Ext: Citavi Picker: {8AA36F4F-6DC7-4c06-77AF-5035170634FE} - c:\program files\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: eBay Statusbar Button: {B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD} - c:\program files\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD}
FF - Ext: Preispiraten: {C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C} - c:\program files\Mozilla Firefox\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-NewImage SuperCAM - c:\windows\omniuns.exe USB\Vid_1A3C&Pid_0100
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-06 13:47
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-01-06 13:48:44
ComboFix-quarantined-files.txt 2011-01-06 12:48
Vor Suchlauf: 17 Verzeichnis(se), 80.237.232.128 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 80.576.520.192 Bytes frei
- - End Of File - - 62A4B604F742D7B4E662F6A4DECEB4B0
Vielen Dank schon mal. Gruß, Jonas |
|
06.01.2011, 22:03
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.01.2011, 20:50
| #10 |
| | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Hi Arne, hier die Logfiles von Osam und MBR. Gmer ist zweimal abgestürzt. Gruß OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 20:45:39 on 07.01.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Defraggler Volume C Task.job" - "Piriform Ltd" - C:\Program Files\Defraggler\df.exe "Defraggler Volume D Task.job" - "Piriform Ltd" - C:\Program Files\Defraggler\df.exe "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl "TABLET.CPL" - "WALTOP International Corp." - C:\Windows\system32\TABLET.CPL "Vista Services Optimizer.cpl" - "Smart PC Utilities" - C:\Windows\system32\Vista Services Optimizer.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager (Build 380)" (snapman380) - "Acronis" - C:\Windows\System32\DRIVERS\snman380.sys "Acronis Try&Decide and Restore Points filter (build 140)" (tdrpman140) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm140.sys "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "Bluetooth Audio Service" (BlueletAudio) - ? - C:\Windows\System32\DRIVERS\blueletaudio.sys (File not found) "Bluetooth HID Device Service" (VHidMinidrv) - ? - C:\Windows\System32\drivers\VHIDMini.sys (File not found) "Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\Windows\System32\Drivers\vbtenum.sys (File not found) "Bluetooth HID Manager Service" (BTHidMgr) - ? - C:\Windows\System32\Drivers\BTHidMgr.sys (File not found) "Bluetooth PAN Network Adapter" (BT) - ? - C:\Windows\System32\DRIVERS\btnetdrv.sys (File not found) "Bluetooth SCO Audio Service" (BlueletSCOAudio) - ? - C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys (File not found) "Bluetooth USB For Bluetooth Service" (Btcsrusb) - ? - C:\Windows\System32\Drivers\btcusb.sys (File not found) "Bluetooth VComm Manager Service" (VcommMgr) - ? - C:\Windows\System32\Drivers\VcommMgr.sys (File not found) "catchme" (catchme) - ? - C:\Users\Admini\AppData\Local\Temp\catchme.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "NewImage SuperCam" (OM2800) - "Omnivision Technologies, Inc." - C:\Windows\System32\Drivers\ovtcam2.sys "PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys "PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "USB Serial Converter Driver" (FTDIBUS) - "FTDI Ltd." - C:\Windows\System32\drivers\ftdibus.sys "USB Serial Port Driver" (FTSER2K) - "FTDI Ltd." - C:\Windows\System32\drivers\ftser2k.sys "Virtual Serial port driver" (VComm) - ? - C:\Windows\System32\DRIVERS\VComm.sys (File not found) "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll {FDBA76B3-0FF0-489e-9D51-F336AAD816FA} "BkgndCtxMenuExt Class" - ? - C:\Program Files\Common Files\Simple Star Shared\PhotoShowShellExt.dll {D5906221-A717-479B-9B49-CD848F9CE816} "BZShlExtImpl Class" - "Bitberry Software" - C:\Program Files\BitZipper\BZShlExt.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - (File not found | COM-object registry key not found) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - (File not found | COM-object registry key not found) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Program Files\Pinnacle\Studio 11\programs\BlueShellExt.dll (File found, but it contains no detailed information) {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {3860DD98-0549-4D50-AA72-5D17D200EE10} "Windows Live OneCare safety scanner control" - "Microsoft Corporation" - C:\Program Files\Windows Live Safety Center\wlscCtrl2.dll / hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Amazon Startseite" - ? - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr (HTTP value) "eBay" - ? - Alle Marktplatz-News (HTTP value) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll "Preispiraten" - ? - C:\Program Files\Preispiraten\preispiraten3ie.exe (File found, but it contains no detailed information) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll <binary data> "Foxit Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {84B94901-3645-4D80-A6B7-4D0050B19455} "amazon" - ? - C:\PROGRA~1\PREISP~1\IEBUTT~2.DLL (File found, but it contains no detailed information) {201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {CD9B7762-DFBC-42B1-BB30-02A78287B456} "eBay" - ? - C:\PROGRA~1\PREISP~1\IEBUTT~1.DLL (File found, but it contains no detailed information) {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} "Preispiraten" - ? - C:\PROGRA~1\PREISP~1\IEBUTT~3.DLL (File found, but it contains no detailed information) {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Admini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe (Shortcut exists | File exists) "SETAUDIO.EXE" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE "SETRES.EXE" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" "AcronisTimounterMonitor" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avast5" - "AVAST Software" - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui "eAudio" - "CyberLink" - "C:\Acer\Empowering Technology\eAudio\eAudio.exe" "eDataSecurity Loader" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE "MacrokeyManager" - ? - WTMKM.exe "StartCCC" - ? - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" (File found, but it contains no detailed information) "TrueImageMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe "WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Windows\System32\TuneUpDefragService.exe "@%SystemRoot%\System32\TUProgSt.exe,-1" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\Windows\System32\TUProgSt.exe "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe "Adobe Active File Monitor V7" (AdobeActiveFileMonitor7.0) - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe "ALaunch Service" (ALaunchService) - ? - C:\Acer\ALaunch\ALaunchSvc.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Mail Scanner" (avast! Mail Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Web Scanner" (avast! Web Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe "eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe "eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe "ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe "eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe "eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\Windows\system32\drivers\pclepci.sys "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "WTService" (WTService) - ? - C:\Windows\system32\atwtusb.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\System32\acer.scr (File found, but it contains no detailed information) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Acer, Inc. BIOS Manufacturer: Acer System Manufacturer: Acer, inc. System Product Name: Aspire 5920G Logical Drives Mask: 0x0000002c Kernel Drivers (total 173): 0x8460E000 \SystemRoot\system32\ntkrnlpa.exe 0x849C7000 \SystemRoot\system32\hal.dll 0x80603000 \SystemRoot\system32\kdcom.dll 0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8067A000 \SystemRoot\system32\PSHED.dll 0x8068B000 \SystemRoot\system32\BOOTVID.dll 0x80693000 \SystemRoot\system32\CLFS.SYS 0x806D4000 \SystemRoot\system32\CI.dll 0x8C80E000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8C88A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8C897000 \SystemRoot\System32\Drivers\spnh.sys 0x8C98A000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8C993000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x8C9B9000 \SystemRoot\system32\drivers\acpi.sys 0x8C800000 \SystemRoot\system32\drivers\msisadrv.sys 0x807B4000 \SystemRoot\system32\drivers\pci.sys 0x807DB000 \SystemRoot\System32\drivers\partmgr.sys 0x8C808000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x807EA000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8CA08000 \SystemRoot\system32\drivers\volmgr.sys 0x8CA17000 \SystemRoot\System32\drivers\volmgrx.sys 0x8CA61000 \SystemRoot\system32\drivers\intelide.sys 0x8CA68000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8CA76000 \SystemRoot\System32\drivers\mountmgr.sys 0x8CA86000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8CB4E000 \SystemRoot\system32\drivers\atapi.sys 0x8CB56000 \SystemRoot\system32\drivers\ataport.SYS 0x8CB74000 \SystemRoot\system32\drivers\fltmgr.sys 0x8CBA6000 \SystemRoot\system32\drivers\fileinfo.sys 0x8CBB6000 \SystemRoot\system32\DRIVERS\psdfilter.sys 0x8CBBF000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8CC0D000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8CC7E000 \SystemRoot\system32\drivers\ndis.sys 0x8CD89000 \SystemRoot\system32\drivers\msrpc.sys 0x8CDB4000 \SystemRoot\system32\drivers\NETIO.SYS 0x8CE0B000 \SystemRoot\System32\drivers\tcpip.sys 0x8CEF5000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8CF10000 \SystemRoot\system32\DRIVERS\timntr.sys 0x8D006000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8D116000 \SystemRoot\system32\drivers\volsnap.sys 0x8D204000 \SystemRoot\system32\DRIVERS\tdrpm140.sys 0x8D2F0000 \SystemRoot\System32\Drivers\spldr.sys 0x8D2F8000 \SystemRoot\system32\DRIVERS\snman380.sys 0x8D318000 \SystemRoot\System32\Drivers\mup.sys 0x8D327000 \SystemRoot\System32\drivers\ecache.sys 0x8D34E000 \SystemRoot\system32\drivers\disk.sys 0x8D35F000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8D380000 \SystemRoot\system32\drivers\crcdisk.sys 0x90ED4000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x90EDF000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x90EE8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x91803000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x91CA7000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x91D48000 \SystemRoot\System32\drivers\watchdog.sys 0x91D54000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x91DE1000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x90EF7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x91DEC000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x91E06000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x9218F000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x9219F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x921AD000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x921C7000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x921D8000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x90F35000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x90F87000 \SystemRoot\system32\DRIVERS\winbondcir.sys 0x921EC000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x90F9C000 \SystemRoot\system32\DRIVERS\DKbFltr.sys 0x90FA6000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x90FB1000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x91E00000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x90FDF000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8D396000 \SystemRoot\System32\Drivers\AnyDVD.sys 0x8D3AF000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x91E02000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys 0x91DFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x90FEA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8D3C7000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8D14F000 \SystemRoot\system32\DRIVERS\storport.sys 0x90FF3000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8D190000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x90E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8D1A7000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8D1CA000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8D1D9000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8CF93000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8D1ED000 \SystemRoot\system32\DRIVERS\termdd.sys 0x91E04000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8CFA8000 \SystemRoot\system32\DRIVERS\ks.sys 0x8CFD2000 \SystemRoot\system32\DRIVERS\circlass.sys 0x8D3F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8CBC8000 \SystemRoot\system32\DRIVERS\MarvinBus.sys 0x8CFE0000 \SystemRoot\system32\DRIVERS\umbus.sys 0x91205000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x9123A000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9124B000 \SystemRoot\system32\drivers\HdAudio.sys 0x9128A000 \SystemRoot\system32\drivers\portcls.sys 0x912B7000 \SystemRoot\system32\drivers\drmk.sys 0x91607000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x912DC000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x9220B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x9230E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x923C3000 \SystemRoot\system32\drivers\modem.sys 0x923D0000 \SystemRoot\system32\DRIVERS\hidir.sys 0x923DB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x923EB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x923F2000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x92200000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x917E2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x917EB000 \SystemRoot\System32\Drivers\Null.SYS 0x917F2000 \SystemRoot\System32\Drivers\Beep.SYS 0x91319000 \SystemRoot\System32\drivers\vga.sys 0x91325000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x91346000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x9134E000 \SystemRoot\system32\drivers\rdpencdd.sys 0x91356000 \SystemRoot\System32\Drivers\Msfs.SYS 0x91361000 \SystemRoot\System32\Drivers\Npfs.SYS 0x9136F000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x91378000 \SystemRoot\system32\DRIVERS\tdx.sys 0x9138E000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x91398000 \SystemRoot\system32\DRIVERS\smb.sys 0x913AC000 \SystemRoot\system32\drivers\afd.sys 0x923FB000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x9260E000 \SystemRoot\System32\DRIVERS\netbt.sys 0x92640000 \SystemRoot\system32\DRIVERS\pacer.sys 0x92656000 \SystemRoot\system32\DRIVERS\netbios.sys 0x92664000 \SystemRoot\System32\Drivers\StarOpen.SYS 0x9266A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9267D000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x926B9000 \SystemRoot\system32\drivers\nsiproxy.sys 0x926C3000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x926C8000 \SystemRoot\System32\Drivers\dfsc.sys 0x926DF000 \SystemRoot\System32\Drivers\aswSP.SYS 0x92C08000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x92DAF000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x92DBC000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x92DC3000 \SystemRoot\System32\Drivers\crashdmp.sys 0x92706000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x92DD0000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xA10B0000 \SystemRoot\System32\win32k.sys 0x92DD9000 \SystemRoot\System32\drivers\Dxapi.sys 0x92DE3000 \SystemRoot\system32\DRIVERS\monitor.sys 0xA12D0000 \SystemRoot\System32\TSDDD.dll 0xA12F0000 \SystemRoot\System32\cdd.dll 0x927CE000 \SystemRoot\system32\drivers\luafv.sys 0x90E0B000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x92DF2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x92DF5000 \SystemRoot\system32\DRIVERS\tifsfilt.sys 0x82004000 \SystemRoot\system32\drivers\spsys.sys 0x820B4000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x820C4000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x820EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x820F8000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8210B000 \SystemRoot\system32\drivers\HTTP.sys 0x82178000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x82195000 \SystemRoot\system32\DRIVERS\bowser.sys 0x821AE000 \SystemRoot\System32\drivers\mpsdrv.sys 0x821C3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x90E42000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x821E2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x90E7B000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA5A0F000 \SystemRoot\System32\DRIVERS\srv.sys 0xA5A75000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA5A8B000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys 0xA5A92000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xA5A96000 \SystemRoot\system32\drivers\peauth.sys 0xA5B74000 \SystemRoot\system32\DRIVERS\PSDNServ.sys 0xA5B7D000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys 0xA5B8F000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA5B99000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA5BA5000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xA5BAD000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl 0x772D0000 \Windows\System32\ntdll.dll Processes (total 84): 0 System Idle Process 4 System 720 C:\Windows\System32\smss.exe 792 csrss.exe 852 C:\Windows\System32\wininit.exe 864 csrss.exe 896 C:\Windows\System32\services.exe 908 C:\Windows\System32\lsass.exe 916 C:\Windows\System32\lsm.exe 1052 C:\Windows\System32\svchost.exe 1124 C:\Windows\System32\svchost.exe 1160 C:\Windows\System32\Ati2evxx.exe 1196 C:\Windows\System32\svchost.exe 1232 C:\Windows\System32\winlogon.exe 1276 C:\Windows\System32\svchost.exe 1288 C:\Windows\System32\svchost.exe 1356 C:\Windows\System32\audiodg.exe 1376 C:\Windows\System32\svchost.exe 1396 C:\Windows\System32\SLsvc.exe 1440 C:\Windows\System32\svchost.exe 1560 C:\Windows\System32\svchost.exe 1676 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1740 C:\Windows\System32\wlanext.exe 1836 C:\Windows\System32\Ati2evxx.exe 1464 C:\Windows\System32\spoolsv.exe 1544 C:\Windows\System32\svchost.exe 2108 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe 2128 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe 2172 C:\Acer\ALaunch\ALaunchSvc.exe 2216 C:\Windows\System32\svchost.exe 2240 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 2256 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 2412 C:\Acer\Empowering Technology\eNet\eNet Service.exe 2456 C:\Program Files\Intel\WiFi\bin\EvtEng.exe 2496 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2600 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2632 C:\Acer\Mobility Center\MobilityService.exe 2756 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 2800 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2848 C:\Windows\System32\svchost.exe 2900 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe 2936 C:\Windows\System32\TUProgSt.exe 2968 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 3004 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 3096 C:\Windows\System32\atwtusb.exe 3516 C:\Windows\System32\dwm.exe 3532 WmiPrvSE.exe 3612 C:\Windows\explorer.exe 3668 C:\Windows\System32\taskeng.exe 3696 C:\Windows\System32\drivers\XAudio.exe 3716 C:\Windows\System32\atwtusb.exe 3732 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 3756 unsecapp.exe 3844 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 4036 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 3600 C:\Program Files\Synaptics\SynTP\SynTPStart.exe 3684 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe 3104 C:\Acer\Empowering Technology\eAudio\eAudio.exe 1812 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3820 C:\Windows\RtHDVCpl.exe 3460 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 1732 WmiPrvSE.exe 2020 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3908 C:\Windows\System32\taskeng.exe 4460 C:\Program Files\Launch Manager\QtZgAcer.EXE 4700 C:\Users\Admini\AppData\Local\temp\RtkBtMnt.exe 4940 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe 4960 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe 4972 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe 4984 C:\Windows\System32\WTMKM.exe 5000 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 5020 C:\Program Files\Windows Sidebar\sidebar.exe 5184 C:\Acer\Empowering Technology\eNet\eNMTray.exe 5192 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe 5200 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe 5208 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe 5512 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3176 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 5336 C:\Program Files\Mozilla Firefox\firefox.exe 3484 taskeng.exe 5236 dllhost.exe 2000 dllhost.exe 5992 C:\Users\Admini\Downloads\MBRCheck.exe 2836 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`af600000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`a2300000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 31171527C24A94682C92F34EB1E387CDC8AD21FC Found non-standard or infected MBR. |
|
07.01.2011, 20:50
| #11 |
| | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Hi Arne, hier die Logfiles von Osam und MBR. Gmer ist zweimal abgestürzt. Gruß OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 20:45:39 on 07.01.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Defraggler Volume C Task.job" - "Piriform Ltd" - C:\Program Files\Defraggler\df.exe "Defraggler Volume D Task.job" - "Piriform Ltd" - C:\Program Files\Defraggler\df.exe "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl "TABLET.CPL" - "WALTOP International Corp." - C:\Windows\system32\TABLET.CPL "Vista Services Optimizer.cpl" - "Smart PC Utilities" - C:\Windows\system32\Vista Services Optimizer.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager (Build 380)" (snapman380) - "Acronis" - C:\Windows\System32\DRIVERS\snman380.sys "Acronis Try&Decide and Restore Points filter (build 140)" (tdrpman140) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm140.sys "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "Bluetooth Audio Service" (BlueletAudio) - ? - C:\Windows\System32\DRIVERS\blueletaudio.sys (File not found) "Bluetooth HID Device Service" (VHidMinidrv) - ? - C:\Windows\System32\drivers\VHIDMini.sys (File not found) "Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\Windows\System32\Drivers\vbtenum.sys (File not found) "Bluetooth HID Manager Service" (BTHidMgr) - ? - C:\Windows\System32\Drivers\BTHidMgr.sys (File not found) "Bluetooth PAN Network Adapter" (BT) - ? - C:\Windows\System32\DRIVERS\btnetdrv.sys (File not found) "Bluetooth SCO Audio Service" (BlueletSCOAudio) - ? - C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys (File not found) "Bluetooth USB For Bluetooth Service" (Btcsrusb) - ? - C:\Windows\System32\Drivers\btcusb.sys (File not found) "Bluetooth VComm Manager Service" (VcommMgr) - ? - C:\Windows\System32\Drivers\VcommMgr.sys (File not found) "catchme" (catchme) - ? - C:\Users\Admini\AppData\Local\Temp\catchme.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "NewImage SuperCam" (OM2800) - "Omnivision Technologies, Inc." - C:\Windows\System32\Drivers\ovtcam2.sys "PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys "PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "USB Serial Converter Driver" (FTDIBUS) - "FTDI Ltd." - C:\Windows\System32\drivers\ftdibus.sys "USB Serial Port Driver" (FTSER2K) - "FTDI Ltd." - C:\Windows\System32\drivers\ftser2k.sys "Virtual Serial port driver" (VComm) - ? - C:\Windows\System32\DRIVERS\VComm.sys (File not found) "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll {FDBA76B3-0FF0-489e-9D51-F336AAD816FA} "BkgndCtxMenuExt Class" - ? - C:\Program Files\Common Files\Simple Star Shared\PhotoShowShellExt.dll {D5906221-A717-479B-9B49-CD848F9CE816} "BZShlExtImpl Class" - "Bitberry Software" - C:\Program Files\BitZipper\BZShlExt.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - (File not found | COM-object registry key not found) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - (File not found | COM-object registry key not found) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Program Files\Pinnacle\Studio 11\programs\BlueShellExt.dll (File found, but it contains no detailed information) {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {3860DD98-0549-4D50-AA72-5D17D200EE10} "Windows Live OneCare safety scanner control" - "Microsoft Corporation" - C:\Program Files\Windows Live Safety Center\wlscCtrl2.dll / hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Amazon Startseite" - ? - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr (HTTP value) "eBay" - ? - Alle Marktplatz-News (HTTP value) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll "Preispiraten" - ? - C:\Program Files\Preispiraten\preispiraten3ie.exe (File found, but it contains no detailed information) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll <binary data> "Foxit Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {84B94901-3645-4D80-A6B7-4D0050B19455} "amazon" - ? - C:\PROGRA~1\PREISP~1\IEBUTT~2.DLL (File found, but it contains no detailed information) {201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {CD9B7762-DFBC-42B1-BB30-02A78287B456} "eBay" - ? - C:\PROGRA~1\PREISP~1\IEBUTT~1.DLL (File found, but it contains no detailed information) {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} "Preispiraten" - ? - C:\PROGRA~1\PREISP~1\IEBUTT~3.DLL (File found, but it contains no detailed information) {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Admini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe (Shortcut exists | File exists) "SETAUDIO.EXE" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE "SETRES.EXE" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" "AcronisTimounterMonitor" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avast5" - "AVAST Software" - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui "eAudio" - "CyberLink" - "C:\Acer\Empowering Technology\eAudio\eAudio.exe" "eDataSecurity Loader" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE "MacrokeyManager" - ? - WTMKM.exe "StartCCC" - ? - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" (File found, but it contains no detailed information) "TrueImageMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe "WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Windows\System32\TuneUpDefragService.exe "@%SystemRoot%\System32\TUProgSt.exe,-1" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\Windows\System32\TUProgSt.exe "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe "Adobe Active File Monitor V7" (AdobeActiveFileMonitor7.0) - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe "ALaunch Service" (ALaunchService) - ? - C:\Acer\ALaunch\ALaunchSvc.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Mail Scanner" (avast! Mail Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Web Scanner" (avast! Web Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe "eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe "eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe "ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe "eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe "eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\Windows\system32\drivers\pclepci.sys "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "WTService" (WTService) - ? - C:\Windows\system32\atwtusb.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\System32\acer.scr (File found, but it contains no detailed information) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Acer, Inc. BIOS Manufacturer: Acer System Manufacturer: Acer, inc. System Product Name: Aspire 5920G Logical Drives Mask: 0x0000002c Kernel Drivers (total 173): 0x8460E000 \SystemRoot\system32\ntkrnlpa.exe 0x849C7000 \SystemRoot\system32\hal.dll 0x80603000 \SystemRoot\system32\kdcom.dll 0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8067A000 \SystemRoot\system32\PSHED.dll 0x8068B000 \SystemRoot\system32\BOOTVID.dll 0x80693000 \SystemRoot\system32\CLFS.SYS 0x806D4000 \SystemRoot\system32\CI.dll 0x8C80E000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8C88A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8C897000 \SystemRoot\System32\Drivers\spnh.sys 0x8C98A000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8C993000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x8C9B9000 \SystemRoot\system32\drivers\acpi.sys 0x8C800000 \SystemRoot\system32\drivers\msisadrv.sys 0x807B4000 \SystemRoot\system32\drivers\pci.sys 0x807DB000 \SystemRoot\System32\drivers\partmgr.sys 0x8C808000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x807EA000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8CA08000 \SystemRoot\system32\drivers\volmgr.sys 0x8CA17000 \SystemRoot\System32\drivers\volmgrx.sys 0x8CA61000 \SystemRoot\system32\drivers\intelide.sys 0x8CA68000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8CA76000 \SystemRoot\System32\drivers\mountmgr.sys 0x8CA86000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8CB4E000 \SystemRoot\system32\drivers\atapi.sys 0x8CB56000 \SystemRoot\system32\drivers\ataport.SYS 0x8CB74000 \SystemRoot\system32\drivers\fltmgr.sys 0x8CBA6000 \SystemRoot\system32\drivers\fileinfo.sys 0x8CBB6000 \SystemRoot\system32\DRIVERS\psdfilter.sys 0x8CBBF000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8CC0D000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8CC7E000 \SystemRoot\system32\drivers\ndis.sys 0x8CD89000 \SystemRoot\system32\drivers\msrpc.sys 0x8CDB4000 \SystemRoot\system32\drivers\NETIO.SYS 0x8CE0B000 \SystemRoot\System32\drivers\tcpip.sys 0x8CEF5000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8CF10000 \SystemRoot\system32\DRIVERS\timntr.sys 0x8D006000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8D116000 \SystemRoot\system32\drivers\volsnap.sys 0x8D204000 \SystemRoot\system32\DRIVERS\tdrpm140.sys 0x8D2F0000 \SystemRoot\System32\Drivers\spldr.sys 0x8D2F8000 \SystemRoot\system32\DRIVERS\snman380.sys 0x8D318000 \SystemRoot\System32\Drivers\mup.sys 0x8D327000 \SystemRoot\System32\drivers\ecache.sys 0x8D34E000 \SystemRoot\system32\drivers\disk.sys 0x8D35F000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8D380000 \SystemRoot\system32\drivers\crcdisk.sys 0x90ED4000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x90EDF000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x90EE8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x91803000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x91CA7000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x91D48000 \SystemRoot\System32\drivers\watchdog.sys 0x91D54000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x91DE1000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x90EF7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x91DEC000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x91E06000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x9218F000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x9219F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x921AD000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x921C7000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x921D8000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x90F35000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x90F87000 \SystemRoot\system32\DRIVERS\winbondcir.sys 0x921EC000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x90F9C000 \SystemRoot\system32\DRIVERS\DKbFltr.sys 0x90FA6000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x90FB1000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x91E00000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x90FDF000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8D396000 \SystemRoot\System32\Drivers\AnyDVD.sys 0x8D3AF000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x91E02000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys 0x91DFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x90FEA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8D3C7000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8D14F000 \SystemRoot\system32\DRIVERS\storport.sys 0x90FF3000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8D190000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x90E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8D1A7000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8D1CA000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8D1D9000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8CF93000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8D1ED000 \SystemRoot\system32\DRIVERS\termdd.sys 0x91E04000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8CFA8000 \SystemRoot\system32\DRIVERS\ks.sys 0x8CFD2000 \SystemRoot\system32\DRIVERS\circlass.sys 0x8D3F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8CBC8000 \SystemRoot\system32\DRIVERS\MarvinBus.sys 0x8CFE0000 \SystemRoot\system32\DRIVERS\umbus.sys 0x91205000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x9123A000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9124B000 \SystemRoot\system32\drivers\HdAudio.sys 0x9128A000 \SystemRoot\system32\drivers\portcls.sys 0x912B7000 \SystemRoot\system32\drivers\drmk.sys 0x91607000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x912DC000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x9220B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x9230E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x923C3000 \SystemRoot\system32\drivers\modem.sys 0x923D0000 \SystemRoot\system32\DRIVERS\hidir.sys 0x923DB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x923EB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x923F2000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x92200000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x917E2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x917EB000 \SystemRoot\System32\Drivers\Null.SYS 0x917F2000 \SystemRoot\System32\Drivers\Beep.SYS 0x91319000 \SystemRoot\System32\drivers\vga.sys 0x91325000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x91346000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x9134E000 \SystemRoot\system32\drivers\rdpencdd.sys 0x91356000 \SystemRoot\System32\Drivers\Msfs.SYS 0x91361000 \SystemRoot\System32\Drivers\Npfs.SYS 0x9136F000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x91378000 \SystemRoot\system32\DRIVERS\tdx.sys 0x9138E000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x91398000 \SystemRoot\system32\DRIVERS\smb.sys 0x913AC000 \SystemRoot\system32\drivers\afd.sys 0x923FB000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x9260E000 \SystemRoot\System32\DRIVERS\netbt.sys 0x92640000 \SystemRoot\system32\DRIVERS\pacer.sys 0x92656000 \SystemRoot\system32\DRIVERS\netbios.sys 0x92664000 \SystemRoot\System32\Drivers\StarOpen.SYS 0x9266A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9267D000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x926B9000 \SystemRoot\system32\drivers\nsiproxy.sys 0x926C3000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x926C8000 \SystemRoot\System32\Drivers\dfsc.sys 0x926DF000 \SystemRoot\System32\Drivers\aswSP.SYS 0x92C08000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x92DAF000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x92DBC000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x92DC3000 \SystemRoot\System32\Drivers\crashdmp.sys 0x92706000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x92DD0000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xA10B0000 \SystemRoot\System32\win32k.sys 0x92DD9000 \SystemRoot\System32\drivers\Dxapi.sys 0x92DE3000 \SystemRoot\system32\DRIVERS\monitor.sys 0xA12D0000 \SystemRoot\System32\TSDDD.dll 0xA12F0000 \SystemRoot\System32\cdd.dll 0x927CE000 \SystemRoot\system32\drivers\luafv.sys 0x90E0B000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x92DF2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x92DF5000 \SystemRoot\system32\DRIVERS\tifsfilt.sys 0x82004000 \SystemRoot\system32\drivers\spsys.sys 0x820B4000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x820C4000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x820EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x820F8000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8210B000 \SystemRoot\system32\drivers\HTTP.sys 0x82178000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x82195000 \SystemRoot\system32\DRIVERS\bowser.sys 0x821AE000 \SystemRoot\System32\drivers\mpsdrv.sys 0x821C3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x90E42000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x821E2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x90E7B000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA5A0F000 \SystemRoot\System32\DRIVERS\srv.sys 0xA5A75000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA5A8B000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys 0xA5A92000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xA5A96000 \SystemRoot\system32\drivers\peauth.sys 0xA5B74000 \SystemRoot\system32\DRIVERS\PSDNServ.sys 0xA5B7D000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys 0xA5B8F000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA5B99000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA5BA5000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xA5BAD000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl 0x772D0000 \Windows\System32\ntdll.dll Processes (total 84): 0 System Idle Process 4 System 720 C:\Windows\System32\smss.exe 792 csrss.exe 852 C:\Windows\System32\wininit.exe 864 csrss.exe 896 C:\Windows\System32\services.exe 908 C:\Windows\System32\lsass.exe 916 C:\Windows\System32\lsm.exe 1052 C:\Windows\System32\svchost.exe 1124 C:\Windows\System32\svchost.exe 1160 C:\Windows\System32\Ati2evxx.exe 1196 C:\Windows\System32\svchost.exe 1232 C:\Windows\System32\winlogon.exe 1276 C:\Windows\System32\svchost.exe 1288 C:\Windows\System32\svchost.exe 1356 C:\Windows\System32\audiodg.exe 1376 C:\Windows\System32\svchost.exe 1396 C:\Windows\System32\SLsvc.exe 1440 C:\Windows\System32\svchost.exe 1560 C:\Windows\System32\svchost.exe 1676 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1740 C:\Windows\System32\wlanext.exe 1836 C:\Windows\System32\Ati2evxx.exe 1464 C:\Windows\System32\spoolsv.exe 1544 C:\Windows\System32\svchost.exe 2108 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe 2128 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe 2172 C:\Acer\ALaunch\ALaunchSvc.exe 2216 C:\Windows\System32\svchost.exe 2240 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 2256 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 2412 C:\Acer\Empowering Technology\eNet\eNet Service.exe 2456 C:\Program Files\Intel\WiFi\bin\EvtEng.exe 2496 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2600 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2632 C:\Acer\Mobility Center\MobilityService.exe 2756 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 2800 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2848 C:\Windows\System32\svchost.exe 2900 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe 2936 C:\Windows\System32\TUProgSt.exe 2968 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 3004 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 3096 C:\Windows\System32\atwtusb.exe 3516 C:\Windows\System32\dwm.exe 3532 WmiPrvSE.exe 3612 C:\Windows\explorer.exe 3668 C:\Windows\System32\taskeng.exe 3696 C:\Windows\System32\drivers\XAudio.exe 3716 C:\Windows\System32\atwtusb.exe 3732 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 3756 unsecapp.exe 3844 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 4036 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 3600 C:\Program Files\Synaptics\SynTP\SynTPStart.exe 3684 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe 3104 C:\Acer\Empowering Technology\eAudio\eAudio.exe 1812 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3820 C:\Windows\RtHDVCpl.exe 3460 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 1732 WmiPrvSE.exe 2020 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3908 C:\Windows\System32\taskeng.exe 4460 C:\Program Files\Launch Manager\QtZgAcer.EXE 4700 C:\Users\Admini\AppData\Local\temp\RtkBtMnt.exe 4940 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe 4960 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe 4972 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe 4984 C:\Windows\System32\WTMKM.exe 5000 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 5020 C:\Program Files\Windows Sidebar\sidebar.exe 5184 C:\Acer\Empowering Technology\eNet\eNMTray.exe 5192 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe 5200 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe 5208 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe 5512 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3176 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 5336 C:\Program Files\Mozilla Firefox\firefox.exe 3484 taskeng.exe 5236 dllhost.exe 2000 dllhost.exe 5992 C:\Users\Admini\Downloads\MBRCheck.exe 2836 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`af600000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`a2300000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 31171527C24A94682C92F34EB1E387CDC8AD21FC Found non-standard or infected MBR. |
|
07.01.2011, 21:10
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win32.AutoRun.tmp trojaner lässt sich nicht entfernenZitat:
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.01.2011, 11:10
| #13 |
| | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Hi. Ich habe kein anderes Betriebssystem installiert. Die gebrannte cd hat nicht funktioniert, da, laut Fehlermeldung, ein Hardwareproblem (?) bestehe, oder eine usb-stick etc. angeschlossen sei (nein). Ich bin also gar nicht erst ins Reperaturmenü reingekommen. Mein Fehler oder Computerfehler? Gruß |
|
08.01.2011, 19:46
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Du konntest von der CD aber booten? Ab wenn wurde da ein Fehler mit dem Hardwareproblem angezeigt? Du hast auch keine eigene Installations-DVD für Vista?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.01.2011, 17:30
| #15 |
| | win32.AutoRun.tmp trojaner lässt sich nicht entfernen Nach dem Laden der Windowsdateien wurde mir der Fehler angezeigt. Ich konnte nicht ins Hauptmenü gehen nur einen Systemcheck durchführen. Habe leider keine Installations-DVD. Gruß |
|
| Themen zu win32.AutoRun.tmp trojaner lässt sich nicht entfernen |
| 0x00000001, alternate, antivirus, any video converter, askbar, avast!, bho, converter, corp./icp, desktop, device driver, entfernen, error, excel, firefox, flash player, frage, google, google earth, helper, home, home premium, iastor.sys, install.exe, launch, location, logfile, lässt sich nicht entfernen, malware, media center, microsoft office word, mozilla, mp3, nicht sicher, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, opera.exe, picasa, plug-in, popup, problem, programdata, realtek, registry, safer networking, saver, scan, searchplugins, security update, shell32.dll, skype.exe, software, sptd.sys, start menu, studio, total commander, trojaner, video converter, vista, vlc media player |
Linear-Darstellung
