Firefox im Taskmanager, obwohl nicht geöffnet!

Duffman · 15.12.2009, 17:25

Der Report von GMER:

Code:

ATTFilter

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-15 17:01:13
Windows 6.0.6002 Service Pack 2
Running: 9hdxohjm.exe; Driver: C:\Users\BNEK~1\AppData\Local\Temp\kgrdypoc.sys


---- System - GMER 1.0.15 ----

SSDT            8C4B0354                                                                                                                                             ZwCreateThread
SSDT            8C4B0340                                                                                                                                             ZwOpenProcess
SSDT            8C4B0345                                                                                                                                             ZwOpenThread
SSDT            8C4B034F                                                                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                                                        820F7964 4 Bytes  [54, 03, 4B, 8C] {PUSH ESP; ADD ECX, [EBX-0x74]}
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                                                        820F7B34 4 Bytes  [40, 03, 4B, 8C] {INC EAX; ADD ECX, [EBX-0x74]}
.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                                                                        820F7B50 4 Bytes  [45, 03, 4B, 8C] {INC EBP; ADD ECX, [EBX-0x74]}
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                                                        820F7D64 4 Bytes  [4F, 03, 4B, 8C] {DEC EDI; ADD ECX, [EBX-0x74]}
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                                             section is writeable [0x8DE08340, 0x3D7A87, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                               section is writeable [0xA1A0D300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                               section is writeable [0xA1A61300, 0x1BEE, 0xE8000020]
                C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                                entry point in "" section [0xA1BB241C]
.clc            C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                                unknown last code section [0xA1BB3000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[1996] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9                                                                           7692B364 4 Bytes  [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text           C:\Windows\Explorer.EXE[1996] SHELL32.dll!ShellExecuteExW + 18B7                                                                                     7695D9EC 4 Bytes  [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                [73CB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                 [73D0A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                             [73CBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                       [73CAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                 [73CB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                              [73CAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                                  [73CE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                     [73CBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                             [73CAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                              [73CAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                               [73CA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                       [73D3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                          [73CDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                             [73CAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                       [73CA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                      [73CA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                         [73CB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                          [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                              [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                                        [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[1996] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                          [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                   [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW]                   [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                   [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                  [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                    [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                  [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe[2056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW]                                 [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                                 [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                                [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                                  [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                               [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]                             [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                               [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                                 [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                                [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                                  [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                                [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                 [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                              [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW]                               [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW]                                 [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                 [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                              [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                                [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                 [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                 [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                                [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]                                [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                 [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW]                              [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2172] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA]                               [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExW]                                           [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryA]                                             [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\user32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                              [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryW]                                             [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                               [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                                            [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                                              [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                                              [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                                           [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]                                         [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                            [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                                           [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                              [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                                             [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                                             [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                                             [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                              [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW]                                             [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                                            [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                               [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                                              [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                                              [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                              [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                                             [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW]                                           [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW]                                             [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                            [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA]                                           [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                             [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                                            [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                                            [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                                            [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                             [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                                          [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                                            [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                             [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                                          [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                                            [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                            [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]                                            [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                             [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW]                                          [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]                                            [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                                           [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                                           [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                            [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]                               [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]                                            [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AOL 9.0 VRa\waol.exe[6124] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                             [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Duffman · 15.12.2009, 17:34

Ja der Eintrag wurde nur da gefunden, und nach Löschung des gesamten Schlüssels ist er nicht mehr zu finden!
Wurde die Malware denn jetzt entfernt oder arbeitet sie wohlmöglich noch im dunkeln weiter?

cosinus · 15.12.2009, 18:47

Offensichtlich entfernt

Zeigt HJT im Logfile immer noch den Eintrag?

Duffman · 15.12.2009, 22:18

Im Log ist der Eintrag

Code:

ATTFilter

O4 - HKCU\..\Run: [HKCU] C:\Users\Bönek\AppData\Roaming\sys32\svhost.exe

immernoch zu finden.

Zudem hat der explorer seit vorhin die Angewohneit des öfteren abzustürzen!

cosinus · 16.12.2009, 09:39

Mach nochmal bitte den Durchlauf mit GMER bitte aber diesmal auf den Tab Autostart statt Rootkit/Malware klicken. Rest wie gehabt, Scan der Autostarts ausfürehn, wenn fertig kopieren & hier posten.

Duffman · 16.12.2009, 14:02

Log von GMER auf dem Tab Autostart:

GMER 1.0.15.15281 - http://www.gmer.net
Autostart scan 2009-12-16 14:01:40
Windows 6.0.6002 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000@DLLName = C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AgereModemAudio@ = C:\Windows\system32\agrsmsvc.exe
AntiVirSchedulerService@ = "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
AntiVirService@ = "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
AOL ACS@ = "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
BUNAgentSvc@ = "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe"
CLHNService@ = C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
eDataSecurity Service@ = "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
ETService@ = C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
EvtEng@ = C:\Program Files\Intel\WiFi\bin\EvtEng.exe
gupdate1c98c805e078ff9@ = "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
IGBASVC@ = C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
LightScribeService@ = "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
MobilityService@ = C:\Acer\Mobility Center\MobilityService.exe -p /*file not found*/
NTIBackupSvc@ = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
NTISchedulerSvc@ = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
nvsvc@ = %SystemRoot%\system32\nvvsvc.exe
PnkBstrA@ = C:\Windows\system32\PnkBstrA.exe
RegSrvc@ = C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
RichVideo@ = "C:\Program Files\Cyberlink\Shared files\RichVideo.exe" ??????????????????????????????????????????????????????
RS_Service@ = C:\Program Files\Acer\Acer VCM\RS_Service.exe
slsvc@ = %SystemRoot%\system32\SLsvc.exe
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@NvCplDaemonRUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@PLFSetIC:\Windows\PLFSetI.exe = C:\Windows\PLFSetI.exe
@eDataSecurity LoaderC:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
@ePower_DMCC:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe = C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
@CLMLServer"C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" = "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
@WarReg_PopUpC:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe = C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
@DiamondbackC:\Program Files\Razer\Diamondback\razerhid.exe = C:\Program Files\Razer\Diamondback\razerhid.exe
@AppleSyncNotifierC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
@Windows Defender%ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/ = %ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/
@avgnt"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
@SkytelSkytel.exe = Skytel.exe
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@ISUSPM StartupC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@AOL Fast Start"C:\Program Files\AOL 9.0 VRa\AOL.EXE" -b = "C:\Program Files\AOL 9.0 VRa\AOL.EXE" -b

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} /*FPLaunchCache*/C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll = C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll
@{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} /*eDS psd drag drop protection*/C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
@{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} /*EPM-PO Shell Extension*/epm-po.dll /*file not found*/ = epm-po.dll /*file not found*/
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{44440D00-FF19-4AFC-B765-9A0970567D97} /*TuneUp Theme Extension*/%SystemRoot%\System32\uxtuneup.dll = %SystemRoot%\System32\uxtuneup.dll
@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} /*TuneUp Shredder Shell Extension*/C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Program Files\Avira\AntiVir Desktop\shlext.dll = C:\Program Files\Avira\AntiVir Desktop\shlext.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\Windows\System32\ieframe.dll = C:\Windows\System32\ieframe.dll
@{28803F59-3A75-4058-995F-4EE5503B023C} /*Wireless Devices*/%systemroot%\system32\FunctionDiscoveryFolder.dll = %systemroot%\system32\FunctionDiscoveryFolder.dll
@{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7} /*Enhanced Storage Data Source*/%SystemRoot%\system32\EhStorShell.dll = %SystemRoot%\system32\EhStorShell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{94586423-855F-4EB2-9F6A-D9DA5658DBE3} /*SxContextMenu1stConv*/C:\PROGRA~1\M4ATOM~1\m4a_menu.dll = C:\PROGRA~1\M4ATOM~1\m4a_menu.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
EDSshellExt@{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir Desktop\shlext.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} = C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EDSshellExt@{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir Desktop\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} = C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://de.intl.acer.yahoo.com = http://de.intl.acer.yahoo.com
@Start Pagehttp://de.intl.acer.yahoo.com = http://de.intl.acer.yahoo.com
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.de/ = http://www.google.de/
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
its@CLSID = %SystemRoot%\System32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
tv@CLSID = C:\Windows\System32\msvidctl.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

---- EOF - GMER 1.0.15 ----

cosinus · 16.12.2009, 15:52

Zitat:

C:\Windows\PLFSetI.exe
C:\Windows\system32\SLsvc.exe

Bitte mal sicherheitshalber bei virustotal.com auswerten lassen und Ergebnislink posten.

Warum HijackThis diesen Eintrag immer noch im Log anzeigt ist mir noch ein Rätsel. Mach nochmal frische Logs mit RSIT, das beinhaltet auch ein Hijackthis-Logfile, ich möchte mal wissen, ob der Eintrag dann da auch drin ist.

Duffman · 16.12.2009, 16:17

PLFSetI.exe:

Code:

ATTFilter

Antivirus  	Version  	letzte aktualisierung  	Ergebnis
a-squared	4.5.0.43	2009.12.16	-
AhnLab-V3	5.0.0.2	2009.12.16	-
AntiVir	7.9.1.108	2009.12.16	-
Antiy-AVL	2.0.3.7	2009.12.16	-
Authentium	5.2.0.5	2009.12.02	-
Avast	4.8.1351.0	2009.12.16	-
AVG	8.5.0.427	2009.12.16	-
BitDefender	7.2	2009.12.16	-
CAT-QuickHeal	10.00	2009.12.16	-
ClamAV	0.94.1	2009.12.16	-
Comodo	3264	2009.12.16	-
DrWeb	5.0.0.12182	2009.12.16	-
eSafe	7.0.17.0	2009.12.16	-
eTrust-Vet	35.1.7178	2009.12.16	-
F-Prot	4.5.1.85	2009.12.15	-
F-Secure	9.0.15370.0	2009.12.16	-
Fortinet	4.0.14.0	2009.12.16	-
GData	19	2009.12.16	-
Ikarus	T3.1.1.78.0	2009.12.16	-
K7AntiVirus	7.10.922	2009.12.16	-
Kaspersky	7.0.0.125	2009.12.16	-
McAfee	5833	2009.12.15	-
McAfee+Artemis	5833	2009.12.15	-
McAfee-GW-Edition	6.8.5	2009.12.16	-
Microsoft	1.5302	2009.12.16	-
NOD32	4693	2009.12.16	-
Norman	6.04.03	2009.12.15	-
nProtect	2009.1.8.0	2009.12.16	-
Panda	10.0.2.2	2009.12.15	-
PCTools	7.0.3.5	2009.12.16	-
Prevx	3.0	2009.12.16	-
Rising	22.26.02.04	2009.12.16	-
Sophos	4.48.0	2009.12.16	-
Sunbelt	3.2.1858.2	2009.12.16	-
Symantec	1.4.4.12	2009.12.16	-
TheHacker	6.5.0.2.094	2009.12.15	-
TrendMicro	9.100.0.1001	2009.12.16	-
VBA32	3.12.12.0	2009.12.16	-
ViRobot	2009.12.16.2092	2009.12.16	-
VirusBuster	5.0.21.0	2009.12.16	-
weitere Informationen
File size: 200704 bytes
MD5...: 2ac7f8b8bf0d5d327a3a2a00453222c4
SHA1..: 801b48d7d5739038a7f293dbbf215431f77d8ee9
SHA256: f71b6cfa7f4ae2a13c8ddf296631ef26c72e7c0387d88b9701577dae133ec583
ssdeep: 3072:hBb0sexGRc3ZKmKxtAEjZoHLGIMAP0GV7UIJeIZ4yIy8o8bgCR8Z:DBc3ZK
AEjkGIFAjyC
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x9fe0
timedatestamp.....: 0x471d62d0 (Tue Oct 23 02:56:16 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2059f 0x21000 6.52 16d16d5b03dbdba19ce7a207a8c4b332
.rdata 0x22000 0x8720 0x9000 4.58 b67e7269fb7e03bb992b809f7b8b656e
.data 0x2b000 0x6348 0x3000 3.24 7180e1b25d7c9c8c1461a09f8479ffd6
.rsrc 0x32000 0x2490 0x3000 3.86 8fd26e728f6382b0e527cb04d7230d00

( 11 imports )
> KERNEL32.dll: GetStartupInfoA, GetCommandLineA, ExitProcess, TerminateProcess, HeapFree, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, GetACP, GetTimeZoneInformation, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, RtlUnwind, GetFileType, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, FormatMessageA, GetProfileStringA, GetTickCount, FileTimeToLocalFileTime, FileTimeToSystemTime, SetErrorMode, GetFileTime, GetFileSize, GetFileAttributesA, GetOEMCP, GetCPInfo, SizeofResource, GetProcessVersion, WritePrivateProfileStringA, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, GetThreadLocale, GetFullPathNameA, lstrcpynA, GetVolumeInformationA, FindFirstFileA, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetCurrentProcess, DuplicateHandle, GetLastError, MulDiv, SetLastError, MultiByteToWideChar, lstrlenA, InterlockedIncrement, InterlockedDecrement, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcpyA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, lstrcpyW, WideCharToMultiByte, GetWindowsDirectoryA, Sleep, GetStdHandle, GetSystemDefaultLCID
> USER32.dll: SetRect, GetNextDlgGroupItem, MessageBeep, InvalidateRect, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, GetSysColor, SetFocus, AdjustWindowRectEx, ScreenToClient, CopyRect, GetTopWindow, IsChild, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, CopyAcceleratorTableA, GetMessagePos, GetClassNameA, SetForegroundWindow, SetWindowLongA, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, MapDialogRect, SetWindowPos, GetWindow, SetWindowContextHelpId, EndDialog, SetActiveWindow, IsWindow, CreateDialogIndirectParamA, GetDlgItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, LoadIconA, SendMessageA, AppendMenuA, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostQuitMessage, PostMessageA, EnableWindow, IsIconic, GetSystemMetrics, CharNextA, GetSysColorBrush, GetMessageTime, GetClientRect, DrawIcon, DefDlgProcA, IsWindowUnicode, GetSystemMenu, GetDesktopWindow, LoadCursorA, CharUpperA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, LoadStringA, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, MapWindowPoints, UpdateWindow, DestroyWindow, PtInRect, GetForegroundWindow, SendDlgItemMessageA
> GDI32.dll: SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, IntersectClipRect, DeleteObject, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextColor, GetBkColor, DPtoLP, LPtoDP, GetMapMode, PatBlt, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateDIBitmap, GetTextExtentPointA, BitBlt, CreateCompatibleDC, CreateBitmap
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
> ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegQueryValueExA, RegOpenKeyExA
> COMCTL32.dll: -
> oledlg.dll: -
> ole32.dll: CoFreeUnusedLibraries, OleUninitialize, CoTaskMemAlloc, CoTaskMemFree, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, CoCreateInstance, CoInitialize, CoUninitialize, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, OleInitialize
> OLEPRO32.DLL: -
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....:
copyright....: Copyright (C) 2007
product......: DefaultSettingEXE Application
description..: DefaultSettingEXE MFC Application
original name: DefaultSettingEXE.EXE
internal name: DefaultSettingEXE
file version.: 1, 0, 1, 0
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
pdfid.: -

und von SLSvc.exe:

Code:

ATTFilter

Antivirus  	Version  	letzte aktualisierung  	Ergebnis
a-squared	4.5.0.43	2009.12.16	-
AhnLab-V3	5.0.0.2	2009.12.16	-
AntiVir	7.9.1.108	2009.12.16	-
Antiy-AVL	2.0.3.7	2009.12.16	-
Authentium	5.2.0.5	2009.12.02	-
Avast	4.8.1351.0	2009.12.16	-
AVG	8.5.0.427	2009.12.16	-
BitDefender	7.2	2009.12.16	-
CAT-QuickHeal	10.00	2009.12.16	-
ClamAV	0.94.1	2009.12.16	-
Comodo	3264	2009.12.16	-
DrWeb	5.0.0.12182	2009.12.16	-
eSafe	7.0.17.0	2009.12.16	-
eTrust-Vet	35.1.7178	2009.12.16	-
F-Prot	4.5.1.85	2009.12.15	-
F-Secure	9.0.15370.0	2009.12.16	-
Fortinet	4.0.14.0	2009.12.16	-
GData	19	2009.12.16	-
Ikarus	T3.1.1.78.0	2009.12.16	-
Jiangmin	13.0.900	2009.12.16	-
K7AntiVirus	7.10.922	2009.12.16	-
Kaspersky	7.0.0.125	2009.12.16	-
McAfee	5833	2009.12.15	-
McAfee+Artemis	5833	2009.12.15	-
McAfee-GW-Edition	6.8.5	2009.12.16	-
Microsoft	1.5302	2009.12.16	-
NOD32	4693	2009.12.16	-
Norman	6.04.03	2009.12.15	-
nProtect	2009.1.8.0	2009.12.16	-
Panda	10.0.2.2	2009.12.15	-
PCTools	7.0.3.5	2009.12.16	-
Prevx	3.0	2009.12.16	-
Rising	22.26.02.04	2009.12.16	-
Sophos	4.48.0	2009.12.16	-
Sunbelt	3.2.1858.2	2009.12.16	-
Symantec	1.4.4.12	2009.12.16	-
TheHacker	6.5.0.2.094	2009.12.15	-
TrendMicro	9.100.0.1001	2009.12.16	-
VBA32	3.12.12.0	2009.12.16	-
ViRobot	2009.12.16.2092	2009.12.16	-
VirusBuster	5.0.21.0	2009.12.16	-
weitere Informationen
File size: 3408896 bytes
MD5...: 862bb4cbc05d80c5b45be430e5ef872f
SHA1..: 63a7e82d687fcc9c3bf36347ee59b7e1c388ef24
SHA256: f4961b22c93e472c8c862421aa231cdda9e40d3958741a1d666357f22cc3143d
ssdeep: 49152:yjt6nxG8ZL9fub9iSx2Rp+Xx87KfmaoeiMizm6df1OD0cIlSbTLPJRwVMX
3:QofuZqiTLzX3
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc5756
timedatestamp.....: 0x49e02e64 (Sat Apr 11 05:45:08 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.pexe 0x1000 0x480 0x600 3.88 115ae33fe1804320cb32defe931c3512
.text 0x2000 0x2a1e0c 0x2a2000 6.68 698028c8edc1e08ceb8883e9fe963ba3
.data 0x2a4000 0x71cb5 0x71e00 7.79 be7a46b9ed9803e9c0b6947b4e9bae23
.rsrc 0x316000 0x2228 0x2400 3.14 719ccdf6f401d182d8ab5aefa87e2fdb
.reloc 0x319000 0x2979c 0x29800 6.75 61d5c9ea39348836b0a57a8e80ccf464

( 8 imports )
> ADVAPI32.dll: TraceEvent, EventUnregister, EventWrite, EventEnabled, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, CloseServiceHandle, EventRegister, SetServiceStatus, NotifyServiceStatusChangeW, ControlService, QueryServiceStatus, OpenServiceW, OpenSCManagerW, RegOpenKeyExW, RegQueryValueExW, StartServiceW, RegisterServiceCtrlHandlerW, StartServiceCtrlDispatcherW, RegSetValueExW, RegCreateKeyExW, LsaClose, LsaFreeMemory, LsaQueryInformationPolicy, LsaOpenPolicy, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, SystemFunction036, ConvertStringSidToSidW, RegDeleteValueW, WmiOpenBlock, WmiQueryAllDataW, WmiCloseBlock, ConvertStringSecurityDescriptorToSecurityDescriptorW, CryptReleaseContext, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptAcquireContextW, CryptGetHashParam, CryptDestroyKey, CryptEncrypt, CryptDecrypt, CryptImportKey, CryptSignHashA, CryptVerifySignatureA, CryptExportKey, CryptGenKey, CryptVerifySignatureW, GetCurrentHwProfileW, DeregisterEventSource, ReportEventW, RegisterEventSourceW, ConvertSidToStringSidW, LookupAccountNameW, RegisterTraceGuidsA
> KERNEL32.dll: CreateTimerQueueTimer, CreateTimerQueue, GetSystemTimeAsFileTime, GetComputerNameExW, FileTimeToSystemTime, ChangeTimerQueueTimer, EncodePointer, GetTickCount, DeleteTimerQueueEx, ExpandEnvironmentStringsW, QueryPerformanceCounter, SystemTimeToFileTime, GetLocalTime, CompareFileTime, GetSystemInfo, IsWow64Process, MultiByteToWideChar, LCMapStringW, GetSystemFirmwareTable, GetCurrentProcessId, RegisterWaitForSingleObject, DuplicateHandle, LoadLibraryA, UnregisterWaitEx, DeleteTimerQueueTimer, DeleteTimerQueue, QueueUserWorkItem, OpenThread, SetThreadPriority, GetCurrentThreadId, GetCurrentProcess, GetProcessHeaps, HeapQueryInformation, SleepEx, InitializeCriticalSectionAndSpinCount, CreateEventW, ResetEvent, InterlockedExchange, WaitForSingleObject, HeapSetInformation, GetVersionExW, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, CloseHandle, DecodePointer, HeapFree, GetProcessHeap, HeapAlloc, TzSpecificLocalTimeToSystemTime, WaitForMultipleObjects, GetDevicePowerState, ReleaseSemaphore, CreateSemaphoreA, InterlockedExchangeAdd, MoveFileExW, ReadFile, SetFilePointer, GetThreadPriority, GetSystemDefaultLangID, GetFileSize, CreateFileMappingW, MapViewOfFile, GetComputerNameW, GetLocaleInfoW, GetDateFormatW, GetTimeFormatW, GetVersionExA, UnmapViewOfFile, GetSystemDirectoryW, GlobalMemoryStatusEx, GetNativeSystemInfo, GetSystemTime, WideCharToMultiByte, GetPrivateProfileStringW, GetPrivateProfileSectionW, CreateDirectoryW, IsProcessorFeaturePresent, FlushFileBuffers, DeviceIoControl, GetModuleHandleExW, GetLastError, SetEvent, EnterCriticalSection, LeaveCriticalSection, InterlockedCompareExchange, LoadLibraryW, GetProcAddress, FreeLibrary, LocalAlloc, LocalFree, OpenProcess, DelayLoadFailureHook, Sleep, SetUnhandledExceptionFilter, GetModuleHandleA, TerminateProcess, UnhandledExceptionFilter, ExitProcess, VirtualAlloc, VirtualFree, GetVersion, VirtualProtect, SetLastError, GetFileAttributesW, WriteFile, CreateFileW, lstrlenW, InitializeCriticalSection, SetFileAttributesW, CopyFileW, DeleteFileW
> msvcrt.dll: _wcsnicmp, memcpy, memset, _vsnwprintf, _beginthreadex, ceil, _controlfp, _terminate@@YAXXZ, _onexit, _lock, __dllonexit, _unlock, _except_handler4_common, __set_app_type, __p__fmode, __p__commode, _CIlog10, __setusermatherr, _amsg_exit, _initterm, exit, _XcptFilter, _exit, _cexit, __wgetmainargs, free, _callnewh, malloc, _wtof, wcsncmp, _adjust_fdiv, wcsstr, _wtol, swscanf, wcschr, _wcsicmp, _purecall, sscanf, _wtoi, time, srand, rand, memmove, _ui64tow, _itow, memcpy_s, memchr, _ftol2
> ntdll.dll: NtQueryInformationThread, NtLockProductActivationKeys, NtSetInformationThread, NtQueryLicenseValue, NtQueryInformationProcess, NtSetInformationProcess, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlInitUnicodeString, ShipAssert
> RPCRT4.dll: RpcServerListen, I_RpcMapWin32Status, RpcMgmtStopServerListening, RpcServerUnregisterIf, I_RpcBindingInqLocalClientPID, RpcServerInqCallAttributesW, RpcServerRegisterIfEx, NdrServerCall2, UuidCreate, UuidToStringW, UuidFromStringW, RpcImpersonateClient, RpcRevertToSelfEx, RpcRaiseException, RpcServerRegisterIf2, RpcStringBindingComposeW, RpcBindingFromStringBindingW, I_RpcExceptionFilter, RpcStringFreeW, RpcBindingFree, RpcServerUseProtseqEpW, NdrClientCall2
> slc.dll: SLOpen
> USER32.dll: CharNextW, CharPrevW
> DNSAPI.dll: DnsModifyRecordsInSet_W, DnsQuery_W, DnsFree

( 1 exports )
_SPVersion@@3PADA
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Microsoft Software Licensing Service
original name: SLService
internal name: SLService
file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

und der log von RSIT:

Code:

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bönek at 2009-12-16 16:16:31
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 94 GB (64%) free of 146 GB
Total RAM: 3066 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:35, on 16.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AOL 9.0 VRa\waol.exe
C:\Program Files\Common Files\AOL\1218900205\ee\aolsoftware.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\BNEK~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Razer\Diamondback\razertra.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\AOL 9.0 VRa\shellmon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Users\Bönek\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bönek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VRa\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98c805e078ff9) (gupdate1c98c805e078ff9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 10734 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{754E5B26-1DC0-41A1-9CB0-B96AD1E6FD40}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-03-04 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04 142896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1037608]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-04-03 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-04-03 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-25 6111232]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-04-30 397312]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-04-10 167936]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"Diamondback"=C:\Program Files\Razer\Diamondback\razerhid.exe [2007-02-14 147456]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Skytel"=C:\Windows\Skytel.exe [2007-11-21 1826816]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"AOL Fast Start"=C:\Program Files\AOL 9.0 VRa\AOL.EXE [2007-06-21 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-04-10 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-03-07 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-04-18 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-11-21 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2008-07-12 3667968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~1\Acer\ACERVC~1\AcerVCM.exe [2008-03-05 1216512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2008-07-12 3110912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Acer\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05357f28-6d1a-11dd-a7c7-00038a000015}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe
shell\Open\command - F:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-14 21:12:38 ----A---- C:\avenger.txt
2009-12-14 17:47:50 ----D---- C:\Avenger
2009-12-14 15:43:33 ----D---- C:\rsit
2009-12-14 15:26:39 ----D---- C:\Users\Bönek\AppData\Roaming\Malwarebytes
2009-12-14 15:26:33 ----D---- C:\ProgramData\Malwarebytes
2009-12-14 15:26:33 ----D---- C:\Program Files\Malwarebytes
2009-12-14 08:44:21 ----D---- C:\Program Files\Trend Micro
2009-12-13 00:48:14 ----A---- C:\Users\Bönek\AppData\Roaming\SQLite3.dll
2009-12-09 12:04:30 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 12:04:29 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 10:39:15 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 10:39:13 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 10:39:12 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 10:39:11 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 10:39:11 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 10:39:11 ----A---- C:\Windows\system32\occache.dll
2009-12-09 10:39:11 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 10:39:11 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 10:39:11 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 10:39:10 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 10:39:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 10:39:10 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 10:39:10 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 10:39:10 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 10:39:10 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 10:39:10 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 10:39:10 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 10:39:10 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 10:39:10 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 10:38:30 ----A---- C:\Windows\system32\rastls.dll
2009-11-25 22:16:11 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 12:08:16 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 12:08:16 ----A---- C:\Windows\system32\msxml3.dll
2009-11-23 17:23:41 ----A---- C:\Windows\system32\XAudio2_5.dll
2009-11-23 17:23:41 ----A---- C:\Windows\system32\xactengine3_5.dll
2009-11-23 17:23:41 ----A---- C:\Windows\system32\d3dcsx_42.dll
2009-11-23 17:23:41 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2009-11-23 17:23:40 ----A---- C:\Windows\system32\D3DX9_42.dll
2009-11-23 17:23:40 ----A---- C:\Windows\system32\d3dx11_42.dll
2009-11-23 17:23:40 ----A---- C:\Windows\system32\d3dx10_42.dll
2009-11-23 17:23:39 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-11-23 17:23:39 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-11-23 17:23:38 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-11-23 17:23:37 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-11-23 17:23:37 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-11-23 17:23:37 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-11-23 17:23:37 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-11-23 17:23:36 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-11-23 17:23:36 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-11-23 17:23:35 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-11-23 17:23:35 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-11-23 17:23:35 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-11-23 17:23:34 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-11-17 16:21:29 ----D---- C:\Program Files\Windows Portable Devices
2009-11-17 12:02:41 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-17 12:02:41 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-17 12:02:40 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-17 12:02:18 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-17 12:02:18 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-17 12:02:18 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-17 12:02:18 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-17 12:02:18 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-17 12:02:18 ----A---- C:\Windows\system32\cdd.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-17 12:02:17 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\FntCache.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\dxgi.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-17 12:02:17 ----A---- C:\Windows\system32\DWrite.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\d3d11.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\d3d10.dll
2009-11-17 12:02:17 ----A---- C:\Windows\system32\d2d1.dll
2009-11-17 12:01:54 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-17 12:01:54 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-17 12:01:54 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-17 12:01:45 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-17 12:01:43 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-17 12:01:43 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-17 12:01:42 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-17 12:01:42 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-17 12:01:42 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-17 12:01:42 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-17 12:01:42 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-17 12:01:42 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-17 12:01:42 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-17 12:01:42 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-17 12:01:42 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-17 12:00:35 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-17 12:00:35 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-17 12:00:35 ----A---- C:\Windows\system32\oleacc.dll

======List of files/folders modified in the last 1 months======

2009-12-16 16:16:32 ----D---- C:\Windows\Temp
2009-12-16 16:02:30 ----D---- C:\Windows\Prefetch
2009-12-16 14:03:18 ----D---- C:\Windows\System32
2009-12-16 14:03:18 ----D---- C:\Windows\inf
2009-12-16 14:03:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-15 14:44:15 ----SHD---- C:\System Volume Information
2009-12-15 10:13:06 ----D---- C:\Windows
2009-12-14 22:36:24 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-14 22:35:51 ----RD---- C:\Program Files
2009-12-14 22:35:51 ----HD---- C:\ProgramData
2009-12-14 22:35:49 ----D---- C:\Windows\system32\drivers
2009-12-14 18:56:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-14 16:30:29 ----D---- C:\Windows\Cursors
2009-12-14 15:12:07 ----D---- C:\Program Files\CCleaner
2009-12-14 09:31:27 ----SD---- C:\Users\Bönek\AppData\Roaming\Microsoft
2009-12-13 22:50:44 ----D---- C:\Windows\Debug
2009-12-11 23:35:36 ----D---- C:\Program Files\Common Files\Steam
2009-12-10 20:00:50 ----D---- C:\Windows\system32\catroot2
2009-12-09 12:38:45 ----D---- C:\Windows\rescache
2009-12-09 12:33:39 ----D---- C:\Windows\winsxs
2009-12-09 12:23:32 ----D---- C:\Windows\system32\catroot
2009-12-09 12:21:06 ----D---- C:\Windows\system32\migration
2009-12-09 12:21:05 ----D---- C:\Windows\system32\de-DE
2009-12-09 12:21:05 ----D---- C:\Program Files\Windows Mail
2009-12-09 12:21:05 ----D---- C:\Program Files\Internet Explorer
2009-12-06 13:00:23 ----SHD---- C:\Windows\Installer
2009-12-06 13:00:22 ----SHD---- C:\Config.Msi
2009-12-06 13:00:22 ----D---- C:\ProgramData\Microsoft Help
2009-12-06 12:32:39 ----D---- C:\Users\Bönek\AppData\Roaming\PC Suite
2009-12-05 15:44:26 ----D---- C:\Program Files\Google
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-28 22:59:51 ----RSD---- C:\Windows\assembly
2009-11-17 16:24:02 ----D---- C:\Windows\system32\Tasks
2009-11-17 16:21:29 ----D---- C:\Windows\system32\wbem
2009-11-17 16:21:27 ----D---- C:\Windows\system32\zh-TW
2009-11-17 16:21:27 ----D---- C:\Windows\system32\zh-HK
2009-11-17 16:21:27 ----D---- C:\Windows\system32\zh-CN
2009-11-17 16:21:27 ----D---- C:\Windows\system32\uk-UA
2009-11-17 16:21:27 ----D---- C:\Windows\system32\tr-TR
2009-11-17 16:21:27 ----D---- C:\Windows\system32\th-TH
2009-11-17 16:21:27 ----D---- C:\Windows\system32\sv-SE
2009-11-17 16:21:27 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-17 16:21:27 ----D---- C:\Windows\system32\sl-SI
2009-11-17 16:21:27 ----D---- C:\Windows\system32\sk-SK
2009-11-17 16:21:27 ----D---- C:\Windows\system32\ru-RU
2009-11-17 16:21:27 ----D---- C:\Windows\system32\ro-RO
2009-11-17 16:21:27 ----D---- C:\Windows\system32\pt-PT
2009-11-17 16:21:27 ----D---- C:\Windows\system32\pt-BR
2009-11-17 16:21:27 ----D---- C:\Windows\system32\pl-PL
2009-11-17 16:21:27 ----D---- C:\Windows\system32\nl-NL
2009-11-17 16:21:27 ----D---- C:\Windows\system32\nb-NO
2009-11-17 16:21:27 ----D---- C:\Windows\system32\lv-LV
2009-11-17 16:21:27 ----D---- C:\Windows\system32\lt-LT
2009-11-17 16:21:27 ----D---- C:\Windows\system32\ko-KR
2009-11-17 16:21:27 ----D---- C:\Windows\system32\ja-JP
2009-11-17 16:21:27 ----D---- C:\Windows\system32\it-IT
2009-11-17 16:21:27 ----D---- C:\Windows\system32\hu-HU
2009-11-17 16:21:27 ----D---- C:\Windows\system32\hr-HR
2009-11-17 16:21:27 ----D---- C:\Windows\system32\he-IL
2009-11-17 16:21:27 ----D---- C:\Windows\system32\fr-FR
2009-11-17 16:21:27 ----D---- C:\Windows\system32\fi-FI
2009-11-17 16:21:27 ----D---- C:\Windows\system32\et-EE
2009-11-17 16:21:27 ----D---- C:\Windows\system32\es-ES
2009-11-17 16:21:27 ----D---- C:\Windows\system32\en-US
2009-11-17 16:21:27 ----D---- C:\Windows\system32\el-GR
2009-11-17 16:21:27 ----D---- C:\Windows\system32\da-DK
2009-11-17 16:21:27 ----D---- C:\Windows\system32\cs-CZ
2009-11-17 16:21:27 ----D---- C:\Windows\system32\bg-BG
2009-11-17 16:21:27 ----D---- C:\Windows\system32\ar-SA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-06-17 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-26 69632]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-06-17 25888]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-04 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-04 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2008-05-30 146944]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-25 2126688]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-04-03 43552]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-04-03 7444672]
R3 Razerlow;Razerlow USB Filter Driver; C:\Windows\System32\Drivers\Razerlow.sys [2005-04-24 13225]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-02-22 198064]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
S3 kgrdypoc;kgrdypoc; \??\C:\Users\BNEK~1\AppData\Local\Temp\kgrdypoc.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-04 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2008-07-12 3517440]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-04-03 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-06-23 75064]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 gupdate1c98c805e078ff9;Google Update Service (gupdate1c98c805e078ff9); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-12-11 321320]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-08-25 361216]

-----------------EOF-----------------

cosinus · 16.12.2009, 16:24

Da taucht nur der Schlüssel auf, wo svhost vorkommt:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05357f28-6d1a-11dd-a7c7-00038a000015}]

Bitte mit regedit löschen.

Duffman · 16.12.2009, 16:38

Ist gelöscht! Und nu?

cosinus · 16.12.2009, 16:39

Wenn keine weiteren Probleme mehr sind, bist Du erstmal entlassen

15.12.2009, 18:47	#33
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox im Taskmanager, obwohl nicht geöffnet! Offensichtlich entfernt Zeigt HJT im Logfile immer noch den Eintrag? __________________ __________________

16.12.2009, 09:39	#35
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox im Taskmanager, obwohl nicht geöffnet! Mach nochmal bitte den Durchlauf mit GMER bitte aber diesmal auf den Tab Autostart statt Rootkit/Malware klicken. Rest wie gehabt, Scan der Autostarts ausfürehn, wenn fertig kopieren & hier posten. __________________ Logfiles bitte immer in CODE-Tags posten

16.12.2009, 16:24	#39
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox im Taskmanager, obwohl nicht geöffnet! Da taucht nur der Schlüssel auf, wo svhost vorkommt: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05357f28-6d1a-11dd-a7c7-00038a000015}] Bitte mit regedit löschen. __________________ Logfiles bitte immer in CODE-Tags posten

16.12.2009, 16:39	#41
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox im Taskmanager, obwohl nicht geöffnet! Wenn keine weiteren Probleme mehr sind, bist Du erstmal entlassen __________________ Logfiles bitte immer in CODE-Tags posten

Firefox im Taskmanager, obwohl nicht geöffnet!

Log-Analyse und Auswertung: Firefox im Taskmanager, obwohl nicht geöffnet!