Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   nach Trojanerbefall alle Dateien verschwunden, Screnn schwarz, Fehlermeldungen (https://www.trojaner-board.de/98524-trojanerbefall-alle-dateien-verschwunden-screnn-schwarz-fehlermeldungen.html)

Mia29 30.04.2011 14:33
nach Trojanerbefall alle Dateien verschwunden, Screnn schwarz, Fehlermeldungen
 
hallo,
ich habe seit mittwoch plötzlich diverse trojaner auf dem pc gehabt und alle soweit hoffentlich entfernt. jetzt ist noch der bildschirmhintergrund komplett schwarz, komme nicht an meine dateien/festplatten ran und habe noch fehlermeldungen wie z.b. Acer ePower Management Compile MOF Application wurde beendet und geschlossen.

hier ein eventlog von stopzilla

Block/Extraction Registry enforcer 2011-04-28 18:01:41 Extracting registry value HKUS\S-1-5-21-2051833895-3156580812-787731633-1000\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown\settings
Block/Extraction Pop-up blocker 2011-04-28 18:01:40 Extracted package Search Hijacker.G
Block/Extraction Pop-up blocker 2011-04-28 18:01:39 Extracted package ExecVariant.C
Block/Extraction Pop-up blocker 2011-04-28 18:01:39 Extracted package Windows Recovery
Block/Extraction Pop-up blocker 2011-04-28 18:01:39 Extracted package TrojanSpy.Agent!j9TXDCHrPco
Block/Extraction Pop-up blocker 2011-04-28 18:01:37 Extracted package Trojan.Refroso!u8OX6NYhvTM
Block/Extraction Pop-up blocker 2011-04-28 18:01:36 Extracted package Trojan.Agent!ZaeUgdSvHIo
Block/Extraction Pop-up blocker 2011-04-28 18:01:34 Extracted package Trojan.Agent!Wmo9dXolyEY
Block/Extraction Pop-up blocker 2011-04-28 18:01:33 Extracted package Trojan.Agent!LG0l2+GRahw
Block/Extraction Pop-up blocker 2011-04-28 18:01:31 Extracted package Trojan.Agent!7d8IKGncqoo
Block/Extraction Pop-up blocker 2011-04-28 18:01:30 Extracted package Trojan.Agent!5hJzddwc1vM
Block/Extraction Pop-up blocker 2011-04-28 18:01:28 Extracted package Trojan.Agent!4QAeSRRk9EI
Block/Extraction Pop-up blocker 2011-04-28 18:01:27 Extracted package Packed/RLPack

hier die bereits erstellten logfile

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6477

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

30.04.2011 13:00:13
mbam-log-2011-04-30 (13-00-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158219
Laufzeit: 9 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL Logfile:
Code:
OTL Extras logfile created on: 29.04.2011 17:22:04 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Perner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): c:\pagefile.sys 600 1000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 57,35 Gb Free Space | 51,46% Space Free | Partition Type: NTFS
Drive D: | 104,90 Gb Total Space | 99,47 Gb Free Space | 94,82% Space Free | Partition Type: NTFS
 
Computer Name: PERNER-PC | User Name: Perner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A4BFD0C-F6ED-4C9E-AAC7-F166C307D972}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3A21C308-D0EF-4BB9-9AF0-B2138E2A767C}" = lport=139 | protocol=6 | dir=in | app=system |
"{3F27FB54-C417-4CB9-9461-7379A6DBC9EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{433168B7-CAFE-40CD-8AEC-0C5F1E0343BE}" = rport=139 | protocol=6 | dir=out | app=system |
"{59A46FD8-0CA6-439B-835F-917AC1B5C962}" = rport=138 | protocol=17 | dir=out | app=system |
"{6B5E840C-B0AC-41C8-A793-B85A4CAD1D20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{876C7AC6-AA8B-4577-A853-0EFF638C3672}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9C591C32-0FC8-409C-A7B7-255CEAB656BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{B3470D62-038A-427D-8864-F18BBD16D841}" = lport=445 | protocol=6 | dir=in | app=system |
"{C3156178-71C0-4BFE-A24F-7199BD354452}" = lport=137 | protocol=17 | dir=in | app=system |
"{DEB6A856-8FC4-4AB0-A542-618DAF63707B}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1597DCB-64F9-4E90-845B-4B2E30740CB4}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A3A56B-6C82-4FB2-B8D3-3ADDA818DF38}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{177F2E88-6176-407D-B1F2-883E6E607FCC}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{1C2158D1-4371-4057-869D-2F6E70F519DA}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{2490DF97-7871-49B2-8D49-3947E02C8FFF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{277AA5D8-DFF9-4103-AE45-1A3C5855C39E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{280DF023-979C-468A-BC34-3F648F2DE1DD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\play settlers 6.exe |
"{34D57345-043F-40FA-AF98-9A250A6754C1}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3E4BFDCE-E39C-42D1-BAC7-197FC7865DBF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3F327FC4-334D-442F-AC1D-BFEA489A265F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\play settlers 6.exe |
"{3F96D564-BABC-47BD-A99D-78A5E29167A5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{460806F9-3EAA-4A8B-92A8-43D44940A6B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F6B3DA8-8EBE-485B-9FD2-FFC4F8681EC4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7184E325-445B-4C2F-BFF9-A1A1B571D85B}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7A036DBC-8E61-442A-A28D-EEC4A438DE80}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{7DDF55E2-6274-4E94-A98D-687CE3654286}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{8E4DFA17-43A2-4594-9AD9-B3376833B1EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E6CFBF4-E76D-4592-BF44-0DB83C3BFE87}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{8E7BCFF4-CF0C-42AB-9F39-280D2A3E11F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{923CF2D2-A4C6-4E76-A8A2-B5D639BA1EB6}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{956DEF3B-F080-4529-BAA9-16D5A0677C83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{984C8463-2BCC-4C9F-A5E5-F3B0907BD361}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9DC6613B-2D49-4090-B7C0-2DF626579D25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A05741E1-B128-42F3-B14C-70194848CAB9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A38942B0-BD4C-4647-B650-F49F350ACF9F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D346F742-28AE-4053-A2CA-D937C87FE578}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5E4DFB6-1DFA-4FBF-97B9-99B1D0C66AD9}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D963477D-FC31-4D43-A73D-C2F446FC78CB}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{DCC76BA9-82C6-417E-BC29-A7FD86F0FC6F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{E9A6E6E6-D8AF-4037-A7B5-77B6299AAD62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E9E175FD-2D92-4F79-BC2D-A4807DD37939}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{EBC098B8-534A-45D2-A6A8-C400D29CF75C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{F31BCE89-8993-4828-8D15-4192EAC315BC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FBE4D8CB-DF13-48EA-9696-D5C88CBF4245}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"TCP Query User{0243A497-39FB-44AE-BF09-6C0B73FA9BBB}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{06858F76-4C7B-4B5A-B765-1E7490C0E449}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{177700C2-6ADD-4073-849A-3AFD4B664E54}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{2E421398-EBD0-4C5A-85DD-084A539A07EA}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{39878B66-9E24-48B2-A9BC-ADB61B33871D}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{3BE6E431-B85C-41CF-98D1-30A03D1B7B88}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{4B0625E5-0C55-4996-9B83-335B536E79B3}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{5A02DFA5-8956-4978-AC16-1A5C94853154}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{68E13B8D-2F43-4E40-B150-ED3544C7A376}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{720EC313-B811-42E0-8900-C676FEC66B1C}C:\program files\anno 1701 demo\anno1701_demo.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701 demo\anno1701_demo.exe |
"TCP Query User{7B7B19EE-BD8D-484D-8111-0883675931FF}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{A9ED317D-0115-4C66-ABAD-7AC04A7B6860}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B44C23C9-7EBC-4718-8A15-E3C0FB23A206}C:\program files\live-player\live-player.exe" = protocol=6 | dir=in | app=c:\program files\live-player\live-player.exe |
"TCP Query User{B9AB534A-97E9-4540-82E6-E7AAB47E09AE}C:\users\perner\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\perner\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |
"TCP Query User{BA90BC5D-D2AD-4284-8FD6-1CAE6B738487}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{C10D493D-44F9-4667-8ACA-FA58D79128FB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{13A9B464-352F-4519-95FE-8CCAB4012294}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{26B7FC7A-2F98-4AB8-AB5C-EAFC06C08F69}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{291E0910-39D1-4798-B9D9-0F09FDE478C3}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{2B790DC1-182A-43AB-8040-4D436A8C6196}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{36A6682E-921F-425E-B186-2D4446244FB0}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{5D312E9D-F5EE-4FAD-B1B5-84E665D4C398}C:\program files\anno 1701 demo\anno1701_demo.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701 demo\anno1701_demo.exe |
"UDP Query User{67EDD31F-F824-42E4-8C85-7BF5140251FD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6D46D279-165B-4BE0-AF95-491B7E201C1C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{76443088-F01A-4AAB-9D8E-EB5655A36741}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{80D1E8E5-E5F0-405B-A56B-1822200AD0FC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{8973C86D-8213-4DCF-B545-BDE5FDBB31F4}C:\program files\live-player\live-player.exe" = protocol=17 | dir=in | app=c:\program files\live-player\live-player.exe |
"UDP Query User{94A519B0-8357-4954-8039-E99420CB045B}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{D5B1FB92-1122-471E-94D8-AE956B9A2021}C:\users\perner\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\perner\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |
"UDP Query User{D6660411-D5A0-4664-A2EC-31E1F47F4ED2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DBECC00C-03FC-4CAA-85C3-8BBA5BC2C1F9}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{EBB2AEC0-7D4F-448F-A034-7EC81A1F30DF}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}" = Catalyst Control Center - Branding
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0A1984C3-5036-5B5F-F18E-16453EF5A6E1}" = Catalyst Control Center Localization Swedish
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{155BBB23-C7A5-223C-3B33-289089D6E0A2}" = Catalyst Control Center Localization Finnish
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19B4BDE9-0F2B-44FF-FDC4-987E1B33D03C}" = CCC Help English
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24F149E4-D897-9046-48A5-87CD67F81865}" = CCC Help Polish
"{25C1AF96-1F59-A1CE-3135-B38AFAA5C614}" = CCC Help Czech
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{26E2E4FB-F26A-549E-5496-14BAE4E2BA67}" = Catalyst Control Center Graphics Full Existing
"{27B7371A-7AA2-CC5B-6377-72161660F0BE}" = CCC Help Chinese Traditional
"{29F3D466-E05F-CBB6-63E9-01C85C083FCD}" = CCC Help French
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2CB2E1AE-B62A-3F43-9DD0-EF73467977AC}" = Catalyst Control Center Localization Hungarian
"{30BDD0BE-6A51-6DDD-197D-EFCE3B0EF79D}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{358C26F2-5B99-A7E9-18CF-2AE6BC97289B}" = Catalyst Control Center Localization Czech
"{3C277F75-605E-BFFE-4F87-27709C92370C}" = Catalyst Control Center Localization Portuguese
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD4AA8B-3C63-26AB-1CA3-010475A9EA72}" = CCC Help Portuguese
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{5262BAD6-5AB7-1490-A65C-D06368F07FF1}" = Catalyst Control Center Localization Italian
"{53F44183-B716-8D7D-053E-CB8039B38E74}" = CCC Help Hungarian
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5539EBB1-4BB9-21E5-921B-16E8886639D3}" = Catalyst Control Center Localization Chinese Traditional
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A89D38C-B9FE-ECFF-B90E-B9DEC8C8F2D8}" = Catalyst Control Center Localization Greek
"{5B1519C1-265C-C636-C414-F1E150B4F0AA}" = CCC Help Turkish
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6184B5A4-1355-A8D6-CE24-8F7EE887CBF3}" = CCC Help Norwegian
"{650BDC60-79C7-383B-2E9C-B8FF3909A127}" = Catalyst Control Center Localization Spanish
"{653F6FEA-643C-457F-774A-64D4DAAE1028}" = Catalyst Control Center Graphics Previews Vista
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{790DA23A-126B-91A9-FAB7-13EF66724253}" = CCC Help Swedish
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7DBDAAAB-8639-B59D-798A-32458B7380F9}" = Catalyst Control Center Localization Norwegian
"{7E96828D-B970-B1A9-3D9F-7EC3624785D0}" = Catalyst Control Center Localization German
"{7ECBF19A-78EC-1665-7E1C-B3E92B07F7CC}" = CCC Help Japanese
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80C1F369-F876-3D19-7816-B7800E7A6961}" = CCC Help Greek
"{827CFE4D-8687-9E1E-0A72-587BFF0B0D3A}" = CCC Help Thai
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{862ACB14-04CE-46BC-8652-9EA203178DD7}" = STOPzilla
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9AF60AF6-B109-D3A4-4367-B3620CBA37A7}" = CCC Help Finnish
"{9ED61802-0F47-F846-FA23-67CE3E4BD427}" = CCC Help Italian
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.5
"{A79CB508-2DD7-F717-8787-C6382C274082}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AACF5D06-EF3A-1941-3492-1E60589CA444}" = ccc-utility
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE2C968B-8A14-ABA2-D742-14E575104BCD}" = Catalyst Control Center Localization Korean
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6988D5B-4325-F1F7-B0E5-C4CCCD01E6B8}" = Catalyst Control Center Localization Thai
"{B734B040-25BB-02CA-39BD-FD6D070EDDAB}" = Catalyst Control Center Localization Danish
"{B86EE516-7CB4-E4C3-8382-010D4F2807F5}" = CCC Help Korean
"{BB01F512-272A-3C70-DA60-884C8BBC39DD}" = Catalyst Control Center Localization Chinese Standard
"{BCB0CE1E-7510-3948-4834-99BBA689CF62}" = Catalyst Control Center Core Implementation
"{BD5106DF-C061-5736-F1A5-F114BAA63759}" = CCC Help Russian
"{C03A43DF-CEE0-6D82-D2D3-781CCE1FC24E}" = Catalyst Control Center Localization Japanese
"{C76DAFAE-5E59-44AB-2764-70BC79E0D4B2}" = Skins
"{C8256DAF-828E-7E91-FB83-D900AA8E3C86}" = CCC Help Danish
"{C9429012-1CBE-E0CA-0955-CC53E0F2115F}" = CCC Help Chinese Standard
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB9B619A-EEA1-BFAB-6CA5-1FC655E2A0DA}" = Catalyst Control Center Localization Turkish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D013644E-F890-49A4-0DE9-8E4BBD18A406}" = ATI Catalyst Install Manager
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D7C49EC6-4DEA-7A7A-860D-78D613C68B8C}" = ccc-core-static
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E08C03D7-AE05-0458-2D14-78F219316933}" = Catalyst Control Center Localization Dutch
"{E4FD0200-A7DB-2D5A-B5B1-DBC0A184C9B2}" = Catalyst Control Center Localization Russian
"{E9BA4A79-BD4C-52E3-F34F-85B1CC62EE15}" = Catalyst Control Center Localization Polish
"{E9D20FA4-7CA6-F243-A503-CA961CCD2277}" = CCC Help Spanish
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF9E54C1-2D5F-DDA8-8E7B-0CD3EF89C8E4}" = Catalyst Control Center Localization French
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A630D4-3D7D-6EEC-5DAE-41835DC0A1DA}" = Catalyst Control Center Graphics Full New
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FD2B6E20-5344-07B4-C210-B57611E02906}" = CCC Help Dutch
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 EasyLogin" = 1&1 EasyLogin
"1&1 Upload-Manager" = 1&1 Upload-Manager
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Acer Acer Bio Protection 6.0.00.12" = Acer Bio Protection
 
AAV 6.0.00.12
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVSKey-Lock_is1" = AVSKey-Lock 1.07
"BILD-de Bundesliga" = BILD-de Bundesliga Bildschirmschoner
"DivX Setup.divx.com" = DivX-Setup
"eBay Icon" = eBay Icon
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Live-Player" = Live-Player
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee SecurityCenter
"NSS" = Norton Security Scan
"RealPlayer 12.0" = RealPlayer
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"SopCast" = SopCast 3.2.4
"ST6UNST #1" = BEWERBUNGSMASTER
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.5.2014
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.04.2011 15:09:16 | Computer Name = Perner-PC | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 8.0.6001.19048 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1518 Anfangszeit: 01cc05d6084b86fb Zeitpunkt
der Beendigung: 0
 
Error - 28.04.2011 16:30:21 | Computer Name = Perner-PC | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 8.0.6001.19048 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 900 Anfangszeit: 01cc05d7c4e1eb5b Zeitpunkt
der Beendigung: 0
 
Error - 28.04.2011 18:30:03 | Computer Name = Perner-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
0x474a325e, fehlerhaftes Modul CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
0x474a325e, Ausnahmecode 0xc000000d, Fehleroffset 0x00002a7f, Prozess-ID 0xa38, Anwendungsstartzeit
01cc05f3d0da1736.
 
Error - 28.04.2011 18:30:28 | Computer Name = Perner-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 28.04.2011 18:32:45 | Computer Name = Perner-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SZServer.exe, Version 5.0.90.102, Zeitstempel
0x4d9c945e, fehlerhaftes Modul iS3Base5.dll, Version 5.0.115.0, Zeitstempel 0x4d270bfd,
Ausnahmecode 0xc0000005, Fehleroffset 0x000040b2, Prozess-ID 0x498, Anwendungsstartzeit
01cc05f3c24a9353.
 
Error - 29.04.2011 09:22:05 | Computer Name = Perner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.04.2011 09:22:05 | Computer Name = Perner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 41611660
 
Error - 29.04.2011 09:22:05 | Computer Name = Perner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 41611660
 
Error - 29.04.2011 09:37:23 | Computer Name = Perner-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
0x474a325e, fehlerhaftes Modul CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
0x474a325e, Ausnahmecode 0xc000000d, Fehleroffset 0x00002a7f, Prozess-ID 0xc0c, Anwendungsstartzeit
01cc0672915f5f3d.
 
Error - 29.04.2011 09:37:59 | Computer Name = Perner-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 28.04.2011 18:29:06 | Computer Name = Perner-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.
 
Error - 28.04.2011 18:30:35 | Computer Name = Perner-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 28.04.2011 18:33:14 | Computer Name = Perner-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 29.04.2011 09:32:07 | Computer Name = Perner-PC | Source = DCOM | ID = 10010
Description =
 
Error - 29.04.2011 09:34:56 | Computer Name = Perner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 29.04.2011 09:35:47 | Computer Name = Perner-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
 
Error - 29.04.2011 09:35:55 | Computer Name = Perner-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
 
Error - 29.04.2011 09:36:18 | Computer Name = Perner-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.
 
Error - 29.04.2011 09:38:05 | Computer Name = Perner-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 29.04.2011 11:11:15 | Computer Name = Perner-PC | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 30.04.2011 13:13:10 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Perner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): c:\pagefile.sys 600 1000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 58,27 Gb Free Space | 52,29% Space Free | Partition Type: NTFS
Drive D: | 104,90 Gb Total Space | 99,47 Gb Free Space | 94,82% Space Free | Partition Type: NTFS
 
Computer Name: PERNER-PC | User Name: Perner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.30 13:06:54 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Perner\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.04.30 13:03:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Perner\Desktop\OTL.exe
PRC - [2011.04.28 18:20:06 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.04.28 00:35:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.25 18:17:16 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Programme\STOPzilla!\STOPzilla.exe
PRC - [2011.04.25 18:17:12 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Programme\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011.03.17 21:21:47 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.25 11:17:35 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011.02.16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010.06.24 16:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.07 20:50:36 | 000,206,120 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2009.09.07 20:50:28 | 000,152,872 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.05.21 15:42:28 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009.04.16 17:56:36 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.15 15:28:26 | 003,346,944 | -H-- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2008.07.15 15:28:20 | 003,474,432 | -H-- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe
PRC - [2008.04.28 13:18:26 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.04.22 11:02:06 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.11 20:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.03.11 11:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.07 04:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.03.05 00:38:34 | 000,500,784 | -H-- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.05 00:38:28 | 000,526,896 | -H-- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | -H-- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSK\msksrver.exe
PRC - [2007.11.05 16:00:00 | 004,641,634 | -H-- | M] () -- D:\mp\AVSKey-Lock\AVSKey.EXE
PRC - [2007.11.01 18:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe
PRC - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.08.15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007.08.03 23:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2007.07.24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe
PRC - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
PRC - [2007.04.24 18:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.30 13:03:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Perner\Desktop\OTL.exe
MOD - [2011.04.08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\sahook.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008.03.05 00:38:16 | 000,240,176 | -H-- | M] (Egis Incorporated.) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
MOD - [2008.03.05 00:38:12 | 000,121,392 | -H-- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
MOD - [2008.01.21 04:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.21 04:23:54 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.28 00:35:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.25 18:17:12 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011.03.17 21:21:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.06.24 16:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.04.16 17:56:36 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.07.15 15:28:20 | 003,474,432 | -H-- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008.04.22 11:02:06 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.05 00:38:34 | 000,500,784 | -H-- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.06 17:15:28 | 000,110,592 | -H-- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007.11.07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007.11.05 16:00:00 | 004,641,634 | -H-- | M] () [Auto | Running] -- D:\mp\AVSKey-Lock\AVSKey.EXE -- (AvskeyService)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.08.15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.07.24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.17 21:21:48 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.22 12:57:28 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.12 12:19:40 | 000,144,384 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11rdr.SYS -- (ui11rdr)
DRV - [2010.05.12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009.12.07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009.09.11 18:43:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/01/10 13:10:53] [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009.08.05 07:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009.06.25 16:05:46 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.06.25 16:05:46 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.15 15:28:15 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.05.08 19:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.22 11:02:34 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.04.11 11:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.12.02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007.11.22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.11.22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007.11.22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007.11.22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007.07.13 10:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.04.27 20:20:53 | 000,000,000 | ---D | M]
 
[2009.08.04 09:09:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Perner\AppData\Roaming\mozilla\Extensions
[2009.08.04 09:09:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Perner\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.08.11 19:46:43 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Programme\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-DE/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.fotokasten.de/javaapplet/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} https://register.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Perner\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Perner\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a5cc4b67-81f3-11dd-b1a6-00a0d1a86d6c}\Shell\AutoRun\command - "" = E:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{e82d6331-80c3-11de-adfb-00a0d1a86d6c}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.29 17:20:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.29 17:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.29 17:19:33 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.29 17:10:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Perner\Desktop\Erunt-setup.exe
[2011.04.29 17:10:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Perner\Desktop\OTL.exe
[2011.04.29 17:10:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Perner\Desktop\TFC.exe
[2011.04.29 16:45:31 | 000,000,000 | ---D | C] -- C:\Users\Perner\AppData\Roaming\Malwarebytes
[2011.04.29 16:45:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.29 16:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.29 16:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.29 16:45:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.28 00:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011.04.28 00:39:55 | 000,000,000 | ---D | C] -- C:\Programme\STOPzilla!
[2011.04.28 00:39:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\iS3
[2011.04.28 00:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011.04.25 18:17:06 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011.04.25 18:17:06 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011.04.25 18:17:06 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011.04.25 18:17:04 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011.04.25 18:17:04 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011.04.25 18:17:04 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011.04.25 18:17:04 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011.04.25 18:17:04 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011.04.25 18:17:04 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011.04.25 18:17:02 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011.04.25 18:17:02 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011.04.25 18:17:02 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011.04.19 23:15:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.30 13:19:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.30 13:08:55 | 000,000,792 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011.04.30 13:07:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.30 13:05:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.30 13:05:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.30 13:05:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.30 13:05:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.30 13:05:09 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.30 13:04:15 | 000,020,652 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011.04.30 13:04:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.30 13:03:10 | 000,301,568 | ---- | M] () -- C:\Users\Perner\Desktop\g2m3e4r.exe
[2011.04.30 13:03:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Perner\Desktop\Erunt-setup.exe
[2011.04.30 13:03:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Perner\Desktop\OTL.exe
[2011.04.30 13:03:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Perner\Desktop\TFC.exe
[2011.04.30 12:56:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051833895-3156580812-787731633-1000UA.job
[2011.04.30 10:53:31 | 000,072,290 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.30 10:53:31 | 000,025,490 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.30 10:53:31 | 000,020,890 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.30 10:53:31 | 000,013,230 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.29 20:56:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051833895-3156580812-787731633-1000Core.job
[2011.04.29 17:19:35 | 000,000,737 | ---- | M] () -- C:\Users\Perner\Desktop\NTREGOPT.lnk
[2011.04.29 17:19:35 | 000,000,718 | ---- | M] () -- C:\Users\Perner\Desktop\ERUNT.lnk
[2011.04.29 17:10:11 | 000,377,282 | ---- | M] () -- C:\Users\Perner\Desktop\Load.exe
[2011.04.29 16:45:15 | 000,000,574 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.29 15:22:11 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Perner.job
[2011.04.28 18:20:30 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.28 18:20:30 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.28 18:20:02 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.25 18:17:06 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011.04.25 18:17:06 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011.04.25 18:17:06 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011.04.25 18:17:04 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011.04.25 18:17:04 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011.04.25 18:17:04 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011.04.25 18:17:04 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011.04.25 18:17:04 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011.04.25 18:17:04 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011.04.25 18:17:02 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011.04.25 18:17:02 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011.04.25 18:17:02 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011.04.16 12:34:57 | 000,323,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.13 09:00:47 | 000,001,399 | -H-- | M] () -- C:\Users\Perner\Desktop\DivX Movies.lnk
[2011.04.08 20:36:01 | 000,000,680 | -H-- | M] () -- C:\Users\Perner\AppData\Local\d3d9caps.dat
[2011.04.06 11:22:43 | 000,263,256 | -H-- | M] () -- C:\Users\Perner\Desktop\artikel01.pdf
 
========== Files Created - No Company Name ==========
 
[2011.04.30 13:07:44 | 000,000,792 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011.04.29 17:19:35 | 000,000,737 | ---- | C] () -- C:\Users\Perner\Desktop\NTREGOPT.lnk
[2011.04.29 17:19:35 | 000,000,718 | ---- | C] () -- C:\Users\Perner\Desktop\ERUNT.lnk
[2011.04.29 17:10:37 | 000,301,568 | ---- | C] () -- C:\Users\Perner\Desktop\g2m3e4r.exe
[2011.04.29 17:10:10 | 000,377,282 | ---- | C] () -- C:\Users\Perner\Desktop\Load.exe
[2011.04.29 16:45:15 | 000,000,574 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.28 18:20:02 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.06 11:22:43 | 000,263,256 | -H-- | C] () -- C:\Users\Perner\Desktop\artikel01.pdf
[2010.07.26 10:13:40 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.04.28 22:36:19 | 000,002,299 | -H-- | C] () -- C:\Users\Perner\AppData\Roaming\acervcmtmp.ini
[2009.11.09 22:21:31 | 000,000,099 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.11.09 22:20:23 | 000,000,770 | ---- | C] () -- C:\ProgramData\ss.ini
[2009.11.08 22:35:07 | 000,000,034 | -H-- | C] () -- C:\Users\Perner\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2009.11.08 22:35:04 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2009.10.23 19:38:02 | 000,296,748 | -H-- | C] () -- C:\Users\Perner\AppData\Local\llqpuuz_nav.dat
[2009.10.23 19:38:02 | 000,005,069 | -H-- | C] () -- C:\Users\Perner\AppData\Local\llqpuuz_navps.dat
[2009.10.23 19:38:02 | 000,003,428 | -H-- | C] () -- C:\Users\Perner\AppData\Local\llqpuuz.dat
[2009.09.24 09:15:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 09:15:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.28 21:34:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.20 11:30:32 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009.07.20 11:30:32 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009.07.20 11:30:32 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009.07.20 11:30:32 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009.07.20 11:30:32 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009.07.20 11:30:32 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009.07.20 11:30:32 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009.07.20 11:30:32 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009.07.20 11:30:32 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009.07.20 11:30:32 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009.07.20 11:30:32 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009.07.20 11:30:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009.07.20 11:30:32 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009.07.20 11:30:32 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.07.20 11:30:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.07.20 11:30:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009.07.20 11:30:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009.07.20 11:30:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009.07.20 11:30:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009.07.15 11:55:42 | 000,000,091 | -H-- | C] () -- C:\Users\Perner\AppData\Local\kkuyk.bat
[2009.05.12 15:51:03 | 000,000,089 | -H-- | C] () -- C:\Users\Perner\AppData\Local\aooci.bat
[2008.12.01 16:27:29 | 000,000,648 | -H-- | C] () -- C:\Users\Perner\AppData\Roaming\wklnhst.dat
[2008.09.15 16:21:14 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.09.15 16:21:13 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.09.15 10:42:57 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.09.14 09:32:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.14 09:26:22 | 000,048,640 | -H-- | C] () -- C:\Users\Perner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.13 20:22:16 | 000,000,680 | -H-- | C] () -- C:\Users\Perner\AppData\Local\d3d9caps.dat
[2008.07.15 15:32:59 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.07.15 15:32:59 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.07.15 15:32:59 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.07.15 15:28:39 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.07.15 15:19:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.05.16 07:50:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.05.16 07:50:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.05.16 07:50:44 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.05.16 07:50:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.03.29 05:40:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.03.29 05:40:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.03.29 04:51:53 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.03.29 04:48:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.03.29 04:43:49 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.03.29 04:43:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.03.29 04:42:36 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008.03.28 21:22:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,072,290 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.01.21 09:15:58 | 000,020,890 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.11.14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.04.24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,323,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:33:01 | 000,025,490 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,013,230 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.01.18 21:53:04 | 000,000,000 | -HSD | M] -- C:\Users\Perner\AppData\Roaming\.#
[2011.03.18 09:55:39 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\1&1
[2008.03.29 05:06:10 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Acer GameZone Console
[2009.09.23 22:10:36 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Amazon
[2009.11.08 22:35:04 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Desktopicon
[2008.09.13 20:17:43 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\eSobi
[2009.08.04 21:38:14 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\gtk-2.0
[2010.07.16 20:00:58 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Happyville__
[2009.05.12 15:52:02 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\live-player
[2010.08.13 20:41:30 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Magic3
[2010.08.16 12:31:51 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Nokia
[2010.07.18 15:36:06 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Nokia Ovi Suite
[2010.08.16 12:34:11 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\OpenOffice.org
[2009.07.20 11:30:59 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Panasonic
[2010.07.18 15:07:23 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\PC Suite
[2008.11.25 20:53:48 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\PlayFirst
[2011.03.23 18:01:47 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\PowerCinema
[2011.03.24 21:23:22 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\SoftDMA
[2009.02.15 13:14:42 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Template
[2009.08.04 09:09:40 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\TomTom
[2008.09.13 19:32:54 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Validity
[2010.08.16 19:05:55 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\VistaCodecs
[2009.11.15 11:50:41 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011.01.01 11:19:25 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011.04.30 13:04:17 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60
 
< End of report >
--- --- ---



vielen dank für euere hilfe!

cosinus 01.05.2011 16:05
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Mia29 02.05.2011 17:12
hier log von gestern:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6477

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

30.04.2011 13:00:13
mbam-log-2011-04-30 (13-00-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158219
Laufzeit: 9 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


von heute 02.05.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6490

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

02.05.2011 13:13:58
mbam-log-2011-05-02 (13-13-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158174
Laufzeit: 8 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL Logfile:
Code:
OTL logfile created on: 02.05.2011 13:18:29 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Perner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): c:\pagefile.sys 600 1000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 56,31 Gb Free Space | 50,53% Space Free | Partition Type: NTFS
Drive D: | 104,90 Gb Total Space | 99,47 Gb Free Space | 94,82% Space Free | Partition Type: NTFS
 
Computer Name: PERNER-PC | User Name: Perner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.30 13:06:54 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Perner\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.04.30 13:03:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Perner\Desktop\OTL.exe
PRC - [2011.04.28 00:35:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.25 18:17:12 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Programme\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011.03.17 21:21:47 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.13 17:19:24 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
PRC - [2011.02.16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010.06.24 16:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.07 20:50:36 | 000,206,120 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2009.09.07 20:50:28 | 000,152,872 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.05.21 15:42:28 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009.04.16 17:56:36 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.15 15:28:26 | 003,346,944 | -H-- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2008.07.15 15:28:20 | 003,474,432 | -H-- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe
PRC - [2008.04.28 13:18:26 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.04.22 11:02:06 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.11 20:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.03.11 11:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.07 04:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.03.05 00:38:34 | 000,500,784 | -H-- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.05 00:38:28 | 000,526,896 | -H-- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | -H-- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSK\msksrver.exe
PRC - [2007.11.05 16:00:00 | 004,641,634 | -H-- | M] () -- D:\mp\AVSKey-Lock\AVSKey.EXE
PRC - [2007.11.01 18:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe
PRC - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.08.15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007.08.03 23:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2007.07.24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe
PRC - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
PRC - [2007.04.24 18:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.30 13:03:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Perner\Desktop\OTL.exe
MOD - [2011.04.08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\sahook.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.28 00:35:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.25 18:17:12 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011.03.17 21:21:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.06.24 16:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.04.16 17:56:36 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.07.15 15:28:20 | 003,474,432 | -H-- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008.04.22 11:02:06 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.05 00:38:34 | 000,500,784 | -H-- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.06 17:15:28 | 000,110,592 | -H-- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007.11.07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007.11.05 16:00:00 | 004,641,634 | -H-- | M] () [Auto | Running] -- D:\mp\AVSKey-Lock\AVSKey.EXE -- (AvskeyService)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.08.15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.07.24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.17 21:21:48 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.22 12:57:28 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.12 12:19:40 | 000,144,384 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11rdr.SYS -- (ui11rdr)
DRV - [2010.05.12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009.12.07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009.09.11 18:43:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/01/10 13:10:53] [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009.08.05 07:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009.06.25 16:05:46 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.06.25 16:05:46 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.15 15:28:15 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.05.08 19:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.22 11:02:34 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.04.11 11:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.12.02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007.11.22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.11.22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007.11.22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007.11.22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007.07.13 10:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.04.27 20:20:53 | 000,000,000 | ---D | M]
 
[2009.08.04 09:09:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Perner\AppData\Roaming\mozilla\Extensions
[2009.08.04 09:09:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Perner\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.08.11 19:46:43 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Programme\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-DE/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.fotokasten.de/javaapplet/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} https://register.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Perner\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Perner\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a5cc4b67-81f3-11dd-b1a6-00a0d1a86d6c}\Shell\AutoRun\command - "" = E:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{e82d6331-80c3-11de-adfb-00a0d1a86d6c}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Programme\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^Users^Perner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Perner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig - StartUpReg: NokiaMusic FastStart - hkey= - key= - C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4AADD1F0-17A8-4349-943F-9C7B5E3F9CB4} - Yahoo! Toolbar
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {765BB945-9769-4D3A-BEB3-D868972080C8} - NoIE8Tour
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E6097C7D-AF4E-4985-9A0C-F5611B5818BC} - Yahoo! Search Settings Update
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: >{DF356B79-C4CB-48FE-A37F-9DA402B270C1} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.01 13:11:19 | 000,000,000 | ---D | C] -- C:\My Music
[2011.05.01 05:23:35 | 000,000,000 | ---D | C] -- C:\Users\Perner\AppData\Local\Apple_Inc
[2011.04.29 17:20:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.29 17:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.29 17:19:33 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.29 17:10:37 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Perner\Desktop\Erunt-setup.exe
[2011.04.29 17:10:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Perner\Desktop\OTL.exe
[2011.04.29 17:10:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Perner\Desktop\TFC.exe
[2011.04.29 16:45:31 | 000,000,000 | ---D | C] -- C:\Users\Perner\AppData\Roaming\Malwarebytes
[2011.04.29 16:45:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.29 16:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.29 16:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.29 16:45:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.28 00:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011.04.28 00:39:55 | 000,000,000 | ---D | C] -- C:\Programme\STOPzilla!
[2011.04.28 00:39:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\iS3
[2011.04.28 00:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011.04.25 18:17:06 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011.04.25 18:17:06 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011.04.25 18:17:06 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011.04.25 18:17:04 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011.04.25 18:17:04 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011.04.25 18:17:04 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011.04.25 18:17:04 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011.04.25 18:17:04 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011.04.25 18:17:04 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011.04.25 18:17:02 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011.04.25 18:17:02 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011.04.25 18:17:02 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011.04.19 23:15:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.02 13:19:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.02 13:05:18 | 000,001,024 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011.05.02 13:02:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.02 13:02:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.02 13:01:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.02 13:01:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.02 13:01:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.02 13:01:31 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.02 11:56:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051833895-3156580812-787731633-1000UA.job
[2011.05.01 22:51:23 | 000,020,652 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011.05.01 22:51:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.01 20:56:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051833895-3156580812-787731633-1000Core.job
[2011.05.01 17:53:39 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Perner.job
[2011.05.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2011.04.30 13:03:10 | 000,301,568 | ---- | M] () -- C:\Users\Perner\Desktop\g2m3e4r.exe
[2011.04.30 13:03:09 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Perner\Desktop\Erunt-setup.exe
[2011.04.30 13:03:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Perner\Desktop\OTL.exe
[2011.04.30 13:03:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Perner\Desktop\TFC.exe
[2011.04.30 10:53:31 | 000,072,290 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.30 10:53:31 | 000,025,490 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.30 10:53:31 | 000,020,890 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.30 10:53:31 | 000,013,230 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.29 17:19:35 | 000,000,737 | ---- | M] () -- C:\Users\Perner\Desktop\NTREGOPT.lnk
[2011.04.29 17:19:35 | 000,000,718 | ---- | M] () -- C:\Users\Perner\Desktop\ERUNT.lnk
[2011.04.29 17:10:11 | 000,377,282 | ---- | M] () -- C:\Users\Perner\Desktop\Load.exe
[2011.04.29 16:45:15 | 000,000,574 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.28 18:20:30 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.28 18:20:30 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.28 18:20:02 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.25 18:17:06 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011.04.25 18:17:06 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011.04.25 18:17:06 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011.04.25 18:17:04 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011.04.25 18:17:04 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011.04.25 18:17:04 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011.04.25 18:17:04 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011.04.25 18:17:04 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011.04.25 18:17:04 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011.04.25 18:17:02 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011.04.25 18:17:02 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011.04.25 18:17:02 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011.04.16 12:34:57 | 000,323,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.13 09:00:47 | 000,001,399 | -H-- | M] () -- C:\Users\Perner\Desktop\DivX Movies.lnk
[2011.04.08 20:36:01 | 000,000,680 | -H-- | M] () -- C:\Users\Perner\AppData\Local\d3d9caps.dat
[2011.04.06 11:22:43 | 000,263,256 | -H-- | M] () -- C:\Users\Perner\Desktop\artikel01.pdf
 
========== Files Created - No Company Name ==========
 
[2011.05.02 13:02:39 | 000,001,024 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011.04.29 17:19:35 | 000,000,737 | ---- | C] () -- C:\Users\Perner\Desktop\NTREGOPT.lnk
[2011.04.29 17:19:35 | 000,000,718 | ---- | C] () -- C:\Users\Perner\Desktop\ERUNT.lnk
[2011.04.29 17:10:37 | 000,301,568 | ---- | C] () -- C:\Users\Perner\Desktop\g2m3e4r.exe
[2011.04.29 17:10:10 | 000,377,282 | ---- | C] () -- C:\Users\Perner\Desktop\Load.exe
[2011.04.29 16:45:15 | 000,000,574 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.28 18:20:02 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.06 11:22:43 | 000,263,256 | -H-- | C] () -- C:\Users\Perner\Desktop\artikel01.pdf
[2010.07.26 10:13:40 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.04.28 22:36:19 | 000,002,299 | -H-- | C] () -- C:\Users\Perner\AppData\Roaming\acervcmtmp.ini
[2009.11.09 22:21:31 | 000,000,099 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.11.09 22:20:23 | 000,000,770 | ---- | C] () -- C:\ProgramData\ss.ini
[2009.11.08 22:35:07 | 000,000,034 | -H-- | C] () -- C:\Users\Perner\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2009.11.08 22:35:04 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2009.10.23 19:38:02 | 000,296,748 | -H-- | C] () -- C:\Users\Perner\AppData\Local\llqpuuz_nav.dat
[2009.10.23 19:38:02 | 000,005,069 | -H-- | C] () -- C:\Users\Perner\AppData\Local\llqpuuz_navps.dat
[2009.10.23 19:38:02 | 000,003,428 | -H-- | C] () -- C:\Users\Perner\AppData\Local\llqpuuz.dat
[2009.09.24 09:15:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 09:15:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.28 21:34:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.20 11:30:32 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009.07.20 11:30:32 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009.07.20 11:30:32 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009.07.20 11:30:32 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009.07.20 11:30:32 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009.07.20 11:30:32 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009.07.20 11:30:32 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009.07.20 11:30:32 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009.07.20 11:30:32 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009.07.20 11:30:32 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009.07.20 11:30:32 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009.07.20 11:30:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009.07.20 11:30:32 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009.07.20 11:30:32 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.07.20 11:30:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.07.20 11:30:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009.07.20 11:30:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009.07.20 11:30:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009.07.20 11:30:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009.07.15 11:55:42 | 000,000,091 | -H-- | C] () -- C:\Users\Perner\AppData\Local\kkuyk.bat
[2009.05.12 15:51:03 | 000,000,089 | -H-- | C] () -- C:\Users\Perner\AppData\Local\aooci.bat
[2008.12.01 16:27:29 | 000,000,648 | -H-- | C] () -- C:\Users\Perner\AppData\Roaming\wklnhst.dat
[2008.09.15 16:21:14 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.09.15 16:21:13 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.09.15 10:42:57 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.09.14 09:32:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.14 09:26:22 | 000,048,640 | -H-- | C] () -- C:\Users\Perner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.13 20:22:16 | 000,000,680 | -H-- | C] () -- C:\Users\Perner\AppData\Local\d3d9caps.dat
[2008.07.15 15:32:59 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.07.15 15:32:59 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.07.15 15:32:59 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.07.15 15:28:39 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.07.15 15:19:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.05.16 07:50:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.05.16 07:50:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.05.16 07:50:44 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.05.16 07:50:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.03.29 05:40:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.03.29 05:40:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.03.29 04:51:53 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.03.29 04:48:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.03.29 04:43:49 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.03.29 04:43:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.03.29 04:42:36 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008.03.28 21:22:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,072,290 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.01.21 09:15:58 | 000,020,890 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.11.14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.04.24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,323,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:33:01 | 000,025,490 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,013,230 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.01.18 21:53:04 | 000,000,000 | -HSD | M] -- C:\Users\Perner\AppData\Roaming\.#
[2011.03.18 09:55:39 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\1&1
[2008.03.29 05:06:10 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Acer GameZone Console
[2009.09.23 22:10:36 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Amazon
[2009.11.08 22:35:04 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Desktopicon
[2008.09.13 20:17:43 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\eSobi
[2009.08.04 21:38:14 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\gtk-2.0
[2010.07.16 20:00:58 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Happyville__
[2009.05.12 15:52:02 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\live-player
[2010.08.13 20:41:30 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Magic3
[2010.08.16 12:31:51 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Nokia
[2010.07.18 15:36:06 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Nokia Ovi Suite
[2010.08.16 12:34:11 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\OpenOffice.org
[2009.07.20 11:30:59 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Panasonic
[2010.07.18 15:07:23 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\PC Suite
[2008.11.25 20:53:48 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\PlayFirst
[2011.03.23 18:01:47 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\PowerCinema
[2011.03.24 21:23:22 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\SoftDMA
[2009.02.15 13:14:42 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Template
[2009.08.04 09:09:40 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\TomTom
[2008.09.13 19:32:54 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Validity
[2010.08.16 19:05:55 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\VistaCodecs
[2009.11.15 11:50:41 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011.05.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011.05.01 22:51:28 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.01.18 21:53:04 | 000,000,000 | -HSD | M] -- C:\Users\Perner\AppData\Roaming\.#
[2011.03.18 09:55:39 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\1&1
[2008.03.29 05:06:10 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Acer GameZone Console
[2008.09.14 10:01:45 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Adobe
[2009.09.23 22:10:36 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Amazon
[2010.07.15 18:09:04 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Apple Computer
[2008.09.13 19:33:13 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\ATI
[2010.11.04 14:41:04 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Avira
[2008.09.13 20:19:23 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\CyberLink
[2009.11.08 22:35:04 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Desktopicon
[2010.08.16 18:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\DivX
[2008.09.13 20:17:43 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\eSobi
[2008.09.20 20:03:23 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Google
[2009.08.04 21:38:14 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\gtk-2.0
[2010.07.16 20:00:58 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Happyville__
[2008.09.13 19:32:18 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Identities
[2009.07.20 11:29:01 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\InstallShield
[2009.05.12 15:52:02 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\live-player
[2008.09.13 19:32:59 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Macromedia
[2010.08.13 20:41:30 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Magic3
[2011.04.29 16:45:31 | 000,000,000 | ---D | M] -- C:\Users\Perner\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Media Center Programs
[2010.06.11 23:53:37 | 000,000,000 | --SD | M] -- C:\Users\Perner\AppData\Roaming\Microsoft
[2011.02.20 20:52:03 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Mozilla
[2010.08.16 12:31:51 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Nokia
[2010.07.18 15:36:06 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Nokia Ovi Suite
[2010.08.16 12:34:11 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\OpenOffice.org
[2009.07.20 11:30:59 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Panasonic
[2010.07.18 15:07:23 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\PC Suite
[2008.11.25 20:53:48 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\PlayFirst
[2011.03.23 18:01:47 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\PowerCinema
[2009.12.14 09:56:47 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Real
[2009.10.29 22:23:38 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Skype
[2009.09.06 00:06:22 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\skypePM
[2011.03.24 21:23:22 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\SoftDMA
[2009.02.15 13:14:42 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Template
[2009.08.04 09:09:40 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\TomTom
[2008.09.13 19:32:54 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Validity
[2010.08.16 19:05:55 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\VistaCodecs
[2008.09.13 20:38:05 | 000,000,000 | -H-D | M] -- C:\Users\Perner\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2009.11.08 22:35:04 | 000,031,836 | -H-- | M] () -- C:\Users\Perner\AppData\Roaming\Desktopicon\uninst.exe
[2009.12.09 21:32:10 | 000,439,816 | -H-- | M] (RealNetworks, Inc.) -- C:\Users\Perner\AppData\Roaming\Real\Update\setup3.09\setup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 23:30:08 | 000,007,216 | ---- | M] () Unable to obtain MD5 -- C:\Programme\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 22:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60

< End of report >
--- --- ---

Mia29 02.05.2011 17:13
sorry, doppelter eintrag

cosinus 02.05.2011 19:07
Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Mia29 04.05.2011 19:39
jetzt habe ich den vollscan gemacht, hoffe es ist jetzt richtig ;-)

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6493

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

03.05.2011 01:48:48
mbam-log-2011-05-03 (01-48-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 292293
Laufzeit: 2 Stunde(n), 12 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


lg

mia

cosinus 05.05.2011 08:58
Deinstalliere zuerst mal McAfee, das stört und kann kontraproduktiv sein wenn es zusammen mit AntiVir installiert ist. Außerdem bitte ALLE Toolbars deinstallieren!


Mach danach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a5cc4b67-81f3-11dd-b1a6-00a0d1a86d6c}\Shell\AutoRun\command - "" = E:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{e82d6331-80c3-11de-adfb-00a0d1a86d6c}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
[2009.01.18 21:53:04 | 000,000,000 | -HSD | M] -- C:\Users\Perner\AppData\Roaming\.#
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Mia29 06.05.2011 08:42
so, jetzt habe ich leider ein problem.

habe alles nach deiner anweisung gemacht, toolbars soweit möglich entfernt, mc affe rausgeschmissen. bei der ask toolbar kam eine fehlermeldung, so dass ich sie nicht entfernen kann. habe es öfters probiert.

dann alle programme und virenscanner beendet und geschlossen. bei otl den text einkopiert - fix button betätigt, dann kam ganz kurz danach eine fehlermeldung bei C:\Windows\System32.... weiter kann ich es nicht beschreiben und danach hing der pc.

jetzt steht das programm, im fenster steht
(resethosts)
(emptytemp)
unten in der leiste steht noch "Resetting HOSTS file. DO NOT INTERRUPT..."

es passiert sozusagen garnichts mehr. was soll ich jetzt tun ohne dass ich den pc zerschieße?

vielen dank für eure hilfe!

lg

mia

cosinus 06.05.2011 10:43
Starte den Rechner neu und wiederhol den Fix. OTL musst du per Rechtsklick als Admin ausführen!!!

Mia29 08.05.2011 09:09
ich führe es mit dem rechtsklick als administratoraus. dann kommt nach zwei sekunden
cannot create file C:\windows\system32\drivers\etc\hosts.
dann passiert nichts mehr wie bei meinem letzten post beschrieben. das programm bleibt stehen mit dem do not interrupt text...

die log datei von otl:

Files\Folders moved on Reboot...
C:\Windows\System32\drivers\etc\Hosts moved successfully.
Registry entries deleted on Reboot...

lg

mia

cosinus 08.05.2011 13:49
Wiederhol den Fix mal mit diesem leicht verändert Script:

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a5cc4b67-81f3-11dd-b1a6-00a0d1a86d6c}\Shell\AutoRun\command - "" = E:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{e82d6331-80c3-11de-adfb-00a0d1a86d6c}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
[2009.01.18 21:53:04 | 000,000,000 | -HSD | M] -- C:\Users\Perner\AppData\Roaming\.#
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60
:Commands
[emptytemp]

Mia29 08.05.2011 15:54
super, jetzt ging es.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5cc4b67-81f3-11dd-b1a6-00a0d1a86d6c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5cc4b67-81f3-11dd-b1a6-00a0d1a86d6c}\ not found.
File E:\.\MigWiz\migsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e82d6331-80c3-11de-adfb-00a0d1a86d6c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e82d6331-80c3-11de-adfb-00a0d1a86d6c}\ not found.
File G:\InstallTomTomHOME.exe not found.
Folder C:\Users\Perner\AppData\Roaming\.#\ not found.
Unable to delete ADS C:\ProgramData\TEMP:E36F5B57 .
Unable to delete ADS C:\ProgramData\TEMP:4F636E25 .
Unable to delete ADS C:\ProgramData\TEMP:4CF61E54 .
Unable to delete ADS C:\ProgramData\TEMP:2B99FE60 .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Perner
->Temp folder emptied: 135244430 bytes
->Temporary Internet Files folder emptied: 1079344309 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3963 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3756882 bytes
RecycleBin emptied: 147469205 bytes

Total Files Cleaned = 1.303,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05082011_164120

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



folgende meldung erscheint noch bei jedem pc start.

catalyst control centre: host application funktioniert nicht mehr.
das programm wird aufgrund eine problems nicht richtigs ausgeführt etc....

cosinus 09.05.2011 09:09
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Mia29 11.05.2011 14:23
2011/05/11 15:22:09.0752 5776 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/11 15:22:10.0017 5776 ================================================================================
2011/05/11 15:22:10.0017 5776 SystemInfo:
2011/05/11 15:22:10.0017 5776
2011/05/11 15:22:10.0017 5776 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/11 15:22:10.0017 5776 Product type: Workstation
2011/05/11 15:22:10.0017 5776 ComputerName: PERNER-PC
2011/05/11 15:22:10.0017 5776 UserName: Perner
2011/05/11 15:22:10.0017 5776 Windows directory: C:\Windows
2011/05/11 15:22:10.0017 5776 System windows directory: C:\Windows
2011/05/11 15:22:10.0017 5776 Processor architecture: Intel x86
2011/05/11 15:22:10.0017 5776 Number of processors: 2
2011/05/11 15:22:10.0017 5776 Page size: 0x1000
2011/05/11 15:22:10.0017 5776 Boot type: Normal boot
2011/05/11 15:22:10.0017 5776 ================================================================================
2011/05/11 15:22:10.0547 5776 Initialize success
2011/05/11 15:22:33.0713 4720 ================================================================================
2011/05/11 15:22:33.0713 4720 Scan started
2011/05/11 15:22:33.0713 4720 Mode: Manual;
2011/05/11 15:22:33.0713 4720 ================================================================================
2011/05/11 15:22:34.0181 4720 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/11 15:22:34.0322 4720 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/11 15:22:34.0431 4720 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/11 15:22:34.0509 4720 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/11 15:22:34.0587 4720 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/11 15:22:34.0743 4720 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/11 15:22:34.0930 4720 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/11 15:22:35.0055 4720 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/11 15:22:35.0133 4720 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/11 15:22:35.0211 4720 AlfaFF (8d59617a9c3dbf4650aa44f4e9215744) C:\Windows\system32\Drivers\AlfaFF.sys
2011/05/11 15:22:35.0289 4720 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/11 15:22:35.0398 4720 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/11 15:22:35.0429 4720 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/11 15:22:35.0523 4720 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/11 15:22:35.0585 4720 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/11 15:22:35.0710 4720 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/11 15:22:35.0804 4720 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/11 15:22:35.0882 4720 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/11 15:22:35.0960 4720 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/11 15:22:36.0209 4720 atikmdag (2dc63afb58a1b166cf1d1b5a9f144135) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/11 15:22:36.0459 4720 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/05/11 15:22:36.0584 4720 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/11 15:22:36.0693 4720 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/11 15:22:36.0755 4720 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/11 15:22:36.0880 4720 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/11 15:22:36.0989 4720 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/11 15:22:37.0083 4720 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/11 15:22:37.0145 4720 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/11 15:22:37.0208 4720 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/11 15:22:37.0270 4720 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/11 15:22:37.0333 4720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/11 15:22:37.0411 4720 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/11 15:22:37.0442 4720 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/11 15:22:37.0551 4720 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/11 15:22:37.0660 4720 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/11 15:22:37.0785 4720 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/11 15:22:37.0894 4720 BthPort (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/05/11 15:22:38.0003 4720 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/11 15:22:38.0097 4720 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
2011/05/11 15:22:38.0206 4720 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2011/05/11 15:22:38.0284 4720 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/11 15:22:38.0393 4720 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/11 15:22:38.0487 4720 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/11 15:22:38.0581 4720 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/11 15:22:38.0674 4720 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/11 15:22:38.0799 4720 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/11 15:22:38.0908 4720 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/11 15:22:38.0955 4720 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/11 15:22:38.0986 4720 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/11 15:22:39.0033 4720 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/11 15:22:39.0173 4720 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/11 15:22:39.0361 4720 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/11 15:22:39.0423 4720 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/11 15:22:39.0563 4720 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/05/11 15:22:39.0673 4720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/11 15:22:39.0782 4720 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/11 15:22:39.0907 4720 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/11 15:22:40.0000 4720 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/11 15:22:40.0125 4720 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/11 15:22:40.0234 4720 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/11 15:22:40.0406 4720 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/11 15:22:40.0484 4720 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/11 15:22:40.0562 4720 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/11 15:22:40.0640 4720 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/11 15:22:40.0687 4720 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/11 15:22:40.0718 4720 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/11 15:22:40.0827 4720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/11 15:22:40.0967 4720 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/11 15:22:41.0030 4720 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/11 15:22:41.0108 4720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/11 15:22:41.0248 4720 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/11 15:22:41.0357 4720 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/11 15:22:41.0451 4720 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/11 15:22:41.0498 4720 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/11 15:22:41.0560 4720 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/11 15:22:41.0607 4720 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/11 15:22:41.0716 4720 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/11 15:22:41.0779 4720 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/11 15:22:41.0872 4720 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/11 15:22:41.0966 4720 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/11 15:22:42.0013 4720 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/11 15:22:42.0106 4720 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/11 15:22:42.0200 4720 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/05/11 15:22:42.0325 4720 IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/11 15:22:42.0434 4720 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/11 15:22:42.0496 4720 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/11 15:22:42.0590 4720 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/11 15:22:42.0699 4720 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/11 15:22:42.0746 4720 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/11 15:22:42.0824 4720 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/11 15:22:42.0902 4720 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys
2011/05/11 15:22:42.0933 4720 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/11 15:22:43.0027 4720 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/11 15:22:43.0089 4720 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/11 15:22:43.0136 4720 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
2011/05/11 15:22:43.0167 4720 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/11 15:22:43.0307 4720 JMCR (dedb6cc1b166928a8f3f68def1766db0) C:\Windows\system32\DRIVERS\jmcr.sys
2011/05/11 15:22:43.0370 4720 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/11 15:22:43.0432 4720 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/11 15:22:43.0557 4720 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/11 15:22:43.0713 4720 L1E (24abddeb766c8459f9d562eb083b6cb8) C:\Windows\system32\DRIVERS\L1E60x86.sys
2011/05/11 15:22:43.0853 4720 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/05/11 15:22:43.0931 4720 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/11 15:22:44.0025 4720 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/11 15:22:44.0072 4720 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/11 15:22:44.0119 4720 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/11 15:22:44.0181 4720 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/11 15:22:44.0275 4720 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/11 15:22:44.0368 4720 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/11 15:22:44.0431 4720 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/11 15:22:44.0477 4720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/11 15:22:44.0540 4720 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/11 15:22:44.0602 4720 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/11 15:22:44.0649 4720 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/11 15:22:44.0758 4720 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/11 15:22:44.0836 4720 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/11 15:22:44.0945 4720 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/11 15:22:45.0023 4720 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/11 15:22:45.0086 4720 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/11 15:22:45.0179 4720 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/11 15:22:45.0257 4720 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/11 15:22:45.0351 4720 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/11 15:22:45.0429 4720 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/11 15:22:45.0507 4720 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/11 15:22:45.0601 4720 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/11 15:22:45.0679 4720 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/11 15:22:45.0757 4720 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/11 15:22:45.0819 4720 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/11 15:22:45.0913 4720 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/11 15:22:46.0006 4720 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/11 15:22:46.0069 4720 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/11 15:22:46.0271 4720 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/11 15:22:46.0537 4720 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/11 15:22:46.0942 4720 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/11 15:22:47.0254 4720 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/11 15:22:47.0566 4720 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/11 15:22:47.0847 4720 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/11 15:22:48.0206 4720 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/11 15:22:48.0377 4720 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/11 15:22:48.0674 4720 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/11 15:22:49.0001 4720 NETw4v32 (caaea35dae7f4c19db05481dac22c2ba) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/05/11 15:22:49.0267 4720 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/11 15:22:49.0625 4720 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/11 15:22:49.0703 4720 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/11 15:22:49.0844 4720 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/11 15:22:50.0000 4720 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/05/11 15:22:50.0140 4720 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
2011/05/11 15:22:50.0249 4720 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/11 15:22:50.0327 4720 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/11 15:22:50.0374 4720 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/11 15:22:50.0468 4720 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/11 15:22:50.0530 4720 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/11 15:22:50.0686 4720 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/11 15:22:50.0827 4720 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/11 15:22:50.0889 4720 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/11 15:22:50.0967 4720 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/11 15:22:51.0076 4720 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/05/11 15:22:51.0139 4720 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/11 15:22:51.0217 4720 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/11 15:22:51.0279 4720 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/11 15:22:51.0373 4720 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/11 15:22:51.0607 4720 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/11 15:22:51.0669 4720 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/11 15:22:51.0747 4720 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/11 15:22:51.0841 4720 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/05/11 15:22:51.0903 4720 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/05/11 15:22:51.0934 4720 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/05/11 15:22:52.0059 4720 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/11 15:22:52.0168 4720 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/11 15:22:52.0231 4720 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/11 15:22:52.0309 4720 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/11 15:22:52.0402 4720 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/11 15:22:52.0480 4720 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/11 15:22:52.0574 4720 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/11 15:22:52.0667 4720 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/11 15:22:52.0714 4720 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/11 15:22:52.0808 4720 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/11 15:22:52.0901 4720 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/11 15:22:52.0979 4720 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/11 15:22:53.0120 4720 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/11 15:22:53.0213 4720 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/11 15:22:53.0307 4720 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/11 15:22:53.0416 4720 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/11 15:22:53.0463 4720 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/11 15:22:53.0541 4720 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/11 15:22:53.0619 4720 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/11 15:22:53.0697 4720 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/11 15:22:53.0791 4720 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/11 15:22:53.0853 4720 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/11 15:22:53.0884 4720 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/11 15:22:53.0978 4720 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/11 15:22:54.0040 4720 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/11 15:22:54.0087 4720 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/11 15:22:54.0165 4720 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/11 15:22:54.0274 4720 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/11 15:22:54.0399 4720 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/11 15:22:54.0493 4720 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/11 15:22:54.0571 4720 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/11 15:22:54.0633 4720 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/11 15:22:54.0727 4720 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/11 15:22:54.0805 4720 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/11 15:22:54.0836 4720 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/11 15:22:54.0914 4720 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/11 15:22:55.0023 4720 SynTP (93d33a3a0a4516584a1394c7821bae2e) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/11 15:22:55.0148 4720 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\DRIVERS\szkg.sys
2011/05/11 15:22:55.0226 4720 szkgfs (410a02a920fa9daeec56364e839597c1) C:\Windows\system32\drivers\szkgfs.sys
2011/05/11 15:22:55.0351 4720 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/11 15:22:55.0507 4720 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/11 15:22:55.0647 4720 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/11 15:22:55.0725 4720 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/11 15:22:55.0803 4720 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/11 15:22:55.0897 4720 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/11 15:22:55.0959 4720 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/11 15:22:56.0115 4720 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/11 15:22:56.0162 4720 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/11 15:22:56.0240 4720 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/11 15:22:56.0271 4720 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/11 15:22:56.0365 4720 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/05/11 15:22:56.0474 4720 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/11 15:22:56.0630 4720 ui11rdr (363ee1db30eddead0c393c1542de4078) C:\Windows\system32\DRIVERS\ui11rdr.sys
2011/05/11 15:22:56.0692 4720 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/11 15:22:56.0739 4720 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/11 15:22:56.0833 4720 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/11 15:22:56.0879 4720 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/11 15:22:56.0926 4720 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/11 15:22:57.0145 4720 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/11 15:22:57.0223 4720 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/11 15:22:57.0316 4720 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/11 15:22:57.0379 4720 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/11 15:22:57.0457 4720 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/11 15:22:57.0550 4720 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/11 15:22:57.0613 4720 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/11 15:22:57.0675 4720 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
2011/05/11 15:22:57.0878 4720 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/11 15:22:57.0956 4720 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/11 15:22:58.0049 4720 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/11 15:22:58.0143 4720 vfs101x (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys
2011/05/11 15:22:58.0237 4720 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/11 15:22:58.0283 4720 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/11 15:22:58.0330 4720 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/11 15:22:58.0408 4720 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/11 15:22:58.0486 4720 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/11 15:22:58.0517 4720 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/11 15:22:58.0595 4720 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/11 15:22:58.0705 4720 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/11 15:22:58.0798 4720 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/11 15:22:58.0907 4720 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/11 15:22:59.0001 4720 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/11 15:22:59.0032 4720 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/11 15:22:59.0141 4720 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/11 15:22:59.0235 4720 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/11 15:22:59.0469 4720 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/11 15:22:59.0656 4720 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/11 15:22:59.0734 4720 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/11 15:22:59.0812 4720 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/11 15:22:59.0953 4720 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
2011/05/11 15:23:00.0046 4720 ================================================================================
2011/05/11 15:23:00.0046 4720 Scan finished
2011/05/11 15:23:00.0046 4720 ================================================================================

cosinus 11.05.2011 14:41
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Mia29 11.05.2011 20:15
Combofix Logfile:
Code:
ComboFix 11-05-11.01 - Perner 11.05.2011  20:34:19.1.2 - x86
ausgeführt von:: c:\users\Perner\Desktop\cofi.exe.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\users\Perner\AppData\Local\llqpuuz.dat
c:\users\Perner\AppData\Local\llqpuuz_nav.dat
c:\users\Perner\AppData\Local\llqpuuz_navps.dat
c:\users\Perner\AppData\Roaming\Desktopicon
c:\users\Perner\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Perner\AppData\Roaming\Desktopicon\uninst.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-11 bis 2011-05-11  ))))))))))))))))))))))))))))))
.
.
2011-05-11 18:52 . 2011-05-11 18:57        --------        d-----w-        c:\users\Perner\AppData\Local\temp
2011-05-11 18:26 . 2011-05-11 18:28        --------        dc----w-        C:\cofi
2011-05-11 08:05 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 18:34 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E65A42D0-1B69-4468-B2B4-D60C28C588A8}\mpengine.dll
2011-05-05 19:39 . 2011-05-05 19:39        --------        dc----w-        C:\_OTL
2011-05-03 18:49 . 2011-05-03 18:49        --------        d-----w-        c:\windows\system32\TVUAx
2011-05-01 11:11 . 2011-05-01 11:11        --------        dc----w-        C:\My Music
2011-05-01 03:23 . 2011-05-01 03:23        --------        d-----w-        c:\users\Perner\AppData\Local\Apple_Inc
2011-04-29 15:19 . 2011-04-29 15:19        --------        d-----w-        c:\program files\ERUNT
2011-04-29 14:45 . 2011-04-29 14:45        --------        d-----w-        c:\users\Perner\AppData\Roaming\Malwarebytes
2011-04-29 14:45 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 14:45 . 2011-04-29 14:45        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-29 14:45 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-28 16:19 . 2011-04-28 16:19        49664        ----a-w-        c:\program files\Internet Explorer\JSProfilerCore.dll
2011-04-27 22:39 . 2011-04-27 22:40        --------        d-----w-        c:\program files\STOPzilla!
2011-04-27 22:39 . 2011-04-27 22:39        --------        d-----w-        c:\program files\Common Files\iS3
2011-04-27 22:39 . 2011-05-11 18:55        --------        d-----w-        c:\programdata\STOPzilla!
2011-04-27 19:20 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-27 19:20 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 19:19 . 2011-03-12 21:55        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-25 16:17 . 2011-04-25 16:17        546256        ----a-r-        c:\windows\system32\SZComp5.dll
2011-04-25 16:17 . 2011-04-25 16:17        22992        ----a-r-        c:\windows\system32\SZIO5.dll
2011-04-25 16:17 . 2011-04-25 16:17        132560        ----a-r-        c:\windows\system32\IS3HTUI5.dll
2011-04-25 16:17 . 2011-04-25 16:17        99792        ----a-r-        c:\windows\system32\IS3Svc5.dll
2011-04-25 16:17 . 2011-04-25 16:17        99792        ----a-r-        c:\windows\system32\IS3Inet5.dll
2011-04-25 16:17 . 2011-04-25 16:17        67024        ----a-r-        c:\windows\system32\IS3Hks5.dll
2011-04-25 16:17 . 2011-04-25 16:17        452048        ----a-r-        c:\windows\system32\SZBase5.dll
2011-04-25 16:17 . 2011-04-25 16:17        398800        ----a-r-        c:\windows\system32\IS3DBA5.dll
2011-04-25 16:17 . 2011-04-25 16:17        28624        ----a-r-        c:\windows\system32\IS3XDat5.dll
2011-04-25 16:17 . 2011-04-25 16:17        738768        ----a-r-        c:\windows\system32\IS3Base5.dll
2011-04-25 16:17 . 2011-04-25 16:17        390608        ----a-r-        c:\windows\system32\IS3UI5.dll
2011-04-25 16:17 . 2011-04-25 16:17        230864        ----a-r-        c:\windows\system32\IS3Win325.dll
2011-04-19 21:15 . 2011-04-19 21:15        --------        d-----w-        c:\windows\system32\Adobe
2011-04-15 18:58 . 2011-02-16 14:02        292864        ----a-w-        c:\windows\system32\atmfd.dll
2011-04-15 18:58 . 2011-02-16 16:16        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-04-15 18:56 . 2011-03-03 15:42        739328        ----a-w-        c:\windows\system32\inetcomm.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 19:21 . 2009-07-17 21:07        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-03 15:40 . 2011-04-27 19:20        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 19:20        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 19:20        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 19:20        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 16:09        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 16:09        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 16:09        797696        ----a-w-        c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 17:04        1144712        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-28 809480]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-15 13:28        3024896        ----a-w-        c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Perner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Perner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Perner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Perner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-03-04 13:10        2192672        ----a-w-        c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2009-05-21 13:42        173288        ------w-        c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41        247144        ----a-w-        c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca2816452f5999;Google Update Service (gupdate1ca2816452f5999);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-28 133104]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-28 133104]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-15 43184]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2009-12-07 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2010-05-12 59280]
S1 ui11rdr;ui11rdr;c:\windows\system32\DRIVERS\ui11rdr.sys [2010-11-12 144384]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2011/01/10 13:10];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-11 16:43 87536]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 AvskeyService;AVSKey-Lock;d:\mp\AVSKey-Lock\AVSKey.exe [2007-11-05 4641634]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-16 75048]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-07-15 3474432]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-22 599344]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-22 40752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-04-28 16:19        114176        ----a-w-        c:\windows\System32\advpack.dll
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-28 19:32]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-28 19:32]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051833895-3156580812-787731633-1000Core.job
- c:\users\Perner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-27 18:07]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051833895-3156580812-787731633-1000UA.job
- c:\users\Perner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-27 18:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: &FreeRIP Search - c:\program files\FreeRIP3\Toolband.dll/MENUSEARCH.HTM
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{081230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
AddRemove-eBay Icon - c:\users\Perner\AppData\Roaming\Desktopicon\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-11 20:57
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2636)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
c:\windows\System32\ui11np.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\STOPzilla!\STOPzilla.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-11  21:05:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-11 19:05
.
Vor Suchlauf: 18 Verzeichnis(se), 54.319.824.896 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 60.913.733.632 Bytes frei
.
- - End Of File - - 2CE3518801DFD830C66C6D22321B590C
--- --- ---

cosinus 11.05.2011 21:30
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Mia29 16.05.2011 11:38
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 6920
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 165):
0x8264C000 \SystemRoot\system32\ntkrnlpa.exe
0x82619000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047F000 \SystemRoot\system32\PSHED.dll
0x80490000 \SystemRoot\system32\BOOTVID.dll
0x80498000 \SystemRoot\system32\CLFS.SYS
0x804D9000 \SystemRoot\system32\CI.dll
0x805B9000 \SystemRoot\system32\DRIVERS\szkg.sys
0x805C7000 \SystemRoot\system32\drivers\szkgfs.sys
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x80719000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80726000 \SystemRoot\system32\drivers\volmgr.sys
0x80735000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077F000 \SystemRoot\system32\drivers\intelide.sys
0x80786000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80794000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A4000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A407000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A4CF000 \SystemRoot\system32\drivers\atapi.sys
0x8A4D7000 \SystemRoot\system32\drivers\ataport.SYS
0x8A4F5000 \SystemRoot\system32\drivers\msahci.sys
0x8A4FF000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A531000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A541000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A54A000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x8A553000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A609000 \SystemRoot\system32\drivers\ndis.sys
0x8A714000 \SystemRoot\system32\drivers\msrpc.sys
0x8A73F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A806000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A916000 \SystemRoot\system32\drivers\volsnap.sys
0x8A94F000 \SystemRoot\System32\Drivers\spldr.sys
0x8A957000 \SystemRoot\System32\Drivers\mup.sys
0x8A966000 \SystemRoot\System32\drivers\ecache.sys
0x8A98D000 \SystemRoot\system32\drivers\disk.sys
0x8A99E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9BF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E8D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E8DF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E8E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E8F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EA05000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8EED4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EF74000 \SystemRoot\System32\drivers\watchdog.sys
0x8E900000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EF80000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EF8B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EFC9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EFD8000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
0x8F204000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8F47C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F480000 \SystemRoot\system32\DRIVERS\itecir.sys
0x8F4D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F4EB000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F4F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F500000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F52F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F531000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F53C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F554000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F55C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F562000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F591000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F5D2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F5F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E98D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EFE9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E9B0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E9C4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E9D9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F200000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A9D5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E9E9000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8E800000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A77A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A787000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A7BC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x807AC000 \SystemRoot\system32\drivers\HdAudio.sys
0x8A7CD000 \SystemRoot\system32\drivers\portcls.sys
0x8A5C4000 \SystemRoot\system32\drivers\drmk.sys
0x90400000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90206000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9032C000 \SystemRoot\system32\drivers\modem.sys
0x90339000 \SystemRoot\system32\DRIVERS\hidir.sys
0x90344000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90354000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9035B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90364000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9036C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90375000 \SystemRoot\System32\Drivers\Null.SYS
0x9037C000 \SystemRoot\System32\Drivers\Beep.SYS
0x90383000 \SystemRoot\System32\drivers\vga.sys
0x9038F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x903B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x903B8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x903C0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x903CB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x903D9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9080B000 \SystemRoot\System32\drivers\tcpip.sys
0x908F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90910000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90926000 \SystemRoot\system32\DRIVERS\smb.sys
0x9093A000 \SystemRoot\system32\drivers\afd.sys
0x90982000 \SystemRoot\System32\DRIVERS\netbt.sys
0x909B4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x909CA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x909D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x805D4000 \SystemRoot\System32\DRIVERS\ui11rdr.sys
0x909EB000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90C0B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90C47000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x90C4B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90C55000 \SystemRoot\System32\Drivers\dfsc.sys
0x90C6C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90C92000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90C9B000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x90C9D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90CB4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90CD5000 \SystemRoot\system32\drivers\vfs101x.sys
0x90CE2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90CEF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96450000 \SystemRoot\System32\win32k.sys
0x90DB7000 \SystemRoot\System32\drivers\Dxapi.sys
0x90DC1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96670000 \SystemRoot\System32\TSDDD.dll
0x96690000 \SystemRoot\System32\cdd.dll
0x90DD0000 \SystemRoot\system32\drivers\luafv.sys
0x90DEB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8E80A000 \SystemRoot\system32\drivers\spsys.sys
0x903E2000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x8E8BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E207000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9E231000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E23B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E24E000 \SystemRoot\system32\drivers\HTTP.sys
0x9E2BB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E2D8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E2F1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E306000 \SystemRoot\system32\drivers\mrxdav.sys
0x9E327000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E346000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E37F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E397000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9FA0B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9FA5A000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9FA9D000 \??\C:\Windows\system32\drivers\int15.sys
0x9FAA4000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9FAA9000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0x9FAC7000 \SystemRoot\system32\drivers\peauth.sys
0x9FBA5000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9FBAE000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9FBC0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FBCA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E3BF000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0x9FBD6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77060000 \Windows\System32\ntdll.dll

Processes (total 99):
0 System Idle Process
4 System
460 C:\Windows\System32\smss.exe
532 csrss.exe
592 C:\Windows\System32\wininit.exe
604 csrss.exe
636 C:\Windows\System32\services.exe
648 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
772 C:\Windows\System32\winlogon.exe
848 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\Ati2evxx.exe
1084 C:\Windows\System32\svchost.exe
1136 C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
1192 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\audiodg.exe
1296 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\SLsvc.exe
1368 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\Ati2evxx.exe
1492 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
1544 C:\Windows\System32\vfsFPService.exe
1636 C:\Windows\System32\svchost.exe
1856 C:\Windows\System32\spoolsv.exe
1880 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1900 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\agrsmsvc.exe
1260 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1604 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1704 D:\mp\AVSKey-Lock\AVSKey.EXE
1592 C:\Program Files\Bonjour\mDNSResponder.exe
1576 C:\Windows\System32\svchost.exe
304 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
632 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1376 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2056 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2088 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2240 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2272 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
2356 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2392 C:\ACER\Mobility Center\MobilityService.exe
2528 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2608 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2720 C:\Windows\System32\dwm.exe
2760 C:\Windows\System32\taskeng.exe
2788 C:\Windows\explorer.exe
2808 C:\Windows\System32\svchost.exe
2836 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2852 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2876 C:\Windows\System32\taskeng.exe
2904 C:\Windows\System32\svchost.exe
2948 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2984 C:\Windows\System32\svchost.exe
3020 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3132 C:\Windows\System32\SearchIndexer.exe
3412 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3432 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3440 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3460 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
3492 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
3508 C:\Windows\RtHDVCpl.exe
3540 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3560 C:\Windows\PLFSetI.exe
3820 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1948 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
504 unsecapp.exe
2364 WmiPrvSE.exe
3112 C:\Users\Perner\AppData\Local\temp\RtkBtMnt.exe
3744 C:\Program Files\Launch Manager\LManager.exe
1220 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
3380 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
2620 C:\Program Files\iTunes\iTunesHelper.exe
3932 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3852 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
3068 C:\Windows\ehome\ehtray.exe
3700 C:\Program Files\Windows Media Player\wmpnscfg.exe
2712 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2632 C:\Program Files\Windows Media Player\wmpnetwk.exe
3312 C:\Windows\ehome\ehmsas.exe
4600 C:\Windows\System32\svchost.exe
4816 C:\Windows\System32\wbem\unsecapp.exe
4920 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5244 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5260 C:\Program Files\iPod\bin\iPodService.exe
496 C:\Program Files\7-Zip\7zFM.exe
5256 C:\Windows\System32\wuauclt.exe
5992 C:\Program Files\Internet Explorer\iexplore.exe
5872 C:\Program Files\Internet Explorer\iexplore.exe
5084 C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
5784 C:\Windows\System32\SearchFilterHost.exe
5016 taskeng.exe
4736 C:\Windows\System32\SearchProtocolHost.exe
728 dllhost.exe
4484 dllhost.exe
4460 C:\Users\Perner\Desktop\MBRCheck.exe
4360 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`40100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001f`1c500000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC31P

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 6920
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 165):
0x8264C000 \SystemRoot\system32\ntkrnlpa.exe
0x82619000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047F000 \SystemRoot\system32\PSHED.dll
0x80490000 \SystemRoot\system32\BOOTVID.dll
0x80498000 \SystemRoot\system32\CLFS.SYS
0x804D9000 \SystemRoot\system32\CI.dll
0x805B9000 \SystemRoot\system32\DRIVERS\szkg.sys
0x805C7000 \SystemRoot\system32\drivers\szkgfs.sys
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x80719000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80726000 \SystemRoot\system32\drivers\volmgr.sys
0x80735000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077F000 \SystemRoot\system32\drivers\intelide.sys
0x80786000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80794000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A4000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A407000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A4CF000 \SystemRoot\system32\drivers\atapi.sys
0x8A4D7000 \SystemRoot\system32\drivers\ataport.SYS
0x8A4F5000 \SystemRoot\system32\drivers\msahci.sys
0x8A4FF000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A531000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A541000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A54A000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x8A553000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A609000 \SystemRoot\system32\drivers\ndis.sys
0x8A714000 \SystemRoot\system32\drivers\msrpc.sys
0x8A73F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A806000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A916000 \SystemRoot\system32\drivers\volsnap.sys
0x8A94F000 \SystemRoot\System32\Drivers\spldr.sys
0x8A957000 \SystemRoot\System32\Drivers\mup.sys
0x8A966000 \SystemRoot\System32\drivers\ecache.sys
0x8A98D000 \SystemRoot\system32\drivers\disk.sys
0x8A99E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9BF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E8D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E8DF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E8E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E8F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EA05000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8EED4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EF74000 \SystemRoot\System32\drivers\watchdog.sys
0x8E900000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EF80000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EF8B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EFC9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EFD8000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
0x8F204000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8F47C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F480000 \SystemRoot\system32\DRIVERS\itecir.sys
0x8F4D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F4EB000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F4F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F500000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F52F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F531000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F53C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F554000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F55C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F562000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F591000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F5D2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F5F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E98D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EFE9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E9B0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E9C4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E9D9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F200000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A9D5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E9E9000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8E800000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A77A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A787000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A7BC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x807AC000 \SystemRoot\system32\drivers\HdAudio.sys
0x8A7CD000 \SystemRoot\system32\drivers\portcls.sys
0x8A5C4000 \SystemRoot\system32\drivers\drmk.sys
0x90400000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90206000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9032C000 \SystemRoot\system32\drivers\modem.sys
0x90339000 \SystemRoot\system32\DRIVERS\hidir.sys
0x90344000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90354000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9035B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90364000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9036C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90375000 \SystemRoot\System32\Drivers\Null.SYS
0x9037C000 \SystemRoot\System32\Drivers\Beep.SYS
0x90383000 \SystemRoot\System32\drivers\vga.sys
0x9038F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x903B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x903B8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x903C0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x903CB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x903D9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9080B000 \SystemRoot\System32\drivers\tcpip.sys
0x908F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90910000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90926000 \SystemRoot\system32\DRIVERS\smb.sys
0x9093A000 \SystemRoot\system32\drivers\afd.sys
0x90982000 \SystemRoot\System32\DRIVERS\netbt.sys
0x909B4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x909CA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x909D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x805D4000 \SystemRoot\System32\DRIVERS\ui11rdr.sys
0x909EB000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90C0B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90C47000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x90C4B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90C55000 \SystemRoot\System32\Drivers\dfsc.sys
0x90C6C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90C92000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90C9B000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x90C9D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90CB4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90CD5000 \SystemRoot\system32\drivers\vfs101x.sys
0x90CE2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90CEF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96450000 \SystemRoot\System32\win32k.sys
0x90DB7000 \SystemRoot\System32\drivers\Dxapi.sys
0x90DC1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96670000 \SystemRoot\System32\TSDDD.dll
0x96690000 \SystemRoot\System32\cdd.dll
0x90DD0000 \SystemRoot\system32\drivers\luafv.sys
0x90DEB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8E80A000 \SystemRoot\system32\drivers\spsys.sys
0x903E2000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x8E8BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E207000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9E231000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E23B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E24E000 \SystemRoot\system32\drivers\HTTP.sys
0x9E2BB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E2D8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E2F1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E306000 \SystemRoot\system32\drivers\mrxdav.sys
0x9E327000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E346000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E37F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E397000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9FA0B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9FA5A000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9FA9D000 \??\C:\Windows\system32\drivers\int15.sys
0x9FAA4000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9FAA9000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0x9FAC7000 \SystemRoot\system32\drivers\peauth.sys
0x9FBA5000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9FBAE000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9FBC0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FBCA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E3BF000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0x9FBD6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77060000 \Windows\System32\ntdll.dll

Processes (total 99):
0 System Idle Process
4 System
460 C:\Windows\System32\smss.exe
532 csrss.exe
592 C:\Windows\System32\wininit.exe
604 csrss.exe
636 C:\Windows\System32\services.exe
648 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
772 C:\Windows\System32\winlogon.exe
848 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\Ati2evxx.exe
1084 C:\Windows\System32\svchost.exe
1136 C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
1192 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\audiodg.exe
1296 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\SLsvc.exe
1368 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\Ati2evxx.exe
1492 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
1544 C:\Windows\System32\vfsFPService.exe
1636 C:\Windows\System32\svchost.exe
1856 C:\Windows\System32\spoolsv.exe
1880 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1900 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\agrsmsvc.exe
1260 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1604 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1704 D:\mp\AVSKey-Lock\AVSKey.EXE
1592 C:\Program Files\Bonjour\mDNSResponder.exe
1576 C:\Windows\System32\svchost.exe
304 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
632 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1376 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2056 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2088 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2240 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2272 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
2356 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2392 C:\ACER\Mobility Center\MobilityService.exe
2528 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2608 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2720 C:\Windows\System32\dwm.exe
2760 C:\Windows\System32\taskeng.exe
2788 C:\Windows\explorer.exe
2808 C:\Windows\System32\svchost.exe
2836 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2852 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2876 C:\Windows\System32\taskeng.exe
2904 C:\Windows\System32\svchost.exe
2948 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2984 C:\Windows\System32\svchost.exe
3020 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3132 C:\Windows\System32\SearchIndexer.exe
3412 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3432 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3440 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3460 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
3492 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
3508 C:\Windows\RtHDVCpl.exe
3540 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3560 C:\Windows\PLFSetI.exe
3820 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1948 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
504 unsecapp.exe
2364 WmiPrvSE.exe
3112 C:\Users\Perner\AppData\Local\temp\RtkBtMnt.exe
3744 C:\Program Files\Launch Manager\LManager.exe
1220 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
3380 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
2620 C:\Program Files\iTunes\iTunesHelper.exe
3932 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3852 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
3068 C:\Windows\ehome\ehtray.exe
3700 C:\Program Files\Windows Media Player\wmpnscfg.exe
2712 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2632 C:\Program Files\Windows Media Player\wmpnetwk.exe
3312 C:\Windows\ehome\ehmsas.exe
4600 C:\Windows\System32\svchost.exe
4816 C:\Windows\System32\wbem\unsecapp.exe
4920 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5244 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5260 C:\Program Files\iPod\bin\iPodService.exe
496 C:\Program Files\7-Zip\7zFM.exe
5256 C:\Windows\System32\wuauclt.exe
5992 C:\Program Files\Internet Explorer\iexplore.exe
5872 C:\Program Files\Internet Explorer\iexplore.exe
5084 C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
5784 C:\Windows\System32\SearchFilterHost.exe
5016 taskeng.exe
4736 C:\Windows\System32\SearchProtocolHost.exe
728 dllhost.exe
4484 dllhost.exe
4460 C:\Users\Perner\Desktop\MBRCheck.exe
4360 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`40100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001f`1c500000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC31P

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

cosinus 16.05.2011 12:16
Wieso 2x mbrcheck?
Was ist mit den anderen Logs?

Mia29 16.05.2011 18:41
entschuldige, habe ich nicht mit absicht so gepostet. das gmer stürtze jedesmal ab sodass ich den pc neu starten musste.

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 12:29:13 on 16.05.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2051833895-3156580812-787731633-1000Core.job" - "Google Inc." - C:\Users\Perner\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2051833895-3156580812-787731633-1000UA.job" - "Google Inc." - C:\Users\Perner\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"int15" (int15) - "Acer, Inc." - C:\Windows\system32\drivers\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"is3srv" (is3srv) - "iS3 Inc." - C:\Windows\System32\drivers\is3srv.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"Nokia USB Generic" (nmwcdc) - ? - C:\Windows\System32\drivers\ccdcmbo.sys  (File not found)
"Nokia USB Phone Parent" (nmwcd) - ? - C:\Windows\System32\drivers\ccdcmb.sys  (File not found)
"NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
"PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys
"PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"szkg5" (szkg5) - "iS3 Inc." - C:\Windows\System32\DRIVERS\szkg.sys
"szkgfs" (szkgfs) - "iS3, Inc." - C:\Windows\System32\drivers\szkgfs.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"ui11rdr" (ui11rdr) - "1&1 Internet AG" - C:\Windows\System32\DRIVERS\ui11rdr.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
"UsbserFilt" (UsbserFilt) - ? - C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extension" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{62DF97A2-3635-4412-AE30-80B164BC88AD} "ShellContextMenuHandler Class" - "1&1 Internet AG" - C:\Program Files\1&1\1&1 Upload-Manager\SHNDLERS.DLL
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} "ContactExtractor Class" - "Facebook" - C:\Windows\Downloaded Program Files\contactx.dll / https://register.facebook.com/controls/contactx.dll
{0CCA191D-13A6-4E29-B746-314DEE697D83} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader5.ocx / hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\ImageUploader5.ocx / hxxp://www.fotokasten.de/javaapplet/ImageUploader5.cab
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\Windows\Downloaded Program Files\IPSUploader4.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10n.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{3860DD98-0549-4D50-AA72-5D17D200EE10} "Windows Live OneCare safety scanner control" - "Microsoft Corporation" - C:\Program Files\Windows Live Safety Center\wlscCtrl2.dll / hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-DE/wlscctrl2.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{77BF5300-1474-4EC7-9980-D32B190E9B07} "ClsidExtension" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
"Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} "STOPzilla Browser Helper Object" - "iS3, Inc." - C:\Program Files\STOPzilla!\SZIEBHO.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -  (File not found | COM-object registry key not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Perner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"BkupTray" - ? - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
"eDataSecurity Loader" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"1&1 SmartDrive" - "1&1 Internet AG" - C:\Windows\System32\ui11np.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"AVSKey-Lock" (AvskeyService) - ? - D:\mp\AVSKey-Lock\AVSKey.exe  (File found, but it contains no detailed information)
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"Google Update Service (gupdate1ca2816452f5999)" (gupdate1ca2816452f5999) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iGroupTec Service" (IGBASVC) - ? - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe  (File found, but it contains no detailed information)
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"STOPzilla Service" (szserver) - "iS3, Inc." - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
"Validity Fingerprint Service" (vfsFPService) - "Validity Sensors, Inc." - C:\Windows\system32\vfsFPService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

cosinus 16.05.2011 20:49
Zitat:
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19