Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Flacor.dat entdeckt (https://www.trojaner-board.de/88922-flacor-dat-entdeckt.html)

partyarti 30.07.2010 19:31
Flacor.dat entdeckt
 
hallo leute,

ich habe vor ca. 1 Woche festgestellt, dass sich der pc automatisch hunterfährt nach einem kurzen hinweis. Seit dem kam immer eine Fehlermeldung
mit der datei flacor.dat.

Nach ein wenig googeln wusste ich dann was ich mir da eingefangen hab,
daraufhin einen vollständigen scan mit malwarebytes gemacht und die
datei flacor.dat entfernt:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4370

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

30.07.2010 19:46:54
mbam-log-2010-07-30 (19-46-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 310734
Laufzeit: 1 Stunde(n), 28 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Arthur\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Users\Arthur\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Arthur\AppData\Local\Temp\services.exe (Password.Stealer) -> Quarantined and deleted successfully.
danach wie hier im Forum beschrieben OTL durchlaufen lassen:

file1
OTL Logfile:
Code:
OTL logfile created on: 30.07.2010 20:25:23 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\Arthur\Desktop\Security & PC Progs
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 80,67 Gb Free Space | 56,01% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 229,14 Gb Free Space | 76,87% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 57,28 Gb Free Space | 40,77% Space Free | Partition Type: NTFS
Drive F: | 445,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ARTHUR-NOTEBOOK
Current User Name: Arthur
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Arthur\Desktop\Security & PC Progs\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Users\Arthur\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Programme\AOL 9.0 VRa\shellmon.exe (AOL, LLC.)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Programme\AOL 9.0 VRa\waol.exe (AOL, LLC.)
PRC - C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Programme\Common Files\aol\1223197373\ee\aolsoftware.exe (America Online, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Arthur\Desktop\Security & PC Progs\OTL.exe (OldTimer Tools)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vaxscsi) -- C:\Windows\System32\Drivers\vaxscsi.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.06.13 08:35:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Firefox\components [2010.07.30 19:54:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010.07.30 19:54:02 | 000,000,000 | ---D | M]
 
[2008.10.04 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\mozilla\Extensions
[2010.07.30 18:17:16 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\u96e3y89.default\extensions
[2009.10.09 11:34:19 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\u96e3y89.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009.05.10 11:11:48 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\u96e3y89.default\extensions\bloodfire@example.com
[2009.05.10 11:11:35 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\u96e3y89.default\extensions\martin@hoerandl.com
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Arthur\AppData\Roaming\Mozilla\FireFox\Profiles\u96e3y89.default\searchplugins\conduit.xml
[2008.10.04 20:46:29 | 000,001,196 | ---- | M] () -- C:\Users\Arthur\AppData\Roaming\Mozilla\FireFox\Profiles\u96e3y89.default\searchplugins\winamp-search.xml
[2009.04.19 17:55:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (no name) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1223197373\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VRa\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.09.25 18:44:14 | 000,000,029 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{640eaecc-f6e6-11de-8114-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{640eaecc-f6e6-11de-8114-00038a000015}\Shell\AutoRun\command - "" = I:\iStudio.exe -- File not found
O33 - MountPoints2\{66e672a3-9245-11dd-9f67-001e68d94ab5}\Shell - "" = AutoRun
O33 - MountPoints2\{66e672a3-9245-11dd-9f67-001e68d94ab5}\Shell\AutoRun\command - "" = F:\Start.exe -- [2009.09.29 09:49:28 | 000,557,352 | R--- | M] (Akademische Arbeitsgemeinschaft Verlag)
O33 - MountPoints2\{7533091f-42bd-11de-925b-00038a000015}\Shell\Open\command - "" = H:\resycled\boot.com -- File not found
O33 - MountPoints2\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{e92f2883-5bd6-11de-b517-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e92f2883-5bd6-11de-b517-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.30 19:53:18 | 000,000,000 | ---D | C] -- C:\Users\Arthur\AppData\Roaming\SUPERAntiSpyware.com
[2010.07.30 19:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.07.30 19:53:13 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.07.30 19:51:55 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.07.30 18:12:24 | 000,000,000 | ---D | C] -- C:\Users\Arthur\AppData\Roaming\Malwarebytes
[2010.07.30 18:11:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.30 18:11:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.30 18:11:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.30 18:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.30 18:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.07.30 18:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.07.30 18:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.07.10 15:22:45 | 000,000,000 | ---D | C] -- C:\Users\Arthur\AppData\Roaming\temp
[2010.07.10 15:22:38 | 000,000,000 | ---D | C] -- C:\Users\Arthur\Documents\FUSSBALL MANAGER 09
[2010.07.10 14:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.07.10 13:55:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2008.07.22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.30 20:27:35 | 002,621,440 | -HS- | M] () -- C:\Users\Arthur\ntuser.dat
[2010.07.30 20:00:20 | 000,066,492 | ---- | M] () -- C:\Users\Arthur\Documents\cc_20100730_200003.reg
[2010.07.30 19:55:36 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.30 19:55:36 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.30 19:55:36 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.30 19:55:36 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.30 19:55:36 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.30 19:51:02 | 000,055,302 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.30 19:49:33 | 000,034,355 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010.07.30 19:49:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.07.30 19:49:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.30 19:49:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.30 19:49:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.30 19:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.30 19:48:51 | 3215,847,424 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.30 19:48:06 | 000,524,288 | -HS- | M] () -- C:\Users\Arthur\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.30 19:48:06 | 000,065,536 | -HS- | M] () -- C:\Users\Arthur\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.30 19:47:49 | 004,240,145 | -H-- | M] () -- C:\Users\Arthur\AppData\Local\IconCache.db
[2010.07.30 06:33:42 | 000,055,302 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.27 18:48:02 | 000,204,023 | ---- | M] () -- C:\Users\Arthur\Desktop\Unbenannt.jpg
[2010.07.26 20:31:11 | 000,021,902 | ---- | M] () -- C:\Users\Arthur\Desktop\xxx048_20100725.pdf
[2010.07.21 21:42:38 | 000,293,673 | ---- | M] () -- C:\Users\Arthur\Desktop\Booking.com_ Bestätigung.pdf
[2010.07.11 13:27:39 | 000,000,578 | ---- | M] () -- C:\Users\Arthur\Desktop\Manager09.exe - Verknüpfung.lnk
[2010.07.10 13:58:00 | 008,707,460 | ---- | M] () -- C:\Users\Arthur\Desktop\FM09DBUpdate.exe
 
========== Files Created - No Company Name ==========
 
[2010.07.30 20:00:05 | 000,066,492 | ---- | C] () -- C:\Users\Arthur\Documents\cc_20100730_200003.reg
[2010.07.27 18:48:02 | 000,204,023 | ---- | C] () -- C:\Users\Arthur\Desktop\Unbenannt.jpg
[2010.07.26 20:31:10 | 000,021,902 | ---- | C] () -- C:\Users\Arthur\Desktop\xxx048_20100725.pdf
[2010.07.21 21:42:37 | 000,293,673 | ---- | C] () -- C:\Users\Arthur\Desktop\Booking.com_ Bestätigung.pdf
[2010.07.11 13:27:39 | 000,000,578 | ---- | C] () -- C:\Users\Arthur\Desktop\Manager09.exe - Verknüpfung.lnk
[2010.07.10 13:57:09 | 008,707,460 | ---- | C] () -- C:\Users\Arthur\Desktop\FM09DBUpdate.exe
[2009.09.06 14:33:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.04.19 17:56:52 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.12.29 16:05:56 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.12.29 16:05:48 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.10.28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 20:54:51 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll
[2008.10.04 20:49:08 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.09.01 19:46:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.09.01 19:31:46 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.09.01 19:31:46 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.07.30 12:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.07.30 03:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.07.30 03:42:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.07.30 03:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:FEBEC560
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:8AB6C1D7
< End of report >
--- --- ---


file 2 OTL Logfile:
Code:
OTL Extras logfile created on: 30.07.2010 20:25:23 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\Arthur\Desktop\Security & PC Progs
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 80,67 Gb Free Space | 56,01% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 229,14 Gb Free Space | 76,87% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 57,28 Gb Free Space | 40,77% Space Free | Partition Type: NTFS
Drive F: | 445,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ARTHUR-NOTEBOOK
Current User Name: Arthur
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C1E46D-2625-4746-8E7A-9A34BF05CC6F}" = lport=137 | protocol=17 | dir=in | app=system |
"{2848F563-7516-4D3E-881A-8802EA9D09DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{295CD266-869D-4398-AFA7-DBB3FB0F143E}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B7F49A3-94A2-4ED7-A3B2-E0D93AC795C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CFF4483-BAF5-4251-B77C-C228930E6CB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{42F9DCB5-1184-4FBD-A535-51EC79B792F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4CCE8CA1-9EE1-4DBC-B63D-16E0F05191E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{7DB057F4-006C-4190-8F34-01F5DD1E0187}" = lport=139 | protocol=6 | dir=in | app=system |
"{888D8C28-500F-4088-9B1B-9745272451CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{977EA2FF-A73B-4079-88E1-2B2EB4701536}" = rport=139 | protocol=6 | dir=out | app=system |
"{B6D1C6EE-A859-4FA9-A44F-FE0DFC00D579}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C717EB99-0FB1-463F-ADF5-FC1CE7A3B15F}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF38261F-D626-4294-A3A3-9629DF867E65}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F648EC3C-F25B-4E64-9F3A-5F6640E1F99F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C35C00-55E7-4399-923E-88DFFC7CC9BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{042EBB4A-8168-42B4-947A-003AEDC24F17}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0A9C8D79-DE32-49D5-80B3-E168982CC34F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{0C604D7C-A5A6-44A8-82E7-751DFDA272FF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{12775923-6831-4EFF-95E3-BCCF4C3F1088}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{15CF8154-9AFC-45AD-AECD-BB3F4420BBD8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{1F42165D-A6C4-47A2-824F-659B7640230C}" = protocol=17 | dir=in | app=d:\spiele\ gta iv\grand theft auto iv\launchgtaiv.exe |
"{298F0918-FC31-4301-868E-95D0CE4F1D37}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2D59EDC2-4FDE-4F34-87C2-64D65F2EB82B}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{33257381-F59A-4A11-BB55-40B0CD71A025}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{34B344D6-1CAF-45C7-B386-6E2708AB3B93}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{37018BE3-B893-42FE-933D-3A4F96D8FFF6}" = protocol=6 | dir=in | app=d:\spiele\ gta iv\grand theft auto iv\rockstar games social club\rgsclauncher.exe |
"{37BF63F3-FAA3-40BD-8BD1-DE37743D0E82}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3C5D05EF-9CF8-4D9C-983E-24D7AE172113}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{3D1B06F1-E2A4-4908-847A-4E08A5D3D88A}" = protocol=17 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{400BC84F-AE4D-4546-99B1-F06E1065B085}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{40FAB121-09C0-4F4E-8C93-8472610C79CB}" = protocol=6 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{445C89F6-67CB-4D0F-BD9A-6B76213FFEF7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{4679EF93-504B-4E15-BEEF-58C073C739B1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{525C3FAE-B638-4915-8F28-12CA541AAC22}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5B05889E-4C9E-4A92-98AA-63C99F098C9E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{64E74C6C-1ACA-4673-AB97-1417DAC6128F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{705AA1B9-9D82-4DA2-8C25-523CC891AD28}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{70DDBBD2-1B7C-447E-BE81-BBB6073F4218}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{732EFC31-663D-45D9-9002-AFC4D4BCA185}" = protocol=6 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{77F7F3FD-5E57-4C91-AEE6-B1C6C07BB404}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{7A74DC89-7321-42CE-B2DB-16032ED09E48}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7F229A7D-24FC-4139-A5FE-CAE250E5BF7C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{853FD655-618C-46F3-B443-509283E271C8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8717AF46-97FC-465B-9558-1FBF757D97AA}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{89E38269-2DCA-4003-9D0F-90296A80820B}" = protocol=17 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{8C349E28-6D85-46CC-90D1-1D50D180F408}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{9491496B-D1B8-49B6-8309-C0FD869EFBE5}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{98181662-5144-4A55-9027-84A051911A42}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9B919600-2CC1-4A57-A71F-F40AD808E5A7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1223197373\ee\aolsoftware.exe |
"{9E7B9255-6368-4F39-B875-F665968F28D2}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{9F7EC11B-A21C-4D65-8CFE-B2E6C4D03C96}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{A14B209A-17C6-4248-A9FB-25FB8D0185EC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A380A5CC-72E2-47AD-A854-5EDB5947468F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A3D039F4-D0A2-4B56-A7DE-C864C15B3809}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{AB250CBC-C463-467D-801F-3A1C357649C3}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{AE7E5E8A-FE47-4891-B88C-4AA8B1B5D971}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{B2A73CFC-2A90-480E-AB62-E8BC44197986}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B728BF01-6707-420C-8DAA-05330F711B8C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BB8FCCEA-42AC-42DC-B1D8-8DC04024F54D}" = protocol=17 | dir=in | app=d:\spiele\ gta iv\grand theft auto iv\rockstar games social club\rgsclauncher.exe |
"{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{C034BA26-98FD-4664-A027-F79C168A38EA}" = protocol=17 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{C4ED8404-09A3-4C14-A19B-6F7D3B257BD5}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C58225F4-B8DD-4ADC-8D1C-13DAEF9C9126}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{C61C22C0-EB7B-4B23-8872-F112D2151410}" = protocol=6 | dir=in | app=d:\spiele\ gta iv\grand theft auto iv\launchgtaiv.exe |
"{CF2140B9-45D1-49E1-9455-8AA34070C1B8}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{DBACF3DD-4513-4CF7-842D-2411BD9D3A78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE936308-2D39-438F-87B3-42DF87741D3F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1223197373\ee\aolsoftware.exe |
"{E1CDBD55-6EEC-47D2-9F23-07D388DA8C32}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E4556682-A11A-475A-9803-C0DE5241D9B3}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{E510EA3C-A2F4-48F8-A1C0-E1DB30B71DBD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EBCBD4F1-4DA2-49FC-A71B-E88BF1D3F864}" = protocol=6 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{F273890D-11CF-4581-B907-C90BAC3D47DC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F5E316CD-8B93-446C-ACE5-C48A122E30E9}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{FC0A464F-FA6D-4EB8-A7F2-2F56F3D0963C}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{56FDB311-6511-11DE-832F-0050560400B1}" = Haufe iDesk-Browser
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C3542652-4C59-4A96-982A-06EBB3F47819}" = Steuer-Hilfesammlung 2009
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader  0.83
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection

AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"BurnAware Free_is1" = BurnAware Free 2.3.0
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"PhotoScape" = PhotoScape
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinGimp-2.0_is1" = GIMP 2.6.6
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2010 12:58:29 | Computer Name = Arthur-Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2010 12:58:40 | Computer Name = Arthur-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 21.07.2010 13:01:53 | Computer Name = Arthur-Notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager09.exe, Version 1.2.0.0, Zeitstempel
0x498842bc, fehlerhaftes Modul Manager09.exe, Version 1.2.0.0, Zeitstempel 0x498842bc,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00bd0163,  Prozess-ID 0x12a0, Anwendungsstartzeit
 01cb28f602be929d.
 
Error - 21.07.2010 13:02:33 | Computer Name = Arthur-Notebook | Source = Application Hang | ID = 1002
Description = Programm Manager09.exe, Version 1.2.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 12a0  Anfangszeit: 01cb28f602be929d  Zeitpunkt der Beendigung:
 187
 
Error - 21.07.2010 13:04:20 | Computer Name = Arthur-Notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager09.exe, Version 1.2.0.0, Zeitstempel
0x498842bc, fehlerhaftes Modul Manager09.exe, Version 1.2.0.0, Zeitstempel 0x498842bc,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00bd0163,  Prozess-ID 0xbb4, Anwendungsstartzeit
 01cb28f6849b5aad.
 
Error - 21.07.2010 13:04:39 | Computer Name = Arthur-Notebook | Source = Application Hang | ID = 1002
Description = Programm Manager09.exe, Version 1.2.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: bb4  Anfangszeit: 01cb28f6849b5aad  Zeitpunkt der Beendigung:
 157
 
Error - 21.07.2010 16:34:41 | Computer Name = Arthur-Notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager09.exe, Version 1.2.0.0, Zeitstempel
0x498842bc, fehlerhaftes Modul Manager09.exe, Version 1.2.0.0, Zeitstempel 0x498842bc,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00bd0163,  Prozess-ID 0xf0c, Anwendungsstartzeit
 01cb290fbc108d7d.
 
Error - 21.07.2010 16:35:01 | Computer Name = Arthur-Notebook | Source = Application Hang | ID = 1002
Description = Programm Manager09.exe, Version 1.2.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: f0c  Anfangszeit: 01cb290fbc108d7d  Zeitpunkt der Beendigung:
 477
 
Error - 22.07.2010 12:19:34 | Computer Name = Arthur-Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 22.07.2010 12:22:59 | Computer Name = Arthur-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 29.07.2010 14:02:15 | Computer Name = Arthur-Notebook | Source = Service Control Manager | ID = 7031
Description =
 
Error - 29.07.2010 14:02:15 | Computer Name = Arthur-Notebook | Source = Service Control Manager | ID = 7031
Description =
 
Error - 29.07.2010 14:02:15 | Computer Name = Arthur-Notebook | Source = Service Control Manager | ID = 7031
Description =
 
Error - 29.07.2010 14:02:15 | Computer Name = Arthur-Notebook | Source = Service Control Manager | ID = 7031
Description =
 
Error - 29.07.2010 14:02:52 | Computer Name = Arthur-Notebook | Source = Service Control Manager | ID = 7032
Description =
 
Error - 30.07.2010 00:11:29 | Computer Name = Arthur-Notebook | Source = HTTP | ID = 15016
Description =
 
Error - 30.07.2010 11:58:19 | Computer Name = Arthur-Notebook | Source = HTTP | ID = 15016
Description =
 
Error - 30.07.2010 12:50:52 | Computer Name = Arthur-Notebook | Source = bowser | ID = 8003
Description =
 
Error - 30.07.2010 13:49:08 | Computer Name = Arthur-Notebook | Source = HTTP | ID = 15016
Description =
 
Error - 30.07.2010 14:01:58 | Computer Name = Arthur-Notebook | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
 
< End of report >
--- --- ---



superantisyware hat nichts mehr gefunden, cc-cleaner hab ich auch durchlaufen lassen, passwörter habe ich alle geändert... kann ich jetzt beruigt weitersurfen oder muss ich mir noch sorgen machen???

ich bedanke mich schonmal für die antworten kann erst am montag wieder antworten da ich morgen übers we weg fahre...

grüße Arthur

cosinus 31.07.2010 16:04
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O33 - MountPoints2\{640eaecc-f6e6-11de-8114-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{640eaecc-f6e6-11de-8114-00038a000015}\Shell\AutoRun\command - "" = I:\iStudio.exe -- File not found
O33 - MountPoints2\{66e672a3-9245-11dd-9f67-001e68d94ab5}\Shell - "" = AutoRun
O33 - MountPoints2\{66e672a3-9245-11dd-9f67-001e68d94ab5}\Shell\AutoRun\command - "" = F:\Start.exe -- [2009.09.29 09:49:28 | 000,557,352 | R--- | M] (Akademische Arbeitsgemeinschaft Verlag)
O33 - MountPoints2\{7533091f-42bd-11de-925b-00038a000015}\Shell\Open\command - "" = H:\resycled\boot.com -- File not found
O33 - MountPoints2\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{e92f2883-5bd6-11de-b517-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e92f2883-5bd6-11de-b517-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:FEBEC560
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:8AB6C1D7
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

partyarti 02.08.2010 14:16
hab ich wie beschrieben gemacht, hier das logfile:

PHP-Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640eaecc-f6e6-11de-8114-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640eaecc-f6e6-11de-8114-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640eaecc-f6e6-11de-8114-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640eaecc-f6e6-11de-8114-00038a000015}\ not found.
File I:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66e672a3-9245-11dd-9f67-001e68d94ab5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66e672a3-9245-11dd-9f67-001e68d94ab5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66e672a3-9245-11dd-9f67-001e68d94ab5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66e672a3-9245-11dd-9f67-001e68d94ab5}\ not found.
File move failedF:\Start.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7533091f-42bd-11de-925b-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7533091f-42bd-11de-925b-00038a000015}\ not found.
File H:\resycled\boot.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e92f2883-5bd6-11de-b517-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e92f2883-5bd6-11de-b517-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e92f2883-5bd6-11de-b517-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e92f2883-5bd6-11de-b517-00038a000015}\ not found.
File I:\LaunchU3.exe not found.
ADS C:\ProgramData\Temp:FEBEC560 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:8AB6C1D7 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
UserAll Users
 
UserArthur
->Temp folder emptied21786768 bytes
->Temporary Internet Files folder emptied433042 bytes
->Java cache emptied56988026 bytes
->FireFox cache emptied75220640 bytes
->Flash cache emptied3356 bytes
 
User: Default
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
 
User: Default User
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
 
User: Public
 
%systemdrive% .tmp files removed0 bytes
%systemroot% .tmp files removed0 bytes
%systemroot%\System32 .tmp files removed0 bytes
%systemroot%\System32\drivers .tmp files removed0 bytes
Windows Temp folder emptied3908 bytes
RecycleBin emptied0 bytes
 
Total Files Cleaned 147,00 mb
 
 
OTL by OldTimer Version 3.2.9.1 log created on 08022010_141912

Files\Folders moved on Reboot...
File\Folder F:\Start.exe not found!

Registry entries deleted on Reboot... 
ist jetzt das sytem wieder sicher????

cosinus 03.08.2010 10:45
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:[indent]Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

partyarti 03.08.2010 18:46
hallo,

hab combofix nun wie beschrieben ausgeführt hier das file:

Combofix Logfile:
Code:
ComboFix 10-08-02.03 - Arthur 03.08.2010  19:20:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.3066.2187 [GMT 2:00]
ausgeführt von:: c:\users\Arthur\Desktop\cofi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe4865.dll
c:\users\Arthur\AppData\Roaming\.#
c:\users\Arthur\AppData\Roaming\Desktopicon

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-03 bis 2010-08-03  ))))))))))))))))))))))))))))))
.

2010-08-02 12:59 . 2009-09-04 15:29        453456        ----a-w-        c:\windows\system32\d3dx10_42.dll
2010-08-02 12:59 . 2009-09-04 15:29        1892184        ----a-w-        c:\windows\system32\D3DX9_42.dll
2010-08-02 12:43 . 2010-04-14 17:47        293376        ----a-w-        c:\windows\system32\psisdecd.dll
2010-08-02 12:43 . 2010-04-14 17:46        428544        ----a-w-        c:\windows\system32\EncDec.dll
2010-08-02 12:37 . 2010-02-12 10:48        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2010-08-02 12:26 . 2008-06-20 01:14        105016        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-08-02 12:26 . 2008-06-20 01:14        97800        ----a-w-        c:\windows\system32\infocardapi.dll
2010-08-02 12:26 . 2008-06-20 01:14        781344        ----a-w-        c:\windows\system32\PresentationNative_v0300.dll
2010-08-02 12:26 . 2008-06-20 01:14        43544        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-08-02 12:26 . 2008-06-20 01:14        11264        ----a-w-        c:\windows\system32\icardres.dll
2010-08-02 12:26 . 2008-06-20 01:14        622080        ----a-w-        c:\windows\system32\icardagt.exe
2010-08-02 12:26 . 2008-06-20 01:14        326160        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-08-02 12:22 . 2008-07-27 18:03        96760        ----a-w-        c:\windows\system32\dfshim.dll
2010-08-02 12:22 . 2008-07-27 18:03        41984        ----a-w-        c:\windows\system32\netfxperf.dll
2010-08-02 12:22 . 2008-07-27 18:03        282112        ----a-w-        c:\windows\system32\mscoree.dll
2010-08-02 12:22 . 2008-07-27 18:03        158720        ----a-w-        c:\windows\system32\mscorier.dll
2010-08-02 12:22 . 2008-07-27 18:03        83968        ----a-w-        c:\windows\system32\mscories.dll
2010-08-02 12:21 . 2010-02-20 23:39        24064        ----a-w-        c:\windows\system32\nshhttp.dll
2010-08-02 12:21 . 2010-02-20 23:37        31232        ----a-w-        c:\windows\system32\httpapi.dll
2010-08-02 12:21 . 2010-02-20 21:18        411136        ----a-w-        c:\windows\system32\drivers\http.sys
2010-08-02 12:19 . 2010-08-02 12:19        --------        d-----w-        C:\_OTL
2010-07-30 19:37 . 2009-09-10 17:30        213504        ----a-w-        c:\windows\system32\msv1_0.dll
2010-07-30 19:36 . 2008-06-06 03:27        562176        ----a-w-        c:\windows\system32\msdtcprx.dll
2010-07-30 19:35 . 2009-03-03 04:40        499200        ----a-w-        c:\windows\system32\wbem\WmiPrvSD.dll
2010-07-30 19:34 . 2008-06-23 01:59        996352        ----a-w-        c:\windows\system32\WMNetMgr.dll
2010-07-30 19:26 . 2010-05-21 12:14        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-07-30 19:22 . 2009-12-23 12:43        171520        ----a-w-        c:\windows\system32\wintrust.dll
2010-07-30 19:21 . 2010-01-15 00:04        98304        ----a-w-        c:\windows\system32\cabview.dll
2010-07-30 19:14 . 2008-05-26 09:54        81704        ----a-w-        c:\windows\system32\drivers\WSVD.sys
2010-07-30 19:10 . 2009-08-07 02:24        44768        ----a-w-        c:\windows\system32\wups2.dll
2010-07-30 19:10 . 2009-08-07 02:24        53472        ----a-w-        c:\windows\system32\wuauclt.exe
2010-07-30 19:10 . 2009-08-07 02:23        1929952        ----a-w-        c:\windows\system32\wuaueng.dll
2010-07-30 19:10 . 2009-08-07 01:45        2421760        ----a-w-        c:\windows\system32\wucltux.dll
2010-07-30 19:02 . 2009-08-07 02:24        35552        ----a-w-        c:\windows\system32\wups.dll
2010-07-30 19:02 . 2009-08-07 02:23        575704        ----a-w-        c:\windows\system32\wuapi.dll
2010-07-30 19:02 . 2009-08-07 01:44        87552        ----a-w-        c:\windows\system32\wudriver.dll
2010-07-30 18:56 . 2009-08-06 17:23        171608        ----a-w-        c:\windows\system32\wuwebv.dll
2010-07-30 18:56 . 2009-08-06 16:44        33792        ----a-w-        c:\windows\system32\wuapp.exe
2010-07-30 18:36 . 2010-07-30 18:36        109624        ---ha-w-        c:\windows\system32\mlfcache.dat
2010-07-30 17:53 . 2010-07-30 17:53        63488        ----a-w-        c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 17:53 . 2010-07-30 17:53        52224        ----a-w-        c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 17:53 . 2010-07-30 17:53        117760        ----a-w-        c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-30 17:53 . 2010-07-30 17:53        --------        d-----w-        c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com
2010-07-30 17:53 . 2010-07-30 17:53        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2010-07-30 17:53 . 2010-07-30 17:53        --------        d-----w-        c:\program files\SUPERAntiSpyware
2010-07-30 17:51 . 2010-07-30 17:52        --------        d-----w-        c:\program files\CCleaner
2010-07-30 16:12 . 2010-07-30 16:12        --------        d-----w-        c:\users\Arthur\AppData\Roaming\Malwarebytes
2010-07-30 16:11 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 16:11 . 2010-07-30 16:11        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-07-30 16:11 . 2010-07-30 16:11        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-30 16:11 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-07-30 16:05 . 2010-07-30 16:07        --------        d-----w-        c:\programdata\Norton
2010-07-30 16:05 . 2010-07-30 16:05        --------        d-----w-        c:\programdata\Symantec
2010-07-30 16:05 . 2010-07-30 16:05        --------        d-----w-        c:\programdata\NortonInstaller
2010-07-30 04:24 . 2010-07-30 04:24        84054        ----a-w-        c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-30 04:22 . 2010-07-30 04:22        54153        ----a-w-        c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-30 04:16 . 2010-07-30 04:16        144696        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-10 12:21 . 2010-07-10 12:21        --------        d-----w-        c:\programdata\Electronic Arts
2010-07-10 11:55 . 2008-07-12 06:18        3851784        ----a-w-        c:\windows\system32\D3DX9_39.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 17:24 . 2010-08-03 17:24        --------        d-----w-        c:\programdata\WindowsSearch
2010-08-03 17:24 . 2008-01-21 07:15        618442        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-03 17:24 . 2008-01-21 07:15        122842        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-02 15:12 . 2008-10-07 19:31        55302        ----a-w-        c:\programdata\nvModes.dat
2010-08-02 13:14 . 2009-05-07 16:01        78752        ----a-w-        c:\users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-02 13:07 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-08-02 12:34 . 2008-07-30 02:19        --------        d-----w-        c:\program files\Microsoft Works
2010-07-31 05:40 . 2009-03-29 16:33        --------        d-----w-        c:\program files\Azureus
2010-07-31 05:35 . 2008-07-30 01:43        --------        d-----w-        c:\programdata\McAfee
2010-07-30 18:59 . 2008-10-25 13:00        8268        ----a-w-        c:\users\Arthur\AppData\Local\d3d9caps.dat
2010-07-30 17:54 . 2008-10-04 15:58        --------        d-----w-        c:\program files\Firefox
2010-07-30 04:24 . 2010-06-10 09:02        --------        d-----w-        c:\programdata\DivX
2010-07-30 04:23 . 2009-10-08 08:44        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2010-07-30 04:22 . 2009-01-24 13:18        --------        d-----w-        c:\program files\DivX
2010-07-28 17:38 . 2009-05-10 09:37        1        ----a-w-        c:\users\Arthur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-27 17:28 . 2009-03-29 16:43        --------        d-----w-        c:\users\Arthur\AppData\Roaming\Azureus
2010-06-23 17:10 . 2010-06-23 16:50        --------        d-----w-        c:\users\Arthur\AppData\Roaming\Audacity
2010-06-23 17:01 . 2010-06-23 17:01        --------        d-----w-        c:\program files\Lame for Audacity
2010-06-23 16:50 . 2010-06-23 16:50        --------        d-----w-        c:\program files\Audacity 1.3 Beta (Unicode)
2010-06-17 18:12 . 2010-06-11 13:18        --------        d-----w-        c:\program files\iTunes
2010-06-17 18:11 . 2010-06-17 18:11        --------        d-----w-        c:\program files\iPod
2010-06-17 18:11 . 2010-06-11 13:15        --------        d-----w-        c:\program files\Common Files\Apple
2010-06-17 18:07 . 2010-06-17 18:07        --------        d-----w-        c:\program files\Bonjour
2010-06-17 18:03 . 2010-06-17 18:03        72504        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-12 06:58 . 2010-06-11 13:19        --------        d-----w-        c:\users\Arthur\AppData\Roaming\Apple Computer
2010-06-11 13:19 . 2010-06-11 13:18        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-11 13:18 . 2010-06-11 13:17        --------        d-----w-        c:\programdata\Apple Computer
2010-06-11 13:18 . 2010-06-11 13:17        --------        d-----w-        c:\program files\QuickTime
2010-06-11 13:17 . 2010-06-11 13:17        --------        d-----w-        c:\program files\Apple Software Update
2010-06-11 13:17 . 2010-06-11 13:15        --------        d-----w-        c:\programdata\Apple
2010-06-10 09:08 . 2010-06-10 09:08        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-10 09:08 . 2009-10-08 08:44        --------        d-----w-        c:\program files\Common Files\DivX Shared
2010-06-10 09:08 . 2010-06-10 09:08        56765        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-10 09:08 . 2010-06-10 09:08        56997        ----a-w-        c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-10 09:07 . 2010-06-10 09:07        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe
2010-06-10 09:07 . 2009-10-20 14:06        --------        d-----w-        c:\users\Arthur\AppData\Roaming\DivX
2010-06-10 09:06 . 2010-06-10 09:06        57054        ----a-w-        c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06        54166        ----a-w-        c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06        57532        ----a-w-        c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06        56458        ----a-w-        c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06        54174        ----a-w-        c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06        54128        ----a-w-        c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06        54644        ----a-w-        c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06        57409        ----a-w-        c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06        54101        ----a-w-        c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-10 09:05 . 2010-06-10 09:05        52963        ----a-w-        c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-10 09:05 . 2010-06-10 09:05        54073        ----a-w-        c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-06-10 09:05 . 2010-06-10 09:05        56969        ----a-w-        c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-06-10 09:02 . 2010-06-10 09:08        1062184        ----a-w-        c:\programdata\DivX\Setup\Resource.dll
2010-06-10 09:02 . 2010-06-10 09:08        895256        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-26 16:16 . 2010-07-30 19:36        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-07-30 19:36        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-18 14:35 . 2010-05-18 14:35        91424        ----a-w-        c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35        107808        ----a-w-        c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45        2355224        ----a-w-        c:\program files\Winload\tbWinl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
2008-08-14 13:57        2484224        ----a-w-        c:\users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224]

[HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 68856]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-09-01 3676160]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-01 30192]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"HostManager"="c:\program files\Common Files\AOL\1223197373\ee\AOLSoftware.exe" [2006-09-26 50736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-09-01 17:46        3197952        ----a-w-        c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24        567560        ----a-w-        c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-01 30192]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 vaxscsi;vaxscsi;c:\windows\System32\Drivers\vaxscsi.sys [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-05-26 81704]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-01-17 717296]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-09-01 42608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-11 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-09-01 3602432]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\u96e3y89.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX Richtlinien ----
c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-Winamp Toolbar for Firefox - c:\users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\u96e3y89.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe



**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3747233088-3331940985-2413091596-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,63,fe,43,2c,ab,80,86,ec,1f,ef,d8,62,8b,f7,be,4d,13,9c,db,4d,
  3a,3f,d2,62,94,b2,db,65,af,96,85,5b,72,3c,de,b0,25,fd,ab,d1,f9,bc,c7,a5,b6,\
"rkeysecu"=hex:ca,c1,c2,c0,b5,34,10,25,d7,1f,9c,d5,07,0e,95,d4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(1248)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-03  19:39:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-03 17:39

Vor Suchlauf: 13 Verzeichnis(se), 83.569.094.656 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 83.206.361.088 Bytes frei

- - End Of File - - F5516F84436EA8CCB0C86D08B1C211AF
--- --- ---

cosinus 05.08.2010 14:45
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

partyarti 05.08.2010 18:49
hallo,

habe die programme wie beschrieben ausgeführt:

gmer:

GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-05 19:02:10
Windows 6.0.6001 Service Pack 1
Running: 0zq0crd2.exe; Driver: C:\Users\Arthur\AppData\Local\Temp\pwdyypoc.sys


---- System - GMER 1.0.15 ----

SSDT            9CCCD104                                                                                                                                            ZwCreateThread
SSDT            9CCCD0F0                                                                                                                                            ZwOpenProcess
SSDT            9CCCD0F5                                                                                                                                            ZwOpenThread
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS                                                                                                  ZwTerminateProcess [0x8FB97620]

INT 0x62        ?                                                                                                                                                    87226F00
INT 0x72        ?                                                                                                                                                    87226F00
INT 0x82        ?                                                                                                                                                    87226F00
INT 0x92        ?                                                                                                                                                    8552BBF8
INT 0x92        ?                                                                                                                                                    87226F00
INT 0x92        ?                                                                                                                                                    87226F00
INT 0x92        ?                                                                                                                                                    87226F00
INT 0x92        ?                                                                                                                                                    8552BBF8
INT 0xB1        ?                                                                                                                                                    85526BF8
INT 0xB1        ?                                                                                                                                                    85526BF8
INT 0xB2        ?                                                                                                                                                    87226F00

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetTimerEx + 454                                                                                                                      82304B18 4 Bytes  [04, D1, CC, 9C] {ADD AL, 0xd1; INT 3 ; PUSHF }
.text          ntkrnlpa.exe!KeSetTimerEx + 624                                                                                                                      82304CE8 4 Bytes  [F0, D0, CC, 9C]
.text          ntkrnlpa.exe!KeSetTimerEx + 640                                                                                                                      82304D04 4 Bytes  [F5, D0, CC, 9C] {CMC ; ROR AH, 0x1; PUSHF }
.text          ntkrnlpa.exe!KeSetTimerEx + 854                                                                                                                      82304F18 4 Bytes  [20, 76, B9, 8F]
?              System32\Drivers\spct.sys                                                                                                                            Das System kann den angegebenen Pfad nicht finden. !
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                                            section is writeable [0x8E406340, 0x3EDF57, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                                                                8E32B46F 5 Bytes  JMP 872264E0
.text          apoyoixh.SYS                                                                                                                                        8E36F000 22 Bytes  [26, 02, 22, 82, 10, 01, 22, ...]
.text          apoyoixh.SYS                                                                                                                                        8E36F017 181 Bytes  [00, 32, 07, 7A, 80, 3D, 05, ...]
.text          apoyoixh.SYS                                                                                                                                        8E36F0CE 10 Bytes  [00, 00, 00, 00, 00, 00, 6D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INSD ; POPF ; SCASB ; DEC EAX}
.text          apoyoixh.SYS                                                                                                                                        8E36F0DA 12 Bytes  [00, 00, 02, 00, 00, 00, 26, ...]
.text          apoyoixh.SYS                                                                                                                                        8E36F0E7 714 Bytes  [00, F0, 0E, 00, 00, 00, 00, ...]
.text          ...                                                                                                                                                 
?              System32\Drivers\a6bwcglr.SYS                                                                                                                        Das System kann den angegebenen Pfad nicht finden. !
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                              section is writeable [0x9E8F4300, 0x3ACC8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                              section is writeable [0x9E948300, 0x1B7E, 0xE8000020]
                C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                                entry point in "" section [0xA1D4341C]
.clc            C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                                unknown last code section [0xA1D44000, 0x1000, 0xE0000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                            [806976D2] \SystemRoot\System32\Drivers\spct.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                            [80697040] \SystemRoot\System32\Drivers\spct.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                                    [806977FC] \SystemRoot\System32\Drivers\spct.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                                                            [806970BE] \SystemRoot\System32\Drivers\spct.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                                      [8069713C] \SystemRoot\System32\Drivers\spct.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [806A7048] \SystemRoot\System32\Drivers\spct.sys
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortNotification]                                                                          009E840F
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortWritePortUchar]                                                                        8B660000
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortWritePortUlong]                                                                        89662448
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                                    4D8BE84D
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                          02C183E8
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                                  EA4D8966
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                          0320488B
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortStallExecution]                                                                        08458DC8
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortGetParentBusType]                                                                      8D575750
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortRequestCallback]                                                                        6850F045
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                                  B0020000
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                                  50E8458D
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortCompleteRequest]                                                                        4FBC35FF
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortMoveMemory]                                                                            4D898E39
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                              45C757EC
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                                000001F0
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                                  E5FEE800
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortReadPortUshort]                                                                        C73B0001
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                                  C8A14675
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortInitialize]                                                                            6A8E394F
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                          9A888D52
IAT            \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                                      83000000

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                              [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                [740D88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                [741198A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                            [740DB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                      [740CFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                [740D7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                              [740CEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                                  [7410B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                    [740DBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                            [740D074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                              [740D06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                              [740C71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                      [7415D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                          [740F7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                            [740CE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                      [740C697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                      [740C69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                        [740D2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                          [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                              [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                                        [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT            C:\Windows\Explorer.EXE[4080] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                          [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                              8552D1F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                                                855291F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                                    84C2D1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                                    84C2D1F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                                    84C2D1F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                                                    872531F8
Device          \Driver\sptd \Device\485419675                                                                                                                      spct.sys
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                                    84C2D1F8
Device          \Driver\sptd \Device\485263674                                                                                                                      spct.sys
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                                                    84C2D1F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                                                    84C2D1F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                              855291F8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                                                    872531F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                              855291F8
Device          \Driver\cdrom \Device\CdRom0                                                                                                                        84C2C1F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{5747541B-3A87-418D-9B4D-541579DA0947}                                                                            8FF8D1F8
Device          \Driver\cdrom \Device\CdRom1                                                                                                                        84C2C1F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                              855291F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                                                  [8A2DAA60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                                                        [8A2DAA60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                                                        [8A2DAA60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-2                                                                                                        [8A2DAA60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                                              855291F8
Device          \Driver\volmgr \Device\HarddiskVolume5                                                                                                              855291F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                                                              8FF8D1F8
Device          \Driver\Smb \Device\NetbiosSmb                                                                                                                      8FFFD1F8
Device          \Driver\PCI_PNP9660 \Device\0000005b                                                                                                                spct.sys
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                                                  872761F8
Device          \Driver\PCI_PNP9660 \Device\0000005c                                                                                                                spct.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                                    84C2D1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                                    84C2D1F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                                    84C2D1F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                                                    872531F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                                                    84C2D1F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                                                    84C2D1F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                                                    84C2D1F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                                                    872531F8
Device          \Driver\a6bwcglr \Device\Scsi\a6bwcglr1                                                                                                              873A71F8
Device          \Driver\apoyoixh \Device\Scsi\apoyoixh1                                                                                                              873961F8
Device          \Driver\a6bwcglr \Device\Scsi\a6bwcglr1Port3Path0Target0Lun0                                                                                        873A71F8
Device          \FileSystem\cdfs \Cdfs                                                                                                                              8719D1F8

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                  -461787858
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                  -521647997
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                  2
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                  C:\Program Files\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                              0x6D 0x5C 0x31 0x40 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                      0x55 0x17 0xE7 0x84 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                  C:\Program Files\DAEMON Tools\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                              0x68 0x96 0x7B 0xAD ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                      0xF0 0xA9 0x9D 0xE6 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                0x8A 0x98 0xF6 0x9F ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                      C:\Program Files\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                      1
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                  0x6D 0x5C 0x31 0x40 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                          0x55 0x17 0xE7 0x84 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                      C:\Program Files\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                  0x68 0x96 0x7B 0xAD ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                          0xF0 0xA9 0x9D 0xE6 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                    0x8A 0x98 0xF6 0x9F ...

---- Files - GMER 1.0.15 ----

File            C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenrootstorelock.dat                                                                                  0 bytes
File            C:\Windows\Microsoft.NET\ngenservice_pri3_lock.dat                                                                                                  0 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---


osam:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:26:05 on 05.08.2010
OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
AppInit DLLs
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
|||| "AppInit_DLLs" "Google" C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll File exists
Control Panel Objects
%SystemRoot%\system32
|| "DivXControlPanelApplet.cpl" "DivX, Inc." C:\Windows\system32\DivXControlPanelApplet.cpl File exists
|||||| "PhysX.cpl" "NVIDIA Corporation" C:\Windows\system32\PhysX.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
"a7dnvet2" (a7dnvet2) C:\Windows\system32\drivers\a7dnvet2.sys Hidden registry entry, rootkit activity | File not found
|||||| "AlfaFF File System mini-filter" (AlfaFF) "Alfa Corporation" C:\Windows\System32\Drivers\AlfaFF.sys File exists
|||||| "at7i08x0" (at7i08x0) "Microsoft Corporation" C:\Windows\system32\drivers\at7i08x0.sys Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "atksgt" (atksgt) C:\Windows\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information
|||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists
"catchme" (catchme) C:\cofi\catchme.sys File not found
|||||| "int15" (int15) C:\Windows\system32\drivers\int15.sys File found, but it contains no detailed information
"IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found
"IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
"IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
|||||| "lirsgt" (lirsgt) C:\Windows\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information
|||||| "NTIPPKernel" (NTIPPKernel) "Cyberlink Corp." C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys File exists
"ntnzl" (ntnzl) C:\Windows\system32\drivers\ntnzl.sys File not found
|||||| "PSDFilter" (PSDFilter) "Egis Incorporated" C:\Windows\System32\DRIVERS\psdfilter.sys File exists
|||||| "PSDNServ" (PSDNServ) "Egis Incorporated" C:\Windows\System32\DRIVERS\PSDNServ.sys File exists
|||||| "PSDVdisk" (psdvdisk) "Egis Incorporated" C:\Windows\System32\DRIVERS\PSDVdisk.sys File exists
|||||| "SASDIFSV" (SASDIFSV) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File exists
|||||| "SASKUTIL" (SASKUTIL) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
|||||| "UBHelper" (UBHelper) "NewTech Infosystems Corporation" C:\Windows\system32\drivers\UBHelper.sys File exists
|||||| "Upper Class Filter Driver" (NTIDrvr) "NewTech Infosystems, Inc." C:\Windows\System32\DRIVERS\NTIDrvr.sys File exists
"vaxscsi" (vaxscsi) C:\Windows\System32\Drivers\vaxscsi.sys File not found
|||||| "WSVD" (WSVD) "CyberLink" C:\Windows\system32\drivers\WSVD.sys File exists
|||||| "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) "Cyberlink Corp." C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl File exists
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||| {B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" "Google Inc." C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File exists
HKLM\Software\Classes\Protocols\Handler
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
|||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
|||||| {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" "Egis Inc." C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll File exists
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" epm-po.dll File not found
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
|||||| {8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" "Arachnoid Biometrics Identification Group Corp." C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll File exists
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists
{00020d75-0000-0000-c000-000000000046} "lnkfile" File not found | COM-object registry key not found
|||||| {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" "Microsoft Corporation" C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists
{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "ShellPlusContextMenu" File not found | COM-object registry key not found
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Program Files\WinRAR\rarext.dll File found, but it contains no detailed information
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists
"ITBar7Layout" File not found | COM-object registry key not found
|||| "Toolbar fuer eBay" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists
|||| "Winamp Toolbar" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
|||| {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} "Winamp Search Class" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists
|| {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_20.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||||| "Quick-Launching Area" C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||||| "Acer eDataSecurity Management" "Egis Incorporated." C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll File exists
|||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists
|||| "Toolbar fuer eBay" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists
|||| {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists
|| {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File exists
|||| {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" "Google Inc." C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File exists
|||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
|||||| {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" "Egis" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll File exists
|||| {AA61DE26-FA67-4575-9033-918671094293} "TBSB03968 Class" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists
|||| {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists
|| {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" File not found | COM-object registry key not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" File not found | COM-object registry key not found
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "AlcoholAutomount" "Alcohol Soft Development Team" "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount File exists
|||| "Orb" "Orb Networks" "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background File exists
|||||| "SUPERAntiSpyware" "SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File exists
|||| "swg" "Google Inc." "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File exists
|||| "ArcadeDeluxeAgent" "CyberLink Corp." "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" File exists
|||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||||| "BkupTray" "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" File exists
|||| "CLMLServer" "CyberLink" "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" File exists
|||| "DAEMON Tools" "DT Soft Ltd." "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 File exists
|| "DivXUpdate" "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File exists
|||| "eAudio" "Acer Incorporated" "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" File exists
|||||| "eDataSecurity Loader" "Egis Incorporated" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe File exists
|||||| "ePower_DMC" "Acer Inc." C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe File exists
|||| "Google Desktop Search" "Google" "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File exists
|||| "HostManager" "America Online, Inc." C:\Program Files\Common Files\AOL\1223197373\ee\AOLSoftware.exe File exists
|||| "IAAnotif" "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File exists
|||| "iTunesHelper" "Apple Inc." "C:\Program Files\iTunes\iTunesHelper.exe" File exists
|||| "LexwareInfoService" "Lexware GmbH & Co. KG" C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart File exists
|||| "LManager" "Dritek System Inc." C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE File exists
|||||| "Malwarebytes Anti-Malware (reboot)" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File exists
|||| "PlayMovie" "Acer Corp." "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" File exists
|| "PLFSetI" C:\Windows\PLFSetI.exe File exists
|||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists
|||| "WarReg_PopUp" "Acer Incorporated" C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe File exists
|||| "WinampAgent" "C:\Program Files\Winamp\winampa.exe" File found, but it contains no detailed information
|||| "ZPdtWzdVitaKey MC3000" "Arachnoid Biometrics Identification Group Corp." "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "PDFCreator" C:\Windows\system32\pdfcmnnt.dll File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "AOL Connectivity Service" (AOL ACS) "AOL LLC" C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe File exists
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists
|||||| "CLHNService" (CLHNService) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe File exists
|||||| "Cyberlink RichVideo Service(CRVS)" (RichVideo) C:\Program Files\Cyberlink\Shared files\RichVideo.exe File exists
|||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists
|||||| "eDataSecurity Service" (eDataSecurity Service) "Egis Incorporated" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe File exists
|||||| "Empowering Technology Service" (ETService) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe File exists
|||||| "FLEXnet Licensing Service" (FLEXnet Licensing Service) "Macrovision Europe Ltd." C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File exists
|||| "Google Desktop Manager 5.9.911.3589" (GoogleDesktopManager-110309-193829) "Google" C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||||| "iGroupTec Service" (IGBASVC) C:\Program Files\Acer\Acer Bio Protection\BASVC.exe File found, but it contains no detailed information
|||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe File exists
|||||| "Intel(R) Matrix Storage Event Monitor" (IAANTMON) "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists
|||||| "LightScribeService Direct Disc Labeling Service" (LightScribeService) "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LSSrvc.exe File exists
|||||| "MobilityService" (MobilityService) C:\Acer\Mobility Center\MobilityService.exe File exists
|||||| "NMSAccessU" (NMSAccessU) C:\Program Files\CDBurnerXP\NMSAccessU.exe File found, but it contains no detailed information
|||||| "NTI Backup Now 5 Agent Service" (BUNAgentSvc) "NewTech Infosystems, Inc." C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe File exists
|||||| "NTI Backup Now 5 Backup Service" (NTIBackupSvc) "NewTech InfoSystems, Inc." C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe File exists
|||||| "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe File found, but it contains no detailed information
|||||| "Raw Socket Service" (RS_Service) "Acer Incorporated" C:\Program Files\Acer\Acer VCM\RS_Service.exe File exists
|| "Sony Ericsson OMSI download service" (OMSI download service) C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe File found, but it contains no detailed information
|||||| "StarWind AE Service" (StarWindServiceAE) "Rocket Division Software" C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe File exists
Winlogon
HKCU\Control Panel\Desktop
"SCRNSAVE.EXE" C:\Windows\System32\acer.scr File found, but it contains no detailed information
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
|||||| "AWinNotifyVitaKey MC3000" "Arachnoid Biometrics Identification Group Corp." C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll File exists
|||||| "spba" "UPEK Inc." C:\Program Files\Common Files\SPBA\homefus2.dll File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und

HTML-Code:
<c> 2009 e Sage Lab
www.esagelab.com

Program Version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1<build 6
001>, 32-bit

System volume is \\.\C:
\\.\C: → \\.\PhysicalDrive0 at offset 0x0000002'80100000
Boot sector MD5 is: 01d49f97fbbd6be24690f16caeaf20b8

          Size            Divice Name                  MBR Status
          298 GB    \\.\PhysicalDrive0            Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done:
Press any key to quit...

cosinus 05.08.2010 18:56
Zitat:
"ntnzl" (ntnzl) C:\Windows\system32\drivers\ntnzl.sys File not found
Bitte mit OSAM deaktivieren und löschen (delete from storage). Erstell ein neues Log und poste es, den OnlineScan bracuhst Du mit OSAM aber nicht zu machen.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

partyarti 05.08.2010 19:10
löschen erledigt...

OSAM:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:07:22 on 05.08.2010
OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
AppInit DLLs
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
|||| "AppInit_DLLs" "Google" C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll File exists
Control Panel Objects
%SystemRoot%\system32
|| "DivXControlPanelApplet.cpl" "DivX, Inc." C:\Windows\system32\DivXControlPanelApplet.cpl File exists
|||||| "PhysX.cpl" "NVIDIA Corporation" C:\Windows\system32\PhysX.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
"a7dnvet2" (a7dnvet2) C:\Windows\system32\drivers\a7dnvet2.sys Hidden registry entry, rootkit activity | File not found
|||||| "AlfaFF File System mini-filter" (AlfaFF) "Alfa Corporation" C:\Windows\System32\Drivers\AlfaFF.sys File exists
|||||| "at7i08x0" (at7i08x0) "Microsoft Corporation" C:\Windows\system32\drivers\at7i08x0.sys Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "atksgt" (atksgt) C:\Windows\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information
|||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists
"catchme" (catchme) C:\cofi\catchme.sys File not found
|||||| "int15" (int15) C:\Windows\system32\drivers\int15.sys File found, but it contains no detailed information
"IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found
"IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
"IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
|||||| "lirsgt" (lirsgt) C:\Windows\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information
|||||| "NTIPPKernel" (NTIPPKernel) "Cyberlink Corp." C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys File exists
|||||| "PSDFilter" (PSDFilter) "Egis Incorporated" C:\Windows\System32\DRIVERS\psdfilter.sys File exists
|||||| "PSDNServ" (PSDNServ) "Egis Incorporated" C:\Windows\System32\DRIVERS\PSDNServ.sys File exists
|||||| "PSDVdisk" (psdvdisk) "Egis Incorporated" C:\Windows\System32\DRIVERS\PSDVdisk.sys File exists
|||||| "SASDIFSV" (SASDIFSV) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File exists
|||||| "SASKUTIL" (SASKUTIL) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
|||||| "UBHelper" (UBHelper) "NewTech Infosystems Corporation" C:\Windows\system32\drivers\UBHelper.sys File exists
|||||| "Upper Class Filter Driver" (NTIDrvr) "NewTech Infosystems, Inc." C:\Windows\System32\DRIVERS\NTIDrvr.sys File exists
"vaxscsi" (vaxscsi) C:\Windows\System32\Drivers\vaxscsi.sys File not found
|||||| "WSVD" (WSVD) "CyberLink" C:\Windows\system32\drivers\WSVD.sys File exists
|||||| "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) "Cyberlink Corp." C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl File exists
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||| {B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" "Google Inc." C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File exists
HKLM\Software\Classes\Protocols\Handler
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
|||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
|||||| {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" "Egis Inc." C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll File exists
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" epm-po.dll File not found
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
|||||| {8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" "Arachnoid Biometrics Identification Group Corp." C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll File exists
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists
{00020d75-0000-0000-c000-000000000046} "lnkfile" File not found | COM-object registry key not found
|||||| {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" "Microsoft Corporation" C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists
{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "ShellPlusContextMenu" File not found | COM-object registry key not found
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Program Files\WinRAR\rarext.dll File found, but it contains no detailed information
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists
"ITBar7Layout" File not found | COM-object registry key not found
|||| "Toolbar fuer eBay" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists
|||| "Winamp Toolbar" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
|||| {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} "Winamp Search Class" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists
|| {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_20.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||||| "Quick-Launching Area" C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||||| "Acer eDataSecurity Management" "Egis Incorporated." C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll File exists
|||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists
|||| "Toolbar fuer eBay" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists
|||| {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists
|| {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File exists
|||| {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" "Google Inc." C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File exists
|||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
|||||| {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" "Egis" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll File exists
|||| {AA61DE26-FA67-4575-9033-918671094293} "TBSB03968 Class" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists
|||| {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists
|| {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" File not found | COM-object registry key not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" File not found | COM-object registry key not found
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "AlcoholAutomount" "Alcohol Soft Development Team" "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount File exists
|||| "Orb" "Orb Networks" "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background File exists
|||||| "SUPERAntiSpyware" "SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File exists
|||| "swg" "Google Inc." "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File exists
|||| "ArcadeDeluxeAgent" "CyberLink Corp." "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" File exists
|||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||||| "BkupTray" "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" File exists
|||| "CLMLServer" "CyberLink" "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" File exists
|||| "DAEMON Tools" "DT Soft Ltd." "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 File exists
|| "DivXUpdate" "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File exists
|||| "eAudio" "Acer Incorporated" "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" File exists
|||||| "eDataSecurity Loader" "Egis Incorporated" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe File exists
|||||| "ePower_DMC" "Acer Inc." C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe File exists
|||| "Google Desktop Search" "Google" "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File exists
|||| "HostManager" "America Online, Inc." C:\Program Files\Common Files\AOL\1223197373\ee\AOLSoftware.exe File exists
|||| "IAAnotif" "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File exists
|||| "iTunesHelper" "Apple Inc." "C:\Program Files\iTunes\iTunesHelper.exe" File exists
|||| "LexwareInfoService" "Lexware GmbH & Co. KG" C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart File exists
|||| "LManager" "Dritek System Inc." C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE File exists
|||||| "Malwarebytes Anti-Malware (reboot)" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File exists
|||| "PlayMovie" "Acer Corp." "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" File exists
|| "PLFSetI" C:\Windows\PLFSetI.exe File exists
|||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists
|||| "WarReg_PopUp" "Acer Incorporated" C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe File exists
|||| "WinampAgent" "C:\Program Files\Winamp\winampa.exe" File found, but it contains no detailed information
|||| "ZPdtWzdVitaKey MC3000" "Arachnoid Biometrics Identification Group Corp." "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "PDFCreator" C:\Windows\system32\pdfcmnnt.dll File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "AOL Connectivity Service" (AOL ACS) "AOL LLC" C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe File exists
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists
|||||| "CLHNService" (CLHNService) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe File exists
|||||| "Cyberlink RichVideo Service(CRVS)" (RichVideo) C:\Program Files\Cyberlink\Shared files\RichVideo.exe File exists
|||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists
|||||| "eDataSecurity Service" (eDataSecurity Service) "Egis Incorporated" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe File exists
|||||| "Empowering Technology Service" (ETService) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe File exists
|||||| "FLEXnet Licensing Service" (FLEXnet Licensing Service) "Macrovision Europe Ltd." C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File exists
|||| "Google Desktop Manager 5.9.911.3589" (GoogleDesktopManager-110309-193829) "Google" C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||||| "iGroupTec Service" (IGBASVC) C:\Program Files\Acer\Acer Bio Protection\BASVC.exe File found, but it contains no detailed information
|||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe File exists
|||||| "Intel(R) Matrix Storage Event Monitor" (IAANTMON) "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists
|||||| "LightScribeService Direct Disc Labeling Service" (LightScribeService) "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LSSrvc.exe File exists
|||||| "MobilityService" (MobilityService) C:\Acer\Mobility Center\MobilityService.exe File exists
|||||| "NMSAccessU" (NMSAccessU) C:\Program Files\CDBurnerXP\NMSAccessU.exe File found, but it contains no detailed information
|||||| "NTI Backup Now 5 Agent Service" (BUNAgentSvc) "NewTech Infosystems, Inc." C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe File exists
|||||| "NTI Backup Now 5 Backup Service" (NTIBackupSvc) "NewTech InfoSystems, Inc." C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe File exists
|||||| "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe File found, but it contains no detailed information
|||||| "Raw Socket Service" (RS_Service) "Acer Incorporated" C:\Program Files\Acer\Acer VCM\RS_Service.exe File exists
|| "Sony Ericsson OMSI download service" (OMSI download service) C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe File found, but it contains no detailed information
|||||| "StarWind AE Service" (StarWindServiceAE) "Rocket Division Software" C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe File exists
Winlogon
HKCU\Control Panel\Desktop
"SCRNSAVE.EXE" C:\Windows\System32\acer.scr File found, but it contains no detailed information
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
|||||| "AWinNotifyVitaKey MC3000" "Arachnoid Biometrics Identification Group Corp." C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll File exists
|||||| "spba" "UPEK Inc." C:\Program Files\Common Files\SPBA\homefus2.dll File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


und MBR check

HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:        Acer, Inc.
BIOS Manufacturer:                Acer
System Manufacturer:                Acer, inc.
System Product Name:                Aspire 6930G
Logical Drives Mask:                0x0000007c

Kernel Drivers (total 171):
  0x82206000 \SystemRoot\system32\ntkrnlpa.exe
  0x825BF000 \SystemRoot\system32\hal.dll
  0x8040C000 \SystemRoot\system32\kdcom.dll
  0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80474000 \SystemRoot\system32\PSHED.dll
  0x80485000 \SystemRoot\system32\BOOTVID.dll
  0x8048D000 \SystemRoot\system32\CLFS.SYS
  0x804CE000 \SystemRoot\system32\CI.dll
  0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068F000 \SystemRoot\System32\Drivers\spkg.sys
  0x8078F000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x80798000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x805AE000 \SystemRoot\system32\drivers\acpi.sys
  0x807BE000 \SystemRoot\system32\drivers\msisadrv.sys
  0x807C6000 \SystemRoot\system32\drivers\pci.sys
  0x807ED000 \SystemRoot\System32\drivers\partmgr.sys
  0x807FC000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x805F4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A20B000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A21A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A264000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A274000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x8A27C000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A355000 \SystemRoot\system32\drivers\atapi.sys
  0x8A35D000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A37B000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A3AD000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A3BD000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x8A3C6000 \SystemRoot\system32\Drivers\AlfaFF.sys
  0x8A40B000 \SystemRoot\system32\Drivers\ksecdd.sys
  0x8A47C000 \SystemRoot\system32\drivers\ndis.sys
  0x8A587000 \SystemRoot\system32\drivers\msrpc.sys
  0x8A5B2000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A602000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A711000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A74A000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A752000 \SystemRoot\System32\Drivers\mup.sys
  0x8A761000 \SystemRoot\System32\drivers\ecache.sys
  0x8A788000 \SystemRoot\system32\drivers\disk.sys
  0x8A799000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A7BA000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8E6DC000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8E6E7000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8E6F0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8E6F4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8F001000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8F734000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F7D3000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F7E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8E6FD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8F7EB000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8E73B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F801000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x8FB88000 \SystemRoot\system32\DRIVERS\winbondcir.sys
  0x8FB9D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8FBB0000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8FBBA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8FBC5000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8FBF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8E74D000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8E758000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8FBF7000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8F7FA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8E770000 \SystemRoot\System32\Drivers\at7i08x0.SYS
  0x8E7A6000 \SystemRoot\System32\Drivers\a7dnvet2.SYS
  0x8E7F0000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8A7D0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8EA08000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8EA49000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8EA54000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8EA6B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8EA76000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8EA99000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8EAA8000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8EABC000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8EAD1000 \SystemRoot\system32\DRIVERS\wanatw4.sys
  0x8EAD7000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8EAE7000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0x8EAED000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8EAEF000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8EB19000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8EB27000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8EB31000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8EB3E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8EB72000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8FC0C000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8FE14000 \SystemRoot\system32\drivers\portcls.sys
  0x8FE41000 \SystemRoot\system32\drivers\drmk.sys
  0x8FE66000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8FEA3000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8EC00000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8ECB5000 \SystemRoot\system32\drivers\modem.sys
  0x8ECC2000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x8ECD0000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x8ECDB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8ECEB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8ECF2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8ECFB000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8ED03000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x8ED16000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8ED1F000 \SystemRoot\System32\Drivers\Null.SYS
  0x8ED26000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8ED2D000 \SystemRoot\System32\drivers\vga.sys
  0x8ED39000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8ED5A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8ED62000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8ED6A000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8ED75000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8ED83000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x90E09000 \SystemRoot\System32\drivers\tcpip.sys
  0x90EF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x90F0D000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x90F23000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90F37000 \SystemRoot\system32\drivers\afd.sys
  0x90F7F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x90F96000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90FC8000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90FDE000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8ED8C000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8ED9A000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x90E00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8EDAD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x8EDCF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x8FFA5000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8EDD5000 \SystemRoot\System32\Drivers\tcusb.sys
  0x8EDE0000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8FFE1000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8EB83000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x90E06000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8EDEA000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8EB9F000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x8EDF3000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8E600000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x98470000 \SystemRoot\System32\win32k.sys
  0x8FC00000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8EBB5000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x98690000 \SystemRoot\System32\TSDDD.dll
  0x986B0000 \SystemRoot\System32\cdd.dll
  0x8EBC4000 \SystemRoot\system32\drivers\luafv.sys
  0x8EBDF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9E208000 \SystemRoot\system32\drivers\spsys.sys
  0x9E2B7000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0x9E2C9000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9E2D9000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9E303000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9E30D000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9E320000 \SystemRoot\system32\drivers\HTTP.sys
  0x9E38D000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9E3AA000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9E3C3000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9E3D8000 \SystemRoot\system32\drivers\mrxdav.sys
  0x8A3CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA0007000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA0040000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA0058000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA007F000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA00CD000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA0110000 \??\C:\Windows\system32\drivers\int15.sys
  0xA0121000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA0126000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA012A000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
  0xA3005000 \SystemRoot\system32\drivers\peauth.sys
  0xA30E3000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0xA30EC000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0xA30FE000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA3108000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA3114000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA311C000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
  0x77C40000 \Windows\System32\ntdll.dll
  0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

Processes (total 96):
      0 System Idle Process
      4 System
    496 C:\Windows\System32\smss.exe
    636 csrss.exe
    688 C:\Windows\System32\wininit.exe
    700 csrss.exe
    732 C:\Windows\System32\services.exe
    744 C:\Windows\System32\lsass.exe
    752 C:\Windows\System32\lsm.exe
    920 C:\Windows\System32\svchost.exe
    984 C:\Windows\System32\nvvsvc.exe
    1012 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\svchost.exe
    1204 C:\Windows\System32\audiodg.exe
    1240 C:\Windows\System32\winlogon.exe
    1268 C:\Windows\System32\SLsvc.exe
    1348 C:\Windows\System32\svchost.exe
    1452 C:\Windows\System32\svchost.exe
    1692 C:\Windows\System32\rundll32.exe
    1752 C:\Windows\System32\spoolsv.exe
    1780 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1832 C:\Windows\System32\svchost.exe
    584 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    640 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    804 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    816 C:\Program Files\Bonjour\mDNSResponder.exe
    1132 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    1196 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    1424 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    1476 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    1808 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2052 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    2120 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2148 C:\ACER\Mobility Center\MobilityService.exe
    2192 C:\Program Files\CDBurnerXP\NMSAccessU.exe
    2216 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2272 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2296 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    2328 C:\Windows\System32\svchost.exe
    2364 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    2392 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    2428 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    2456 C:\Windows\System32\svchost.exe
    2488 C:\Windows\System32\svchost.exe
    2508 C:\Windows\System32\SearchIndexer.exe
    2608 C:\Windows\System32\drivers\XAudio.exe
    2736 C:\Windows\System32\taskeng.exe
    2916 WmiPrvSE.exe
    3264 C:\Program Files\Common Files\SPBA\upeksvr.exe
    3428 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    3844 C:\Windows\System32\taskeng.exe
    3928 C:\Windows\System32\dwm.exe
    3988 C:\Windows\explorer.exe
    1984 C:\Program Files\Windows Defender\MSASCui.exe
    2132 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    812 C:\Windows\RtHDVCpl.exe
    2848 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2956 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    2836 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    616 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    2260 C:\Windows\System32\rundll32.exe
    2204 C:\Windows\PLFSetI.exe
    4044 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
    3688 C:\Program Files\Launch Manager\QtZgAcer.EXE
    1816 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    3716 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    2896 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    2640 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    3884 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    996 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    2940 C:\Program Files\Winamp\winampa.exe
    4092 C:\Program Files\DAEMON Tools\daemon.exe
    4076 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
    3288 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3304 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3188 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3232 C:\Program Files\iTunes\iTunesHelper.exe
    3328 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3824 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3900 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    4136 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4652 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    4824 C:\Windows\System32\wbem\unsecapp.exe
    5832 C:\Program Files\iPod\bin\iPodService.exe
    2568 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5076 C:\Program Files\Firefox\firefox.exe
    5428 C:\Windows\System32\wuauclt.exe
    2092 C:\Windows\System32\conime.exe
    3660 C:\Windows\System32\SearchProtocolHost.exe
    5000 C:\Windows\System32\SearchFilterHost.exe
    4040 dllhost.exe
    2888 dllhost.exe
    3416 C:\Users\Arthur\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
    298 GB  \\.\PhysicalDrive1  Unknown MBR code
            SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 05.08.2010 19:48
Lösche bitte die vorhandenen MBRCheck.txt.

Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): x
  • PLease select the MBR code to write to this drive: x
Die rot eingerahmten Zahlen aus der Anleitung entnehmen!!! => Die zweite rot eingerahmte Zahl muss bei Dir 3 sein für Vista!

http://img831.imageshack.us/img831/5659/mbr.jpg
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu auf.
Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten

partyarti 06.08.2010 17:34
schonmal vielen dank für die antworten... hab alles wie beschrieben gemacht
nur dass 3 textdokumente auf dem desktop waren...hier die logs:

HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:        Acer, Inc.
BIOS Manufacturer:                Acer
System Manufacturer:                Acer, inc.
System Product Name:                Aspire 6930G
Logical Drives Mask:                0x0000007c

Kernel Drivers (total 171):
  0x82205000 \SystemRoot\system32\ntkrnlpa.exe
  0x825BE000 \SystemRoot\system32\hal.dll
  0x8040E000 \SystemRoot\system32\kdcom.dll
  0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80476000 \SystemRoot\system32\PSHED.dll
  0x80487000 \SystemRoot\system32\BOOTVID.dll
  0x8048F000 \SystemRoot\system32\CLFS.SYS
  0x804D0000 \SystemRoot\system32\CI.dll
  0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80689000 \SystemRoot\System32\Drivers\spdw.sys
  0x80789000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x80792000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x807B8000 \SystemRoot\system32\drivers\acpi.sys
  0x805B0000 \SystemRoot\system32\drivers\msisadrv.sys
  0x805B8000 \SystemRoot\system32\drivers\pci.sys
  0x805DF000 \SystemRoot\System32\drivers\partmgr.sys
  0x805EE000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x805F1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A20A000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A219000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A263000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A273000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x8A27B000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A354000 \SystemRoot\system32\drivers\atapi.sys
  0x8A35C000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A37A000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A3AC000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A3BC000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x8A3C5000 \SystemRoot\system32\Drivers\AlfaFF.sys
  0x8A409000 \SystemRoot\system32\Drivers\ksecdd.sys
  0x8A47A000 \SystemRoot\system32\drivers\ndis.sys
  0x8A585000 \SystemRoot\system32\drivers\msrpc.sys
  0x8A5B0000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A60E000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A71D000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A756000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A75E000 \SystemRoot\System32\Drivers\mup.sys
  0x8A76D000 \SystemRoot\System32\drivers\ecache.sys
  0x8A794000 \SystemRoot\system32\drivers\disk.sys
  0x8A7A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A7C6000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8E2E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8E2EE000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8E2F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8E2FB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8E400000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8EB33000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8EBD2000 \SystemRoot\System32\drivers\watchdog.sys
  0x8EBDF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8E304000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8EBEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8E342000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8EE0B000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x8F192000 \SystemRoot\system32\DRIVERS\winbondcir.sys
  0x8F1A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F1BA000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8F1C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F1CF000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8EE00000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8E354000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8E35F000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8EE02000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8EBF9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8E377000 \SystemRoot\System32\Drivers\a2wh6emv.SYS
  0x8E3AD000 \SystemRoot\System32\Drivers\a8h1tey4.SYS
  0x8A7DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8A3CE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8EC0F000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8EC50000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8EC5B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8EC72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8EC7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8ECA0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8ECAF000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8ECC3000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8ECD8000 \SystemRoot\system32\DRIVERS\wanatw4.sys
  0x8ECDE000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8ECEE000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0x8ECF4000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8ECF6000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8ED20000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8ED2E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8ED38000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8ED45000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8ED79000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8F20F000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F417000 \SystemRoot\system32\drivers\portcls.sys
  0x8F444000 \SystemRoot\system32\drivers\drmk.sys
  0x8F469000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8F4A6000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8F601000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8F6B6000 \SystemRoot\system32\drivers\modem.sys
  0x8F6C3000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x8F6D1000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x8F6DC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8F6EC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8F6F3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8F6FC000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8F704000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8F70D000 \SystemRoot\System32\Drivers\Null.SYS
  0x8F714000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8F71B000 \SystemRoot\System32\drivers\vga.sys
  0x8F727000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8F748000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x8F75B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8F763000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8F76B000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8F776000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8F784000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9040C000 \SystemRoot\System32\drivers\tcpip.sys
  0x904F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x90510000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x90519000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x9052F000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90543000 \SystemRoot\system32\drivers\afd.sys
  0x9058B000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x905BD000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x905D3000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x905E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x905F4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8F78D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x905FA000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x8F7AF000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90400000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F5A8000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8F5BF000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x9040A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8F5DB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8ED8A000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8F7EB000 \SystemRoot\System32\Drivers\tcusb.sys
  0x8EDAB000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x8F5F2000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8E200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x98030000 \SystemRoot\System32\win32k.sys
  0x8F7F6000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8F200000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x98250000 \SystemRoot\System32\TSDDD.dll
  0x98270000 \SystemRoot\System32\cdd.dll
  0x8EDC1000 \SystemRoot\system32\drivers\luafv.sys
  0x8EDDC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9D000000 \SystemRoot\system32\drivers\spsys.sys
  0x9D0AF000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0x9D0C1000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9D0D1000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9D0FB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9D105000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9D118000 \SystemRoot\system32\drivers\HTTP.sys
  0x9D185000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9D1A2000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9D1BB000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9D1D0000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9EC0A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9EC29000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9EC62000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9EC7A000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9ECA1000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9ECEF000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x9ED32000 \??\C:\Windows\system32\drivers\int15.sys
  0x9ED43000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0x9ED48000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0x9ED4C000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
  0xA2603000 \SystemRoot\system32\drivers\peauth.sys
  0xA26E1000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0xA26EA000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0xA26FC000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA2706000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA2712000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA271A000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
  0x77210000 \Windows\System32\ntdll.dll
  0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

Processes (total 101):
      0 System Idle Process
      4 System
    544 C:\Windows\System32\smss.exe
    624 csrss.exe
    676 C:\Windows\System32\wininit.exe
    688 csrss.exe
    720 C:\Windows\System32\services.exe
    736 C:\Windows\System32\lsass.exe
    744 C:\Windows\System32\lsm.exe
    904 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\nvvsvc.exe
    996 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\audiodg.exe
    1240 C:\Windows\System32\SLsvc.exe
    1304 C:\Windows\servicing\TrustedInstaller.exe
    1320 C:\Windows\System32\svchost.exe
    1384 C:\Windows\System32\winlogon.exe
    1468 C:\Windows\System32\svchost.exe
    1636 C:\Windows\System32\spoolsv.exe
    1660 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1672 C:\Windows\System32\svchost.exe
    1876 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1888 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    1908 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1932 C:\Program Files\Bonjour\mDNSResponder.exe
    1952 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    1980 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    2024 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    976 C:\Windows\System32\rundll32.exe
    1272 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    2200 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2240 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    2300 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2320 C:\ACER\Mobility Center\MobilityService.exe
    2364 C:\Program Files\CDBurnerXP\NMSAccessU.exe
    2376 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2412 C:\Windows\System32\taskeng.exe
    2480 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2508 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    2548 C:\Windows\System32\svchost.exe
    2576 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    2592 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    2664 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    2676 C:\Windows\System32\svchost.exe
    2708 C:\Windows\System32\svchost.exe
    2772 C:\Windows\System32\SearchIndexer.exe
    2840 C:\Windows\System32\drivers\XAudio.exe
    3092 WmiPrvSE.exe
    3244 C:\Program Files\Common Files\SPBA\upeksvr.exe
    3396 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    3780 C:\Windows\System32\dwm.exe
    3816 C:\Windows\System32\taskeng.exe
    3908 C:\Windows\explorer.exe
    3992 C:\Program Files\Windows Defender\MSASCui.exe
    4008 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    4028 C:\Windows\RtHDVCpl.exe
    4076 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    4092 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    2116 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    2352 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    2520 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    2616 C:\Windows\System32\rundll32.exe
    2572 C:\Windows\PLFSetI.exe
    3792 C:\Program Files\Launch Manager\QtZgAcer.EXE
    2804 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    3796 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    3968 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    332 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    356 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    388 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    3300 C:\Program Files\Winamp\winampa.exe
    352 C:\Program Files\DAEMON Tools\daemon.exe
    372 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
    2264 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3260 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4036 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3144 C:\Program Files\iTunes\iTunesHelper.exe
    3376 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3356 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
    2040 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3148 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    4152 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4604 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    4828 C:\Windows\System32\wbem\unsecapp.exe
    5220 C:\Program Files\iPod\bin\iPodService.exe
    5292 C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
    5820 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5880 C:\Program Files\Firefox\firefox.exe
    5952 C:\Windows\System32\SearchProtocolHost.exe
    5964 C:\Windows\System32\SearchFilterHost.exe
    1996 C:\Program Files\Avira\AntiVir Desktop\update.exe
    5324 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    4648 C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
    3028 dllhost.exe
    5576 dllhost.exe
    5604 C:\Users\Arthur\Desktop\MBRCheck.exe
    3360 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
    298 GB  \\.\PhysicalDrive1  Unknown MBR code
            SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): -1

Done!
HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:        Acer, Inc.
BIOS Manufacturer:                Acer
System Manufacturer:                Acer, inc.
System Product Name:                Aspire 6930G
Logical Drives Mask:                0x0000007c

Kernel Drivers (total 171):
  0x82205000 \SystemRoot\system32\ntkrnlpa.exe
  0x825BE000 \SystemRoot\system32\hal.dll
  0x8040E000 \SystemRoot\system32\kdcom.dll
  0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80476000 \SystemRoot\system32\PSHED.dll
  0x80487000 \SystemRoot\system32\BOOTVID.dll
  0x8048F000 \SystemRoot\system32\CLFS.SYS
  0x804D0000 \SystemRoot\system32\CI.dll
  0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80689000 \SystemRoot\System32\Drivers\spdw.sys
  0x80789000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x80792000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x807B8000 \SystemRoot\system32\drivers\acpi.sys
  0x805B0000 \SystemRoot\system32\drivers\msisadrv.sys
  0x805B8000 \SystemRoot\system32\drivers\pci.sys
  0x805DF000 \SystemRoot\System32\drivers\partmgr.sys
  0x805EE000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x805F1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A20A000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A219000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A263000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A273000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x8A27B000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A354000 \SystemRoot\system32\drivers\atapi.sys
  0x8A35C000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A37A000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A3AC000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A3BC000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x8A3C5000 \SystemRoot\system32\Drivers\AlfaFF.sys
  0x8A409000 \SystemRoot\system32\Drivers\ksecdd.sys
  0x8A47A000 \SystemRoot\system32\drivers\ndis.sys
  0x8A585000 \SystemRoot\system32\drivers\msrpc.sys
  0x8A5B0000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A60E000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A71D000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A756000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A75E000 \SystemRoot\System32\Drivers\mup.sys
  0x8A76D000 \SystemRoot\System32\drivers\ecache.sys
  0x8A794000 \SystemRoot\system32\drivers\disk.sys
  0x8A7A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A7C6000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8E2E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8E2EE000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8E2F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8E2FB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8E400000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8EB33000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8EBD2000 \SystemRoot\System32\drivers\watchdog.sys
  0x8EBDF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8E304000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8EBEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8E342000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8EE0B000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x8F192000 \SystemRoot\system32\DRIVERS\winbondcir.sys
  0x8F1A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F1BA000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8F1C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F1CF000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8EE00000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8E354000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8E35F000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8EE02000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8EBF9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8E377000 \SystemRoot\System32\Drivers\a2wh6emv.SYS
  0x8E3AD000 \SystemRoot\System32\Drivers\a8h1tey4.SYS
  0x8A7DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8A3CE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8EC0F000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8EC50000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8EC5B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8EC72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8EC7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8ECA0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8ECAF000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8ECC3000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8ECD8000 \SystemRoot\system32\DRIVERS\wanatw4.sys
  0x8ECDE000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8ECEE000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0x8ECF4000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8ECF6000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8ED20000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8ED2E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8ED38000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8ED45000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8ED79000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8F20F000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F417000 \SystemRoot\system32\drivers\portcls.sys
  0x8F444000 \SystemRoot\system32\drivers\drmk.sys
  0x8F469000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8F4A6000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8F601000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8F6B6000 \SystemRoot\system32\drivers\modem.sys
  0x8F6C3000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x8F6D1000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x8F6DC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8F6EC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8F6F3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8F6FC000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8F704000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8F70D000 \SystemRoot\System32\Drivers\Null.SYS
  0x8F714000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8F71B000 \SystemRoot\System32\drivers\vga.sys
  0x8F727000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8F748000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x8F75B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8F763000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8F76B000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8F776000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8F784000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9040C000 \SystemRoot\System32\drivers\tcpip.sys
  0x904F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x90510000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x90519000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x9052F000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90543000 \SystemRoot\system32\drivers\afd.sys
  0x9058B000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x905BD000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x905D3000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x905E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x905F4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8F78D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x905FA000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x8F7AF000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90400000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F5A8000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8F5BF000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x9040A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8F5DB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8ED8A000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8F7EB000 \SystemRoot\System32\Drivers\tcusb.sys
  0x8EDAB000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x8F5F2000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8E200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x98030000 \SystemRoot\System32\win32k.sys
  0x8F7F6000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8F200000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x98250000 \SystemRoot\System32\TSDDD.dll
  0x98270000 \SystemRoot\System32\cdd.dll
  0x8EDC1000 \SystemRoot\system32\drivers\luafv.sys
  0x8EDDC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9D000000 \SystemRoot\system32\drivers\spsys.sys
  0x9D0AF000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0x9D0C1000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9D0D1000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9D0FB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9D105000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9D118000 \SystemRoot\system32\drivers\HTTP.sys
  0x9D185000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9D1A2000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9D1BB000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9D1D0000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9EC0A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9EC29000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9EC62000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9EC7A000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9ECA1000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9ECEF000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x9ED32000 \??\C:\Windows\system32\drivers\int15.sys
  0x9ED43000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0x9ED48000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0x9ED4C000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
  0xA2603000 \SystemRoot\system32\drivers\peauth.sys
  0xA26E1000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0xA26EA000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0xA26FC000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA2706000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA2712000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA271A000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
  0x77210000 \Windows\System32\ntdll.dll
  0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

Processes (total 101):
      0 System Idle Process
      4 System
    544 C:\Windows\System32\smss.exe
    624 csrss.exe
    676 C:\Windows\System32\wininit.exe
    688 csrss.exe
    720 C:\Windows\System32\services.exe
    736 C:\Windows\System32\lsass.exe
    744 C:\Windows\System32\lsm.exe
    904 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\nvvsvc.exe
    996 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\audiodg.exe
    1240 C:\Windows\System32\SLsvc.exe
    1304 C:\Windows\servicing\TrustedInstaller.exe
    1320 C:\Windows\System32\svchost.exe
    1384 C:\Windows\System32\winlogon.exe
    1468 C:\Windows\System32\svchost.exe
    1636 C:\Windows\System32\spoolsv.exe
    1660 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1672 C:\Windows\System32\svchost.exe
    1876 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1888 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    1908 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1932 C:\Program Files\Bonjour\mDNSResponder.exe
    1952 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    1980 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    2024 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    976 C:\Windows\System32\rundll32.exe
    1272 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    2200 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2240 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    2300 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2320 C:\ACER\Mobility Center\MobilityService.exe
    2364 C:\Program Files\CDBurnerXP\NMSAccessU.exe
    2376 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2412 C:\Windows\System32\taskeng.exe
    2480 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2508 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    2548 C:\Windows\System32\svchost.exe
    2576 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    2592 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    2664 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    2676 C:\Windows\System32\svchost.exe
    2708 C:\Windows\System32\svchost.exe
    2772 C:\Windows\System32\SearchIndexer.exe
    2840 C:\Windows\System32\drivers\XAudio.exe
    3092 WmiPrvSE.exe
    3244 C:\Program Files\Common Files\SPBA\upeksvr.exe
    3396 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    3780 C:\Windows\System32\dwm.exe
    3816 C:\Windows\System32\taskeng.exe
    3908 C:\Windows\explorer.exe
    3992 C:\Program Files\Windows Defender\MSASCui.exe
    4008 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    4028 C:\Windows\RtHDVCpl.exe
    4076 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    4092 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    2116 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    2352 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    2520 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    2616 C:\Windows\System32\rundll32.exe
    2572 C:\Windows\PLFSetI.exe
    3792 C:\Program Files\Launch Manager\QtZgAcer.EXE
    2804 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    3796 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    3968 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    332 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    356 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    388 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    3300 C:\Program Files\Winamp\winampa.exe
    352 C:\Program Files\DAEMON Tools\daemon.exe
    372 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
    2264 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3260 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4036 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3144 C:\Program Files\iTunes\iTunesHelper.exe
    3376 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3356 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
    2040 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3148 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    4152 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4604 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    4828 C:\Windows\System32\wbem\unsecapp.exe
    5220 C:\Program Files\iPod\bin\iPodService.exe
    5820 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5880 C:\Program Files\Firefox\firefox.exe
    5324 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    3360 C:\Windows\System32\conime.exe
    3160 WmiPrvSE.exe
    5520 C:\Windows\System32\wuauclt.exe
    4020 C:\Windows\System32\SearchProtocolHost.exe
    5140 C:\Windows\System32\SearchFilterHost.exe
    5240 C:\Windows\System32\wbem\WMIADAP.exe
    5340 dllhost.exe
    4920 dllhost.exe
    4568 C:\Users\Arthur\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
    298 GB  \\.\PhysicalDrive1  Unknown MBR code
            SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
 [ 0] Default (Windows Vista)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
HTML-Code:
BRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:        Acer, Inc.
BIOS Manufacturer:                Acer
System Manufacturer:                Acer, inc.
System Product Name:                Aspire 6930G
Logical Drives Mask:                0x0000007c

Kernel Drivers (total 171):
  0x82242000 \SystemRoot\system32\ntkrnlpa.exe
  0x8220F000 \SystemRoot\system32\hal.dll
  0x80404000 \SystemRoot\system32\kdcom.dll
  0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8046C000 \SystemRoot\system32\PSHED.dll
  0x8047D000 \SystemRoot\system32\BOOTVID.dll
  0x80485000 \SystemRoot\system32\CLFS.SYS
  0x804C6000 \SystemRoot\system32\CI.dll
  0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80696000 \SystemRoot\System32\Drivers\sppb.sys
  0x80796000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x8079F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x805A6000 \SystemRoot\system32\drivers\acpi.sys
  0x807C5000 \SystemRoot\system32\drivers\msisadrv.sys
  0x807CD000 \SystemRoot\system32\drivers\pci.sys
  0x805EC000 \SystemRoot\System32\drivers\partmgr.sys
  0x807F4000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80600000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A208000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A217000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A261000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A271000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x8A279000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A352000 \SystemRoot\system32\drivers\atapi.sys
  0x8A35A000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A378000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A3AA000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A3BA000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x8A3C3000 \SystemRoot\system32\Drivers\AlfaFF.sys
  0x8A40A000 \SystemRoot\system32\Drivers\ksecdd.sys
  0x8A47B000 \SystemRoot\system32\drivers\ndis.sys
  0x8A586000 \SystemRoot\system32\drivers\msrpc.sys
  0x8A5B1000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A608000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A717000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A750000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A758000 \SystemRoot\System32\Drivers\mup.sys
  0x8A767000 \SystemRoot\System32\drivers\ecache.sys
  0x8A78E000 \SystemRoot\system32\drivers\disk.sys
  0x8A79F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A7C0000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8E4E1000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8E4EC000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8E4F5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8E4F9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8E60A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8ED3D000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8EDDC000 \SystemRoot\System32\drivers\watchdog.sys
  0x8EDE9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8E502000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8E540000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8E54F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F006000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x8F38D000 \SystemRoot\system32\DRIVERS\winbondcir.sys
  0x8F3A2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F3B5000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8F3BF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F3CA000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8F3FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8EDF4000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8E561000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8E600000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8F000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8E579000 \SystemRoot\System32\Drivers\ayw8qppr.SYS
  0x8E5AF000 \SystemRoot\System32\Drivers\a6whx74s.SYS
  0x8A7D6000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8A3CC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8EE07000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8EE48000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8EE53000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8EE6A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8EE75000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8EE98000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8EEA7000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8EEBB000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8EED0000 \SystemRoot\system32\DRIVERS\wanatw4.sys
  0x8EED6000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8EEE6000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0x8EEEC000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8EEEE000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8EF18000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8EF26000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8EF30000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8EF3D000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8EF71000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8F403000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F60B000 \SystemRoot\system32\drivers\portcls.sys
  0x8F638000 \SystemRoot\system32\drivers\drmk.sys
  0x8F65D000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8F69A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8FA06000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8FABB000 \SystemRoot\system32\drivers\modem.sys
  0x8FAC8000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x8FAD6000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x8FAE1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8FAF1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8FAF8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8FB01000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8FB09000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8FB12000 \SystemRoot\System32\Drivers\Null.SYS
  0x8FB19000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8FB20000 \SystemRoot\System32\drivers\vga.sys
  0x8FB2C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8FB4D000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x8FB60000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8FB68000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8FB70000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8FB7B000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8FB89000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9080F000 \SystemRoot\System32\drivers\tcpip.sys
  0x908F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x90913000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x90929000 \SystemRoot\system32\DRIVERS\smb.sys
  0x9093D000 \SystemRoot\system32\drivers\afd.sys
  0x90985000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x909B7000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x909CD000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x909D6000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x909E4000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x909F7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8FB92000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x90800000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x8FBB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8FBF0000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F79C000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8F7B3000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x90806000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8F7CF000 \SystemRoot\System32\Drivers\tcusb.sys
  0x8F7DA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8EF82000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8EFA3000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x8F7F1000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8E400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x98880000 \SystemRoot\System32\win32k.sys
  0x8EFB9000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8EFC3000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x98AA0000 \SystemRoot\System32\TSDDD.dll
  0x98AC0000 \SystemRoot\System32\cdd.dll
  0x8EFD2000 \SystemRoot\system32\drivers\luafv.sys
  0x8A7E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9D40C000 \SystemRoot\system32\drivers\spsys.sys
  0x9D4BB000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0x9D4CD000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9D4DD000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9D507000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9D511000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9D524000 \SystemRoot\system32\drivers\HTTP.sys
  0x9D591000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9D5AE000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9D5C7000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9D5DC000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9EC0C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9EC2B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9EC64000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9EC7C000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9ECA3000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9ECF1000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x9ED34000 \??\C:\Windows\system32\drivers\int15.sys
  0x9ED45000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0x9ED4A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0x9ED4E000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
  0xA260D000 \SystemRoot\system32\drivers\peauth.sys
  0xA26EB000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0xA26F4000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0xA2706000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA2710000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA271C000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA2724000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
  0x775C0000 \Windows\System32\ntdll.dll
  0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

Processes (total 98):
      0 System Idle Process
      4 System
    488 C:\Windows\System32\smss.exe
    624 csrss.exe
    676 C:\Windows\System32\wininit.exe
    688 csrss.exe
    720 C:\Windows\System32\services.exe
    732 C:\Windows\System32\lsass.exe
    740 C:\Windows\System32\lsm.exe
    888 C:\Windows\System32\svchost.exe
    956 C:\Windows\System32\nvvsvc.exe
    984 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\audiodg.exe
    1224 C:\Windows\System32\SLsvc.exe
    1260 C:\Windows\System32\svchost.exe
    1368 C:\Windows\System32\winlogon.exe
    1440 C:\Windows\System32\svchost.exe
    1612 C:\Windows\System32\spoolsv.exe
    1636 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1648 C:\Windows\System32\svchost.exe
    1856 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1868 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    1888 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1908 C:\Program Files\Bonjour\mDNSResponder.exe
    1944 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    1960 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    2028 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    712 C:\Windows\System32\rundll32.exe
    668 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    1428 C:\Program Files\Common Files\SPBA\upeksvr.exe
    2200 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    2240 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2256 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    2384 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2412 C:\ACER\Mobility Center\MobilityService.exe
    2520 C:\Program Files\CDBurnerXP\NMSAccessU.exe
    2564 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2620 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2648 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    2680 C:\Windows\System32\svchost.exe
    2712 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    2736 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    2768 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    2788 C:\Windows\System32\svchost.exe
    2832 C:\Windows\System32\svchost.exe
    2860 C:\Windows\System32\SearchIndexer.exe
    2928 C:\Windows\System32\drivers\XAudio.exe
    3260 WmiPrvSE.exe
    3292 C:\Windows\System32\taskeng.exe
    3392 WmiPrvSE.exe
    3696 C:\Windows\System32\dwm.exe
    3732 C:\Windows\System32\taskeng.exe
    3812 C:\Windows\explorer.exe
    3912 C:\Program Files\Windows Defender\MSASCui.exe
    3928 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    4004 C:\Windows\RtHDVCpl.exe
    4020 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    4044 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    4068 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    2052 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    2128 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    2156 C:\Windows\System32\rundll32.exe
    2160 C:\Windows\PLFSetI.exe
    884 C:\Program Files\Launch Manager\QtZgAcer.EXE
    2188 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    3712 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    3756 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    3784 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    308 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    3844 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    3876 C:\Program Files\Winamp\winampa.exe
    3984 C:\Program Files\DAEMON Tools\daemon.exe
    4080 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
    2024 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    4084 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    632 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    1448 C:\Program Files\iTunes\iTunesHelper.exe
    3972 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2808 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3196 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    2940 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
    4272 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4440 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    4728 C:\Windows\System32\wbem\unsecapp.exe
    5020 C:\Program Files\iPod\bin\iPodService.exe
    5100 C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
    5344 C:\Program Files\Firefox\firefox.exe
    5744 C:\Windows\System32\SearchProtocolHost.exe
    5756 C:\Windows\System32\SearchFilterHost.exe
    6000 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4248 dllhost.exe
    3988 dllhost.exe
    4476 C:\Users\Arthur\Desktop\MBRCheck.exe
    4516 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
    298 GB  \\.\PhysicalDrive1  Unknown MBR code
            SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 06.08.2010 21:03
Wieso denn jetzt drei Logfiles?
Du solltest doch nur den Fix auf Platte0 mit MBR-Code für Vista (Option3) machen :confused:

Hast Du Windows neugestartet und zur Kontrolle wie in Posting #8 beschrieben nochmal ausgeführt?

partyarti 07.08.2010 06:04
Hallo,
Ich hab es so gemacht wie es beschrieben
war. Nachdem ich das Programm ausgeführt
hatte waren 2 logfiles (die ersten beiden aus meinem post) und ein weiteres file welches sich
nicht öffnen lässt auf dem desktop danach hab ich den Neustart gemacht und dann das prog nochmal ausgeführt, dann war das dritte logfiles zu sehen.

Soll ich es nochmal machen?

cosinus 07.08.2010 13:00
Ja nochmal machen. Erst den Fix auf PhysicalDrive0 mit dem MBR-Code für Vista.
Dann das gleich nochmal für PhysicalDrive1

partyarti 07.08.2010 17:38
hallo,

habe es noch mal gemacht und jetzt sind 2 logfiles auf dem desktop

nr.1 vor dem neustart:
HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:        Acer, Inc.
BIOS Manufacturer:                Acer
System Manufacturer:                Acer, inc.
System Product Name:                Aspire 6930G
Logical Drives Mask:                0x0000007c

Kernel Drivers (total 171):
  0x82210000 \SystemRoot\system32\ntkrnlpa.exe
  0x825C9000 \SystemRoot\system32\hal.dll
  0x8040B000 \SystemRoot\system32\kdcom.dll
  0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80473000 \SystemRoot\system32\PSHED.dll
  0x80484000 \SystemRoot\system32\BOOTVID.dll
  0x8048C000 \SystemRoot\system32\CLFS.SYS
  0x804CD000 \SystemRoot\system32\CI.dll
  0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80695000 \SystemRoot\System32\Drivers\spcl.sys
  0x80795000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x8079E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x805AD000 \SystemRoot\system32\drivers\acpi.sys
  0x807C4000 \SystemRoot\system32\drivers\msisadrv.sys
  0x807CC000 \SystemRoot\system32\drivers\pci.sys
  0x8A20F000 \SystemRoot\System32\drivers\partmgr.sys
  0x8A21E000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8A221000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A22B000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A23A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A284000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A294000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x8A29C000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A375000 \SystemRoot\system32\drivers\atapi.sys
  0x8A37D000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A39B000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A3CD000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A3DD000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x8A3E6000 \SystemRoot\system32\Drivers\AlfaFF.sys
  0x8A405000 \SystemRoot\system32\Drivers\ksecdd.sys
  0x8A476000 \SystemRoot\system32\drivers\ndis.sys
  0x8A581000 \SystemRoot\system32\drivers\msrpc.sys
  0x8A5AC000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A606000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A715000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A74E000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A756000 \SystemRoot\System32\Drivers\mup.sys
  0x8A765000 \SystemRoot\System32\drivers\ecache.sys
  0x8A78C000 \SystemRoot\system32\drivers\disk.sys
  0x8A79D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A7BE000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8E2DD000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8E2E8000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8E2F1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8E2F5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8E408000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8EB3B000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8EBDA000 \SystemRoot\System32\drivers\watchdog.sys
  0x8EBE7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8E2FE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8E33C000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8E34B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8EE0E000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x8F195000 \SystemRoot\system32\DRIVERS\winbondcir.sys
  0x8F1AA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F1BD000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8F1C7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8E35D000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8F1D2000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F1D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8F1DF000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F1F7000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8EE00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8E38D000 \SystemRoot\System32\Drivers\afdbm2f6.SYS
  0x8F20B000 \SystemRoot\System32\Drivers\aote5n6r.SYS
  0x8F255000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F264000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8F292000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8F2D3000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F2DE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F2F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8F300000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F323000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8F332000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8F346000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8F35B000 \SystemRoot\system32\DRIVERS\wanatw4.sys
  0x8F361000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F371000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0x8F377000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F379000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F3A3000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8F3B1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8F3BB000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F3C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8E3C3000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8F401000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F609000 \SystemRoot\system32\drivers\portcls.sys
  0x8F636000 \SystemRoot\system32\drivers\drmk.sys
  0x8F65B000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8F698000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8F802000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8F8B7000 \SystemRoot\system32\drivers\modem.sys
  0x8F8C4000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x8F8D2000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x8F8DD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8F8ED000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8F8F4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8F8FD000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8F905000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8F90E000 \SystemRoot\System32\Drivers\Null.SYS
  0x8F915000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8F91C000 \SystemRoot\System32\drivers\vga.sys
  0x8F928000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8F949000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x8F95C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8F964000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8F96C000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8F977000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8F985000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x90204000 \SystemRoot\System32\drivers\tcpip.sys
  0x902ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x90308000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x9031E000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90332000 \SystemRoot\system32\drivers\afd.sys
  0x9037A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x903AC000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x903C2000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x903D0000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x903E3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8F98E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x903E9000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x903F2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x8F9B0000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8F9EC000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F79A000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8F7B1000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x903F8000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8F7CD000 \SystemRoot\System32\Drivers\tcusb.sys
  0x8F7D8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8E3D4000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8E200000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x8F7EF000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x91E0E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x98620000 \SystemRoot\System32\win32k.sys
  0x91EE7000 \SystemRoot\System32\drivers\Dxapi.sys
  0x91EF1000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x98840000 \SystemRoot\System32\TSDDD.dll
  0x98860000 \SystemRoot\System32\cdd.dll
  0x91F00000 \SystemRoot\system32\drivers\luafv.sys
  0x91F1B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x91F2F000 \SystemRoot\system32\drivers\spsys.sys
  0x91FDE000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0x91FF0000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8E216000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x91E00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8E240000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x8E253000 \SystemRoot\system32\drivers\HTTP.sys
  0x8E2C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x8A7D4000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x8A5E6000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9EC0E000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9EC2E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9EC4D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9EC86000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9EC9E000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9ECC5000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9ED13000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x9ED56000 \??\C:\Windows\system32\drivers\int15.sys
  0x9ED67000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0x9ED6C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0x9ED70000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
  0xA2009000 \SystemRoot\system32\drivers\peauth.sys
  0xA20E7000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0xA20F0000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0xA2102000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA210C000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA2118000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA2120000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
  0x76E50000 \Windows\System32\ntdll.dll
  0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

Processes (total 100):
      0 System Idle Process
      4 System
    488 C:\Windows\System32\smss.exe
    624 csrss.exe
    676 C:\Windows\System32\wininit.exe
    688 csrss.exe
    720 C:\Windows\System32\services.exe
    732 C:\Windows\System32\lsass.exe
    740 C:\Windows\System32\lsm.exe
    900 C:\Windows\System32\svchost.exe
    964 C:\Windows\System32\nvvsvc.exe
    992 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1112 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\audiodg.exe
    1240 C:\Windows\System32\SLsvc.exe
    1272 C:\Windows\System32\svchost.exe
    1384 C:\Windows\System32\winlogon.exe
    1444 C:\Windows\System32\svchost.exe
    1624 C:\Windows\System32\spoolsv.exe
    1648 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1660 C:\Windows\System32\svchost.exe
    1840 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1872 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    1884 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1904 C:\Program Files\Bonjour\mDNSResponder.exe
    1928 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    1952 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    1980 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    2020 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    768 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    1436 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    1832 C:\Windows\System32\rundll32.exe
    2060 C:\Program Files\Common Files\SPBA\upeksvr.exe
    2104 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2176 C:\ACER\Mobility Center\MobilityService.exe
    2348 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    2360 C:\Program Files\CDBurnerXP\NMSAccessU.exe
    2376 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2420 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2432 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    2496 C:\Windows\System32\svchost.exe
    2516 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    2552 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    2580 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    2628 C:\Windows\System32\svchost.exe
    2660 C:\Windows\System32\svchost.exe
    2696 C:\Windows\System32\SearchIndexer.exe
    2736 C:\Windows\System32\drivers\XAudio.exe
    3264 WmiPrvSE.exe
    3384 C:\Windows\System32\taskeng.exe
    3648 C:\Windows\System32\taskeng.exe
    3612 C:\Windows\System32\dwm.exe
    3772 C:\Windows\explorer.exe
    2320 C:\Program Files\Windows Defender\MSASCui.exe
    2324 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2644 C:\Windows\RtHDVCpl.exe
    3432 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3688 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    4012 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    3744 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    4060 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    3972 C:\Windows\System32\rundll32.exe
    3360 C:\Windows\PLFSetI.exe
    1620 C:\Program Files\Launch Manager\QtZgAcer.EXE
    1224 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    3896 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    3452 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    2280 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    2296 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    632 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    836 C:\Program Files\Winamp\winampa.exe
    2196 C:\Program Files\DAEMON Tools\daemon.exe
    428 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
    2212 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3872 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    596 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    1640 C:\Program Files\iTunes\iTunesHelper.exe
    3672 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2464 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2332 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    988 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4132 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
    4588 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    4680 C:\Windows\System32\wbem\unsecapp.exe
    4832 C:\Program Files\Firefox\firefox.exe
    4876 C:\Windows\System32\wuauclt.exe
    5136 C:\Windows\servicing\TrustedInstaller.exe
    5236 C:\Program Files\iPod\bin\iPodService.exe
    5368 C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
    5460 C:\Windows\System32\wbem\WMIADAP.exe
    5736 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4480 C:\Windows\System32\SearchProtocolHost.exe
    4492 C:\Windows\System32\SearchFilterHost.exe
    4188 dllhost.exe
    4288 dllhost.exe
    3904 C:\Users\Arthur\Desktop\MBRCheck.exe
    1408 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
    298 GB  \\.\PhysicalDrive1  Unknown MBR code
            SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
 [ 0] Default (Windows Vista)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

und jetzt das logfile was da war nach dem neustart und erneuten programmstart:

HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:        Acer, Inc.
BIOS Manufacturer:                Acer
System Manufacturer:                Acer, inc.
System Product Name:                Aspire 6930G
Logical Drives Mask:                0x0000007c

Kernel Drivers (total 171):
  0x82250000 \SystemRoot\system32\ntkrnlpa.exe
  0x8221D000 \SystemRoot\system32\hal.dll
  0x80402000 \SystemRoot\system32\kdcom.dll
  0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8046A000 \SystemRoot\system32\PSHED.dll
  0x8047B000 \SystemRoot\system32\BOOTVID.dll
  0x80483000 \SystemRoot\system32\CLFS.SYS
  0x804C4000 \SystemRoot\system32\CI.dll
  0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80691000 \SystemRoot\System32\Drivers\spnv.sys
  0x80791000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x8079A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x805A4000 \SystemRoot\system32\drivers\acpi.sys
  0x807C0000 \SystemRoot\system32\drivers\msisadrv.sys
  0x807C8000 \SystemRoot\system32\drivers\pci.sys
  0x807EF000 \SystemRoot\System32\drivers\partmgr.sys
  0x80600000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x805EA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A208000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A217000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A261000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A271000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x8A279000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A352000 \SystemRoot\system32\drivers\atapi.sys
  0x8A35A000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A378000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A3AA000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A3BA000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x8A3C3000 \SystemRoot\system32\Drivers\AlfaFF.sys
  0x8A403000 \SystemRoot\system32\Drivers\ksecdd.sys
  0x8A474000 \SystemRoot\system32\drivers\ndis.sys
  0x8A57F000 \SystemRoot\system32\drivers\msrpc.sys
  0x8A5AA000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A601000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A710000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A749000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A751000 \SystemRoot\System32\Drivers\mup.sys
  0x8A760000 \SystemRoot\System32\drivers\ecache.sys
  0x8A787000 \SystemRoot\system32\drivers\disk.sys
  0x8A798000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A7B9000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8E6E6000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8E6F1000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8E6FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8E6FE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8E800000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8EF33000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8EFD2000 \SystemRoot\System32\drivers\watchdog.sys
  0x8EFDF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8E707000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8EFEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8E745000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F00D000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x8F394000 \SystemRoot\system32\DRIVERS\winbondcir.sys
  0x8F3A9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F3BC000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8F3C6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8E757000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8F3D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F3D3000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8F3DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F3F6000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8F000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8E787000 \SystemRoot\System32\Drivers\ajpif44f.SYS
  0x8F40E000 \SystemRoot\System32\Drivers\ab83fvij.SYS
  0x8F458000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F467000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8F495000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8F4D6000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F4E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F4F8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8F503000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F526000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8F535000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8F549000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8F55E000 \SystemRoot\system32\DRIVERS\wanatw4.sys
  0x8F564000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F574000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0x8F57A000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F57C000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F5A6000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8F5B4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8F5BE000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F5CB000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8E7BD000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8F60E000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F816000 \SystemRoot\system32\drivers\portcls.sys
  0x8F843000 \SystemRoot\system32\drivers\drmk.sys
  0x8F868000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8F8A5000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8FA0E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8FAC3000 \SystemRoot\system32\drivers\modem.sys
  0x8FAD0000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x8FADE000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x8FAE9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8FAF9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8FB00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8FB09000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8FB11000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8FB1A000 \SystemRoot\System32\Drivers\Null.SYS
  0x8FB21000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8FB28000 \SystemRoot\System32\drivers\vga.sys
  0x8FB34000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8FB55000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x8FB68000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8FB70000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8FB78000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8FB83000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8FB91000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9060B000 \SystemRoot\System32\drivers\tcpip.sys
  0x906F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x9070F000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x90725000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90739000 \SystemRoot\system32\drivers\afd.sys
  0x90781000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x907B3000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x907C9000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x907D7000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x907EA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8FB9A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x907F0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x8FBBC000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x907F6000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x90600000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F9A7000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8F9BE000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8FBF8000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8FA00000 \SystemRoot\System32\Drivers\tcusb.sys
  0x8F9DA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8E7CE000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8E600000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x8F9F1000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x9220B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x98690000 \SystemRoot\System32\win32k.sys
  0x922E4000 \SystemRoot\System32\drivers\Dxapi.sys
  0x922EE000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x988B0000 \SystemRoot\System32\TSDDD.dll
  0x922FD000 \SystemRoot\system32\drivers\luafv.sys
  0x92318000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x988D0000 \SystemRoot\System32\cdd.dll
  0x9232C000 \SystemRoot\system32\drivers\spsys.sys
  0x923DB000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0x923ED000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8E616000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x92200000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8E640000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x8E653000 \SystemRoot\system32\drivers\HTTP.sys
  0x8E6C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x8A7CF000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x8A7E8000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x8A3CC000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9EA00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9EA1F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9EA58000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9EA70000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9EA97000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9EAE5000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x9EB28000 \??\C:\Windows\system32\drivers\int15.sys
  0x9EB39000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0x9EB3E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0x9EB42000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
  0xA2209000 \SystemRoot\system32\drivers\peauth.sys
  0xA22E7000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0xA22F0000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0xA2302000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA230C000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA2318000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA2320000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
  0x76FA0000 \Windows\System32\ntdll.dll
  0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

Processes (total 96):
      0 System Idle Process
      4 System
    488 C:\Windows\System32\smss.exe
    624 csrss.exe
    676 C:\Windows\System32\wininit.exe
    688 csrss.exe
    720 C:\Windows\System32\services.exe
    732 C:\Windows\System32\lsass.exe
    740 C:\Windows\System32\lsm.exe
    880 C:\Windows\System32\svchost.exe
    944 C:\Windows\System32\nvvsvc.exe
    972 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1192 C:\Windows\System32\audiodg.exe
    1220 C:\Windows\System32\SLsvc.exe
    1252 C:\Windows\System32\svchost.exe
    1356 C:\Windows\System32\winlogon.exe
    1424 C:\Windows\System32\svchost.exe
    1612 C:\Windows\System32\spoolsv.exe
    1648 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1664 C:\Windows\System32\svchost.exe
    1852 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1880 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    1896 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1920 C:\Program Files\Bonjour\mDNSResponder.exe
    1948 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    1968 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    1988 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    2004 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    956 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    1180 C:\Windows\System32\rundll32.exe
    1444 C:\Program Files\Common Files\SPBA\upeksvr.exe
    1704 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    2104 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2168 C:\ACER\Mobility Center\MobilityService.exe
    2272 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    2296 C:\Program Files\CDBurnerXP\NMSAccessU.exe
    2308 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2384 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2404 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    2448 C:\Windows\System32\svchost.exe
    2476 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    2516 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    2600 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    2656 C:\Windows\System32\svchost.exe
    2696 C:\Windows\System32\svchost.exe
    2720 C:\Windows\System32\SearchIndexer.exe
    2816 C:\Windows\System32\drivers\XAudio.exe
    3364 WmiPrvSE.exe
    3456 WmiPrvSE.exe
    3512 C:\Windows\System32\taskeng.exe
    3828 C:\Windows\System32\taskeng.exe
    3852 C:\Windows\System32\dwm.exe
    3944 C:\Windows\explorer.exe
    4016 C:\Program Files\Windows Defender\MSASCui.exe
    4024 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    4044 C:\Windows\RtHDVCpl.exe
    4052 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    4072 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    2140 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    2112 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    2232 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    2328 C:\Windows\System32\rundll32.exe
    2436 C:\Windows\PLFSetI.exe
    3868 C:\Program Files\Launch Manager\QtZgAcer.EXE
    3960 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    2228 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    3496 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    2940 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    540 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    2952 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    2092 C:\Program Files\Winamp\winampa.exe
    800 C:\Program Files\DAEMON Tools\daemon.exe
    524 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
    616 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
    3768 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2584 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    532 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2192 C:\Program Files\iTunes\iTunesHelper.exe
    2340 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2932 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2936 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    4216 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4304 C:\Windows\System32\wbem\unsecapp.exe
    4472 C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
    4800 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    4904 C:\Program Files\iPod\bin\iPodService.exe
    5356 C:\Program Files\Firefox\firefox.exe
    5740 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5984 dllhost.exe
    6012 dllhost.exe
    6044 C:\Users\Arthur\Desktop\MBRCheck.exe
    6060 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
    298 GB  \\.\PhysicalDrive1  Unknown MBR code
            SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131