| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Flacor.dat entdecktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
30.07.2010, 19:31
| #1 |
 |  Flacor.dat entdeckt hallo leute, ich habe vor ca. 1 Woche festgestellt, dass sich der pc automatisch hunterfährt nach einem kurzen hinweis. Seit dem kam immer eine Fehlermeldung mit der datei flacor.dat. Nach ein wenig googeln wusste ich dann was ich mir da eingefangen hab, daraufhin einen vollständigen scan mit Malwarebytes gemacht und die datei flacor.dat entfernt: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4370
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
30.07.2010 19:46:54
mbam-log-2010-07-30 (19-46-54).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 310734
Laufzeit: 1 Stunde(n), 28 Minute(n), 7 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Arthur\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Users\Arthur\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Arthur\AppData\Local\Temp\services.exe (Password.Stealer) -> Quarantined and deleted successfully.
file1 OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.07.2010 20:25:23 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Arthur\Desktop\Security & PC Progs Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 80,67 Gb Free Space | 56,01% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 229,14 Gb Free Space | 76,87% Space Free | Partition Type: NTFS Drive E: | 140,50 Gb Total Space | 57,28 Gb Free Space | 40,77% Space Free | Partition Type: NTFS Drive F: | 445,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ARTHUR-NOTEBOOK Current User Name: Arthur Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Programme\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Arthur\Desktop\Security & PC Progs\OTL.exe (OldTimer Tools) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Users\Arthur\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe () PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\ACER\Mobility Center\MobilityService.exe () PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - c:\Programme\McAfee\MSC\mcuimgr.exe (McAfee, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Programme\AOL 9.0 VRa\shellmon.exe (AOL, LLC.) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\AOL 9.0 VRa\waol.exe (AOL, LLC.) PRC - C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC) PRC - C:\Programme\Common Files\aol\1223197373\ee\aolsoftware.exe (America Online, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Arthur\Desktop\Security & PC Progs\OTL.exe (OldTimer Tools) MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC) ========== Driver Services (SafeList) ========== DRV - (vaxscsi) -- C:\Windows\System32\Drivers\vaxscsi.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.06.13 08:35:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Firefox\components [2010.07.30 19:54:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010.07.30 19:54:02 | 000,000,000 | ---D | M] [2008.10.04 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\mozilla\Extensions [2010.07.30 18:17:16 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\u96e3y89.default\extensions [2009.10.09 11:34:19 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\u96e3y89.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2009.05.10 11:11:48 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\u96e3y89.default\extensions\bloodfire@example.com [2009.05.10 11:11:35 | 000,000,000 | ---D | M] -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\u96e3y89.default\extensions\martin@hoerandl.com [2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Arthur\AppData\Roaming\Mozilla\FireFox\Profiles\u96e3y89.default\searchplugins\conduit.xml [2008.10.04 20:46:29 | 000,001,196 | ---- | M] () -- C:\Users\Arthur\AppData\Roaming\Mozilla\FireFox\Profiles\u96e3y89.default\searchplugins\winamp-search.xml [2009.04.19 17:55:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll () O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (no name) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - No CLSID value found. O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1223197373\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VRa\AOL.EXE (AOL, LLC.) O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks) O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.09.25 18:44:14 | 000,000,029 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{640eaecc-f6e6-11de-8114-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{640eaecc-f6e6-11de-8114-00038a000015}\Shell\AutoRun\command - "" = I:\iStudio.exe -- File not found O33 - MountPoints2\{66e672a3-9245-11dd-9f67-001e68d94ab5}\Shell - "" = AutoRun O33 - MountPoints2\{66e672a3-9245-11dd-9f67-001e68d94ab5}\Shell\AutoRun\command - "" = F:\Start.exe -- [2009.09.29 09:49:28 | 000,557,352 | R--- | M] (Akademische Arbeitsgemeinschaft Verlag) O33 - MountPoints2\{7533091f-42bd-11de-925b-00038a000015}\Shell\Open\command - "" = H:\resycled\boot.com -- File not found O33 - MountPoints2\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{e92f2883-5bd6-11de-b517-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{e92f2883-5bd6-11de-b517-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.30 19:53:18 | 000,000,000 | ---D | C] -- C:\Users\Arthur\AppData\Roaming\SUPERAntiSpyware.com [2010.07.30 19:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.07.30 19:53:13 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.07.30 19:51:55 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.07.30 18:12:24 | 000,000,000 | ---D | C] -- C:\Users\Arthur\AppData\Roaming\Malwarebytes [2010.07.30 18:11:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.30 18:11:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.30 18:11:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.30 18:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.30 18:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.07.30 18:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.07.30 18:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.07.10 15:22:45 | 000,000,000 | ---D | C] -- C:\Users\Arthur\AppData\Roaming\temp [2010.07.10 15:22:38 | 000,000,000 | ---D | C] -- C:\Users\Arthur\Documents\FUSSBALL MANAGER 09 [2010.07.10 14:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2010.07.10 13:55:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2008.07.22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010.07.30 20:27:35 | 002,621,440 | -HS- | M] () -- C:\Users\Arthur\ntuser.dat [2010.07.30 20:00:20 | 000,066,492 | ---- | M] () -- C:\Users\Arthur\Documents\cc_20100730_200003.reg [2010.07.30 19:55:36 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.30 19:55:36 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.30 19:55:36 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.30 19:55:36 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.30 19:55:36 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.30 19:51:02 | 000,055,302 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.07.30 19:49:33 | 000,034,355 | ---- | M] () -- C:\Windows\System32\Config.MPF [2010.07.30 19:49:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.07.30 19:49:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.30 19:49:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.30 19:49:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.30 19:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.30 19:48:51 | 3215,847,424 | -HS- | M] () -- C:\hiberfil.sys [2010.07.30 19:48:06 | 000,524,288 | -HS- | M] () -- C:\Users\Arthur\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.07.30 19:48:06 | 000,065,536 | -HS- | M] () -- C:\Users\Arthur\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.07.30 19:47:49 | 004,240,145 | -H-- | M] () -- C:\Users\Arthur\AppData\Local\IconCache.db [2010.07.30 06:33:42 | 000,055,302 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.07.27 18:48:02 | 000,204,023 | ---- | M] () -- C:\Users\Arthur\Desktop\Unbenannt.jpg [2010.07.26 20:31:11 | 000,021,902 | ---- | M] () -- C:\Users\Arthur\Desktop\xxx048_20100725.pdf [2010.07.21 21:42:38 | 000,293,673 | ---- | M] () -- C:\Users\Arthur\Desktop\Booking.com_ Bestätigung.pdf [2010.07.11 13:27:39 | 000,000,578 | ---- | M] () -- C:\Users\Arthur\Desktop\Manager09.exe - Verknüpfung.lnk [2010.07.10 13:58:00 | 008,707,460 | ---- | M] () -- C:\Users\Arthur\Desktop\FM09DBUpdate.exe ========== Files Created - No Company Name ========== [2010.07.30 20:00:05 | 000,066,492 | ---- | C] () -- C:\Users\Arthur\Documents\cc_20100730_200003.reg [2010.07.27 18:48:02 | 000,204,023 | ---- | C] () -- C:\Users\Arthur\Desktop\Unbenannt.jpg [2010.07.26 20:31:10 | 000,021,902 | ---- | C] () -- C:\Users\Arthur\Desktop\xxx048_20100725.pdf [2010.07.21 21:42:37 | 000,293,673 | ---- | C] () -- C:\Users\Arthur\Desktop\Booking.com_ Bestätigung.pdf [2010.07.11 13:27:39 | 000,000,578 | ---- | C] () -- C:\Users\Arthur\Desktop\Manager09.exe - Verknüpfung.lnk [2010.07.10 13:57:09 | 008,707,460 | ---- | C] () -- C:\Users\Arthur\Desktop\FM09DBUpdate.exe [2009.09.06 14:33:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.04.19 17:56:52 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.12.29 16:05:56 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.12.29 16:05:48 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.10.28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.10.07 20:54:51 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll [2008.10.04 20:49:08 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.09.01 19:46:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.09.01 19:31:46 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.09.01 19:31:46 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.07.30 12:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.07.30 03:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.07.30 03:42:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.07.30 03:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:FEBEC560 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:8AB6C1D7 < End of report > file 2 OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.07.2010 20:25:23 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Arthur\Desktop\Security & PC Progs
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 80,67 Gb Free Space | 56,01% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 229,14 Gb Free Space | 76,87% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 57,28 Gb Free Space | 40,77% Space Free | Partition Type: NTFS
Drive F: | 445,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ARTHUR-NOTEBOOK
Current User Name: Arthur
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C1E46D-2625-4746-8E7A-9A34BF05CC6F}" = lport=137 | protocol=17 | dir=in | app=system |
"{2848F563-7516-4D3E-881A-8802EA9D09DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{295CD266-869D-4398-AFA7-DBB3FB0F143E}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B7F49A3-94A2-4ED7-A3B2-E0D93AC795C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CFF4483-BAF5-4251-B77C-C228930E6CB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{42F9DCB5-1184-4FBD-A535-51EC79B792F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4CCE8CA1-9EE1-4DBC-B63D-16E0F05191E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{7DB057F4-006C-4190-8F34-01F5DD1E0187}" = lport=139 | protocol=6 | dir=in | app=system |
"{888D8C28-500F-4088-9B1B-9745272451CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{977EA2FF-A73B-4079-88E1-2B2EB4701536}" = rport=139 | protocol=6 | dir=out | app=system |
"{B6D1C6EE-A859-4FA9-A44F-FE0DFC00D579}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C717EB99-0FB1-463F-ADF5-FC1CE7A3B15F}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF38261F-D626-4294-A3A3-9629DF867E65}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F648EC3C-F25B-4E64-9F3A-5F6640E1F99F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C35C00-55E7-4399-923E-88DFFC7CC9BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{042EBB4A-8168-42B4-947A-003AEDC24F17}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0A9C8D79-DE32-49D5-80B3-E168982CC34F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{0C604D7C-A5A6-44A8-82E7-751DFDA272FF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{12775923-6831-4EFF-95E3-BCCF4C3F1088}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{15CF8154-9AFC-45AD-AECD-BB3F4420BBD8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{1F42165D-A6C4-47A2-824F-659B7640230C}" = protocol=17 | dir=in | app=d:\spiele\ gta iv\grand theft auto iv\launchgtaiv.exe |
"{298F0918-FC31-4301-868E-95D0CE4F1D37}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2D59EDC2-4FDE-4F34-87C2-64D65F2EB82B}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{33257381-F59A-4A11-BB55-40B0CD71A025}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{34B344D6-1CAF-45C7-B386-6E2708AB3B93}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{37018BE3-B893-42FE-933D-3A4F96D8FFF6}" = protocol=6 | dir=in | app=d:\spiele\ gta iv\grand theft auto iv\rockstar games social club\rgsclauncher.exe |
"{37BF63F3-FAA3-40BD-8BD1-DE37743D0E82}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3C5D05EF-9CF8-4D9C-983E-24D7AE172113}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{3D1B06F1-E2A4-4908-847A-4E08A5D3D88A}" = protocol=17 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{400BC84F-AE4D-4546-99B1-F06E1065B085}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{40FAB121-09C0-4F4E-8C93-8472610C79CB}" = protocol=6 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{445C89F6-67CB-4D0F-BD9A-6B76213FFEF7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{4679EF93-504B-4E15-BEEF-58C073C739B1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{525C3FAE-B638-4915-8F28-12CA541AAC22}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5B05889E-4C9E-4A92-98AA-63C99F098C9E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{64E74C6C-1ACA-4673-AB97-1417DAC6128F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{705AA1B9-9D82-4DA2-8C25-523CC891AD28}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{70DDBBD2-1B7C-447E-BE81-BBB6073F4218}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{732EFC31-663D-45D9-9002-AFC4D4BCA185}" = protocol=6 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{77F7F3FD-5E57-4C91-AEE6-B1C6C07BB404}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{7A74DC89-7321-42CE-B2DB-16032ED09E48}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7F229A7D-24FC-4139-A5FE-CAE250E5BF7C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{853FD655-618C-46F3-B443-509283E271C8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8717AF46-97FC-465B-9558-1FBF757D97AA}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{89E38269-2DCA-4003-9D0F-90296A80820B}" = protocol=17 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{8C349E28-6D85-46CC-90D1-1D50D180F408}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{9491496B-D1B8-49B6-8309-C0FD869EFBE5}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{98181662-5144-4A55-9027-84A051911A42}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9B919600-2CC1-4A57-A71F-F40AD808E5A7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1223197373\ee\aolsoftware.exe |
"{9E7B9255-6368-4F39-B875-F665968F28D2}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{9F7EC11B-A21C-4D65-8CFE-B2E6C4D03C96}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{A14B209A-17C6-4248-A9FB-25FB8D0185EC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A380A5CC-72E2-47AD-A854-5EDB5947468F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A3D039F4-D0A2-4B56-A7DE-C864C15B3809}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{AB250CBC-C463-467D-801F-3A1C357649C3}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{AE7E5E8A-FE47-4891-B88C-4AA8B1B5D971}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{B2A73CFC-2A90-480E-AB62-E8BC44197986}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B728BF01-6707-420C-8DAA-05330F711B8C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BB8FCCEA-42AC-42DC-B1D8-8DC04024F54D}" = protocol=17 | dir=in | app=d:\spiele\ gta iv\grand theft auto iv\rockstar games social club\rgsclauncher.exe |
"{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{C034BA26-98FD-4664-A027-F79C168A38EA}" = protocol=17 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{C4ED8404-09A3-4C14-A19B-6F7D3B257BD5}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C58225F4-B8DD-4ADC-8D1C-13DAEF9C9126}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{C61C22C0-EB7B-4B23-8872-F112D2151410}" = protocol=6 | dir=in | app=d:\spiele\ gta iv\grand theft auto iv\launchgtaiv.exe |
"{CF2140B9-45D1-49E1-9455-8AA34070C1B8}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{DBACF3DD-4513-4CF7-842D-2411BD9D3A78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE936308-2D39-438F-87B3-42DF87741D3F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1223197373\ee\aolsoftware.exe |
"{E1CDBD55-6EEC-47D2-9F23-07D388DA8C32}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E4556682-A11A-475A-9803-C0DE5241D9B3}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{E510EA3C-A2F4-48F8-A1C0-E1DB30B71DBD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EBCBD4F1-4DA2-49FC-A71B-E88BF1D3F864}" = protocol=6 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{F273890D-11CF-4581-B907-C90BAC3D47DC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F5E316CD-8B93-446C-ACE5-C48A122E30E9}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{FC0A464F-FA6D-4EB8-A7F2-2F56F3D0963C}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{56FDB311-6511-11DE-832F-0050560400B1}" = Haufe iDesk-Browser
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C3542652-4C59-4A96-982A-06EBB3F47819}" = Steuer-Hilfesammlung 2009
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 0.83
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection
AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"BurnAware Free_is1" = BurnAware Free 2.3.0
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"PhotoScape" = PhotoScape
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinGimp-2.0_is1" = GIMP 2.6.6
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.07.2010 12:58:29 | Computer Name = Arthur-Notebook | Source = WinMgmt | ID = 10
Description =
Error - 21.07.2010 12:58:40 | Computer Name = Arthur-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 21.07.2010 13:01:53 | Computer Name = Arthur-Notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager09.exe, Version 1.2.0.0, Zeitstempel
0x498842bc, fehlerhaftes Modul Manager09.exe, Version 1.2.0.0, Zeitstempel 0x498842bc,
Ausnahmecode 0xc0000005, Fehleroffset 0x00bd0163, Prozess-ID 0x12a0, Anwendungsstartzeit
01cb28f602be929d.
Error - 21.07.2010 13:02:33 | Computer Name = Arthur-Notebook | Source = Application Hang | ID = 1002
Description = Programm Manager09.exe, Version 1.2.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 12a0 Anfangszeit: 01cb28f602be929d Zeitpunkt der Beendigung:
187
Error - 21.07.2010 13:04:20 | Computer Name = Arthur-Notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager09.exe, Version 1.2.0.0, Zeitstempel
0x498842bc, fehlerhaftes Modul Manager09.exe, Version 1.2.0.0, Zeitstempel 0x498842bc,
Ausnahmecode 0xc0000005, Fehleroffset 0x00bd0163, Prozess-ID 0xbb4, Anwendungsstartzeit
01cb28f6849b5aad.
Error - 21.07.2010 13:04:39 | Computer Name = Arthur-Notebook | Source = Application Hang | ID = 1002
Description = Programm Manager09.exe, Version 1.2.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: bb4 Anfangszeit: 01cb28f6849b5aad Zeitpunkt der Beendigung:
157
Error - 21.07.2010 16:34:41 | Computer Name = Arthur-Notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager09.exe, Version 1.2.0.0, Zeitstempel
0x498842bc, fehlerhaftes Modul Manager09.exe, Version 1.2.0.0, Zeitstempel 0x498842bc,
Ausnahmecode 0xc0000005, Fehleroffset 0x00bd0163, Prozess-ID 0xf0c, Anwendungsstartzeit
01cb290fbc108d7d.
Error - 21.07.2010 16:35:01 | Computer Name = Arthur-Notebook | Source = Application Hang | ID = 1002
Description = Programm Manager09.exe, Version 1.2.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: f0c Anfangszeit: 01cb290fbc108d7d Zeitpunkt der Beendigung:
477
Error - 22.07.2010 12:19:34 | Computer Name = Arthur-Notebook | Source = WinMgmt | ID = 10
Description =
Error - 22.07.2010 12:22:59 | Computer Name = Arthur-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 29.07.2010 14:02:15 | Computer Name = Arthur-Notebook | Source = Service Control Manager | ID = 7031
Description =
Error - 29.07.2010 14:02:15 | Computer Name = Arthur-Notebook | Source = Service Control Manager | ID = 7031
Description =
Error - 29.07.2010 14:02:15 | Computer Name = Arthur-Notebook | Source = Service Control Manager | ID = 7031
Description =
Error - 29.07.2010 14:02:15 | Computer Name = Arthur-Notebook | Source = Service Control Manager | ID = 7031
Description =
Error - 29.07.2010 14:02:52 | Computer Name = Arthur-Notebook | Source = Service Control Manager | ID = 7032
Description =
Error - 30.07.2010 00:11:29 | Computer Name = Arthur-Notebook | Source = HTTP | ID = 15016
Description =
Error - 30.07.2010 11:58:19 | Computer Name = Arthur-Notebook | Source = HTTP | ID = 15016
Description =
Error - 30.07.2010 12:50:52 | Computer Name = Arthur-Notebook | Source = bowser | ID = 8003
Description =
Error - 30.07.2010 13:49:08 | Computer Name = Arthur-Notebook | Source = HTTP | ID = 15016
Description =
Error - 30.07.2010 14:01:58 | Computer Name = Arthur-Notebook | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.100 registriert werden. Der Computer mit IP-Adresse 192.168.2.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
< End of report >
superantisyware hat nichts mehr gefunden, cc-cleaner hab ich auch durchlaufen lassen, passwörter habe ich alle geändert... kann ich jetzt beruigt weitersurfen oder muss ich mir noch sorgen machen??? ich bedanke mich schonmal für die antworten kann erst am montag wieder antworten da ich morgen übers we weg fahre... grüße Arthur |
|
31.07.2010, 16:04
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Flacor.dat entdeckt Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O33 - MountPoints2\{640eaecc-f6e6-11de-8114-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{640eaecc-f6e6-11de-8114-00038a000015}\Shell\AutoRun\command - "" = I:\iStudio.exe -- File not found
O33 - MountPoints2\{66e672a3-9245-11dd-9f67-001e68d94ab5}\Shell - "" = AutoRun
O33 - MountPoints2\{66e672a3-9245-11dd-9f67-001e68d94ab5}\Shell\AutoRun\command - "" = F:\Start.exe -- [2009.09.29 09:49:28 | 000,557,352 | R--- | M] (Akademische Arbeitsgemeinschaft Verlag)
O33 - MountPoints2\{7533091f-42bd-11de-925b-00038a000015}\Shell\Open\command - "" = H:\resycled\boot.com -- File not found
O33 - MountPoints2\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e86f1b83-7849-11dd-8d34-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{e92f2883-5bd6-11de-b517-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e92f2883-5bd6-11de-b517-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:FEBEC560
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:8AB6C1D7
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ |
|
02.08.2010, 14:16
| #3 |
| | Flacor.dat entdeckt hab ich wie beschrieben gemacht, hier das logfile:
__________________PHP-Code: |
|
03.08.2010, 10:45
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Flacor.dat entdeckt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.08.2010, 18:46
| #5 |
| | Flacor.dat entdeckt hallo, hab combofix nun wie beschrieben ausgeführt hier das file: Combofix Logfile: Code:
ATTFilter ComboFix 10-08-02.03 - Arthur 03.08.2010 19:20:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3066.2187 [GMT 2:00]
ausgeführt von:: c:\users\Arthur\Desktop\cofi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpe4865.dll
c:\users\Arthur\AppData\Roaming\.#
c:\users\Arthur\AppData\Roaming\Desktopicon
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-03 bis 2010-08-03 ))))))))))))))))))))))))))))))
.
2010-08-02 12:59 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-08-02 12:59 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-08-02 12:43 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-08-02 12:43 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-08-02 12:37 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-02 12:26 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-08-02 12:26 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-08-02 12:26 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-08-02 12:26 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-02 12:26 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2010-08-02 12:26 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-08-02 12:26 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-02 12:22 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-08-02 12:22 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-02 12:22 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-08-02 12:22 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-08-02 12:22 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2010-08-02 12:21 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-02 12:21 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-08-02 12:21 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-02 12:19 . 2010-08-02 12:19 -------- d-----w- C:\_OTL
2010-07-30 19:37 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-30 19:36 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-07-30 19:35 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-07-30 19:34 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-07-30 19:26 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-30 19:22 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-07-30 19:21 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-07-30 19:14 . 2008-05-26 09:54 81704 ----a-w- c:\windows\system32\drivers\WSVD.sys
2010-07-30 19:10 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-07-30 19:10 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-07-30 19:10 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-07-30 19:10 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-07-30 19:02 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-07-30 19:02 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-07-30 19:02 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-07-30 18:56 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-07-30 18:56 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-07-30 18:36 . 2010-07-30 18:36 109624 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-30 17:53 . 2010-07-30 17:53 63488 ----a-w- c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 17:53 . 2010-07-30 17:53 52224 ----a-w- c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 17:53 . 2010-07-30 17:53 117760 ----a-w- c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-30 17:53 . 2010-07-30 17:53 -------- d-----w- c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com
2010-07-30 17:53 . 2010-07-30 17:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-30 17:53 . 2010-07-30 17:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-30 17:51 . 2010-07-30 17:52 -------- d-----w- c:\program files\CCleaner
2010-07-30 16:12 . 2010-07-30 16:12 -------- d-----w- c:\users\Arthur\AppData\Roaming\Malwarebytes
2010-07-30 16:11 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 16:11 . 2010-07-30 16:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 16:11 . 2010-07-30 16:11 -------- d-----w- c:\programdata\Malwarebytes
2010-07-30 16:11 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 16:05 . 2010-07-30 16:07 -------- d-----w- c:\programdata\Norton
2010-07-30 16:05 . 2010-07-30 16:05 -------- d-----w- c:\programdata\Symantec
2010-07-30 16:05 . 2010-07-30 16:05 -------- d-----w- c:\programdata\NortonInstaller
2010-07-30 04:24 . 2010-07-30 04:24 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-30 04:22 . 2010-07-30 04:22 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-30 04:16 . 2010-07-30 04:16 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-10 12:21 . 2010-07-10 12:21 -------- d-----w- c:\programdata\Electronic Arts
2010-07-10 11:55 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 17:24 . 2010-08-03 17:24 -------- d-----w- c:\programdata\WindowsSearch
2010-08-03 17:24 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-08-03 17:24 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-08-02 15:12 . 2008-10-07 19:31 55302 ----a-w- c:\programdata\nvModes.dat
2010-08-02 13:14 . 2009-05-07 16:01 78752 ----a-w- c:\users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-02 13:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-02 12:34 . 2008-07-30 02:19 -------- d-----w- c:\program files\Microsoft Works
2010-07-31 05:40 . 2009-03-29 16:33 -------- d-----w- c:\program files\Azureus
2010-07-31 05:35 . 2008-07-30 01:43 -------- d-----w- c:\programdata\McAfee
2010-07-30 18:59 . 2008-10-25 13:00 8268 ----a-w- c:\users\Arthur\AppData\Local\d3d9caps.dat
2010-07-30 17:54 . 2008-10-04 15:58 -------- d-----w- c:\program files\Firefox
2010-07-30 04:24 . 2010-06-10 09:02 -------- d-----w- c:\programdata\DivX
2010-07-30 04:23 . 2009-10-08 08:44 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-30 04:22 . 2009-01-24 13:18 -------- d-----w- c:\program files\DivX
2010-07-28 17:38 . 2009-05-10 09:37 1 ----a-w- c:\users\Arthur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-27 17:28 . 2009-03-29 16:43 -------- d-----w- c:\users\Arthur\AppData\Roaming\Azureus
2010-06-23 17:10 . 2010-06-23 16:50 -------- d-----w- c:\users\Arthur\AppData\Roaming\Audacity
2010-06-23 17:01 . 2010-06-23 17:01 -------- d-----w- c:\program files\Lame for Audacity
2010-06-23 16:50 . 2010-06-23 16:50 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-06-17 18:12 . 2010-06-11 13:18 -------- d-----w- c:\program files\iTunes
2010-06-17 18:11 . 2010-06-17 18:11 -------- d-----w- c:\program files\iPod
2010-06-17 18:11 . 2010-06-11 13:15 -------- d-----w- c:\program files\Common Files\Apple
2010-06-17 18:07 . 2010-06-17 18:07 -------- d-----w- c:\program files\Bonjour
2010-06-17 18:03 . 2010-06-17 18:03 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-12 06:58 . 2010-06-11 13:19 -------- d-----w- c:\users\Arthur\AppData\Roaming\Apple Computer
2010-06-11 13:19 . 2010-06-11 13:18 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-11 13:18 . 2010-06-11 13:17 -------- d-----w- c:\programdata\Apple Computer
2010-06-11 13:18 . 2010-06-11 13:17 -------- d-----w- c:\program files\QuickTime
2010-06-11 13:17 . 2010-06-11 13:17 -------- d-----w- c:\program files\Apple Software Update
2010-06-11 13:17 . 2010-06-11 13:15 -------- d-----w- c:\programdata\Apple
2010-06-10 09:08 . 2010-06-10 09:08 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-10 09:08 . 2009-10-08 08:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-10 09:08 . 2010-06-10 09:08 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-10 09:08 . 2010-06-10 09:08 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-10 09:07 . 2010-06-10 09:07 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-10 09:07 . 2009-10-20 14:06 -------- d-----w- c:\users\Arthur\AppData\Roaming\DivX
2010-06-10 09:06 . 2010-06-10 09:06 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-10 09:05 . 2010-06-10 09:05 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-10 09:05 . 2010-06-10 09:05 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-06-10 09:05 . 2010-06-10 09:05 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-06-10 09:02 . 2010-06-10 09:08 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-10 09:02 . 2010-06-10 09:08 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-26 16:16 . 2010-07-30 19:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-07-30 19:36 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Winload\tbWinl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
2008-08-14 13:57 2484224 ----a-w- c:\users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968]
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224]
[HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 68856]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-09-01 3676160]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-01 30192]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"HostManager"="c:\program files\Common Files\AOL\1223197373\ee\AOLSoftware.exe" [2006-09-26 50736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-09-01 17:46 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-01 30192]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 vaxscsi;vaxscsi;c:\windows\System32\Drivers\vaxscsi.sys [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-05-26 81704]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-01-17 717296]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-09-01 42608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-11 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-09-01 3602432]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\u96e3y89.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX Richtlinien ----
c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-Winamp Toolbar for Firefox - c:\users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\u96e3y89.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3747233088-3331940985-2413091596-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,63,fe,43,2c,ab,80,86,ec,1f,ef,d8,62,8b,f7,be,4d,13,9c,db,4d,
3a,3f,d2,62,94,b2,db,65,af,96,85,5b,72,3c,de,b0,25,fd,ab,d1,f9,bc,c7,a5,b6,\
"rkeysecu"=hex:ca,c1,c2,c0,b5,34,10,25,d7,1f,9c,d5,07,0e,95,d4
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(1248)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-03 19:39:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-08-03 17:39
Vor Suchlauf: 13 Verzeichnis(se), 83.569.094.656 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 83.206.361.088 Bytes frei
- - End Of File - - F5516F84436EA8CCB0C86D08B1C211AF
|
|
05.08.2010, 14:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Flacor.dat entdeckt Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ --> Flacor.dat entdeckt |
|
05.08.2010, 18:49
| #7 |
| | Flacor.dat entdeckt hallo, habe die programme wie beschrieben ausgeführt: gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-05 19:02:10
Windows 6.0.6001 Service Pack 1
Running: 0zq0crd2.exe; Driver: C:\Users\Arthur\AppData\Local\Temp\pwdyypoc.sys
---- System - GMER 1.0.15 ----
SSDT 9CCCD104 ZwCreateThread
SSDT 9CCCD0F0 ZwOpenProcess
SSDT 9CCCD0F5 ZwOpenThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8FB97620]
INT 0x62 ? 87226F00
INT 0x72 ? 87226F00
INT 0x82 ? 87226F00
INT 0x92 ? 8552BBF8
INT 0x92 ? 87226F00
INT 0x92 ? 87226F00
INT 0x92 ? 87226F00
INT 0x92 ? 8552BBF8
INT 0xB1 ? 85526BF8
INT 0xB1 ? 85526BF8
INT 0xB2 ? 87226F00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 82304B18 4 Bytes [04, D1, CC, 9C] {ADD AL, 0xd1; INT 3 ; PUSHF }
.text ntkrnlpa.exe!KeSetTimerEx + 624 82304CE8 4 Bytes [F0, D0, CC, 9C]
.text ntkrnlpa.exe!KeSetTimerEx + 640 82304D04 4 Bytes [F5, D0, CC, 9C] {CMC ; ROR AH, 0x1; PUSHF }
.text ntkrnlpa.exe!KeSetTimerEx + 854 82304F18 4 Bytes [20, 76, B9, 8F]
? System32\Drivers\spct.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E406340, 0x3EDF57, 0xE8000020]
.text USBPORT.SYS!DllUnload 8E32B46F 5 Bytes JMP 872264E0
.text apoyoixh.SYS 8E36F000 22 Bytes [26, 02, 22, 82, 10, 01, 22, ...]
.text apoyoixh.SYS 8E36F017 181 Bytes [00, 32, 07, 7A, 80, 3D, 05, ...]
.text apoyoixh.SYS 8E36F0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INSD ; POPF ; SCASB ; DEC EAX}
.text apoyoixh.SYS 8E36F0DA 12 Bytes [00, 00, 02, 00, 00, 00, 26, ...]
.text apoyoixh.SYS 8E36F0E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...
? System32\Drivers\a6bwcglr.SYS Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9E8F4300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9E948300, 0x1B7E, 0xE8000020]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xA1D4341C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xA1D44000, 0x1000, 0xE0000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806976D2] \SystemRoot\System32\Drivers\spct.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80697040] \SystemRoot\System32\Drivers\spct.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806977FC] \SystemRoot\System32\Drivers\spct.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806970BE] \SystemRoot\System32\Drivers\spct.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069713C] \SystemRoot\System32\Drivers\spct.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A7048] \SystemRoot\System32\Drivers\spct.sys
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortNotification] 009E840F
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortWritePortUchar] 8B660000
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortWritePortUlong] 89662448
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 4D8BE84D
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 02C183E8
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortGetScatterGatherList] EA4D8966
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortReadPortUchar] 0320488B
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortStallExecution] 08458DC8
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortGetParentBusType] 8D575750
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortRequestCallback] 6850F045
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortWritePortBufferUshort] B0020000
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 50E8458D
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortCompleteRequest] 4FBC35FF
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortMoveMemory] 4D898E39
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 45C757EC
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 000001F0
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E5FEE800
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortReadPortUshort] C73B0001
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C8A14675
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortInitialize] 6A8E394F
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortGetDeviceBase] 9A888D52
IAT \SystemRoot\System32\Drivers\apoyoixh.SYS[ataport.SYS!AtaPortDeviceStateChange] 83000000
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1916] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe[3176] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740D88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741198A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740DB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740CFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740D7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740CEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7410B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [740DBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740D074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740D06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740C71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7415D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740F7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740CE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740C697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740C69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740D2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[4080] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8552D1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 855291F8
Device \Driver\usbuhci \Device\USBPDO-0 84C2D1F8
Device \Driver\usbuhci \Device\USBPDO-1 84C2D1F8
Device \Driver\usbuhci \Device\USBPDO-2 84C2D1F8
Device \Driver\usbehci \Device\USBPDO-3 872531F8
Device \Driver\sptd \Device\485419675 spct.sys
Device \Driver\usbuhci \Device\USBPDO-4 84C2D1F8
Device \Driver\sptd \Device\485263674 spct.sys
Device \Driver\usbuhci \Device\USBPDO-5 84C2D1F8
Device \Driver\usbuhci \Device\USBPDO-6 84C2D1F8
Device \Driver\volmgr \Device\HarddiskVolume1 855291F8
Device \Driver\usbehci \Device\USBPDO-7 872531F8
Device \Driver\volmgr \Device\HarddiskVolume2 855291F8
Device \Driver\cdrom \Device\CdRom0 84C2C1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{5747541B-3A87-418D-9B4D-541579DA0947} 8FF8D1F8
Device \Driver\cdrom \Device\CdRom1 84C2C1F8
Device \Driver\volmgr \Device\HarddiskVolume3 855291F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8A2DAA60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8A2DAA60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8A2DAA60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 [8A2DAA60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume4 855291F8
Device \Driver\volmgr \Device\HarddiskVolume5 855291F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8FF8D1F8
Device \Driver\Smb \Device\NetbiosSmb 8FFFD1F8
Device \Driver\PCI_PNP9660 \Device\0000005b spct.sys
Device \Driver\iScsiPrt \Device\RaidPort0 872761F8
Device \Driver\PCI_PNP9660 \Device\0000005c spct.sys
Device \Driver\usbuhci \Device\USBFDO-0 84C2D1F8
Device \Driver\usbuhci \Device\USBFDO-1 84C2D1F8
Device \Driver\usbuhci \Device\USBFDO-2 84C2D1F8
Device \Driver\usbehci \Device\USBFDO-3 872531F8
Device \Driver\usbuhci \Device\USBFDO-4 84C2D1F8
Device \Driver\usbuhci \Device\USBFDO-5 84C2D1F8
Device \Driver\usbuhci \Device\USBFDO-6 84C2D1F8
Device \Driver\usbehci \Device\USBFDO-7 872531F8
Device \Driver\a6bwcglr \Device\Scsi\a6bwcglr1 873A71F8
Device \Driver\apoyoixh \Device\Scsi\apoyoixh1 873961F8
Device \Driver\a6bwcglr \Device\Scsi\a6bwcglr1Port3Path0Target0Lun0 873A71F8
Device \FileSystem\cdfs \Cdfs 8719D1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -461787858
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -521647997
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6D 0x5C 0x31 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x55 0x17 0xE7 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0x96 0x7B 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF0 0xA9 0x9D 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0x98 0xF6 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6D 0x5C 0x31 0x40 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x55 0x17 0xE7 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0x96 0x7B 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF0 0xA9 0x9D 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0x98 0xF6 0x9F ...
---- Files - GMER 1.0.15 ----
File C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenrootstorelock.dat 0 bytes
File C:\Windows\Microsoft.NET\ngenservice_pri3_lock.dat 0 bytes
---- EOF - GMER 1.0.15 ----
osam: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:26:05 on 05.08.2010 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status AppInit DLLs HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows |||| "AppInit_DLLs" "Google" C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll File exists Control Panel Objects %SystemRoot%\system32 || "DivXControlPanelApplet.cpl" "DivX, Inc." C:\Windows\system32\DivXControlPanelApplet.cpl File exists |||||| "PhysX.cpl" "NVIDIA Corporation" C:\Windows\system32\PhysX.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services "a7dnvet2" (a7dnvet2) C:\Windows\system32\drivers\a7dnvet2.sys Hidden registry entry, rootkit activity | File not found |||||| "AlfaFF File System mini-filter" (AlfaFF) "Alfa Corporation" C:\Windows\System32\Drivers\AlfaFF.sys File exists |||||| "at7i08x0" (at7i08x0) "Microsoft Corporation" C:\Windows\system32\drivers\at7i08x0.sys Hidden registry entry, rootkit activity | File signed by Microsoft |||||| "atksgt" (atksgt) C:\Windows\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information |||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists |||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists |||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists "catchme" (catchme) C:\cofi\catchme.sys File not found |||||| "int15" (int15) C:\Windows\system32\drivers\int15.sys File found, but it contains no detailed information "IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found "IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found "IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found |||||| "lirsgt" (lirsgt) C:\Windows\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information |||||| "NTIPPKernel" (NTIPPKernel) "Cyberlink Corp." C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys File exists "ntnzl" (ntnzl) C:\Windows\system32\drivers\ntnzl.sys File not found |||||| "PSDFilter" (PSDFilter) "Egis Incorporated" C:\Windows\System32\DRIVERS\psdfilter.sys File exists |||||| "PSDNServ" (PSDNServ) "Egis Incorporated" C:\Windows\System32\DRIVERS\PSDNServ.sys File exists |||||| "PSDVdisk" (psdvdisk) "Egis Incorporated" C:\Windows\System32\DRIVERS\PSDVdisk.sys File exists |||||| "SASDIFSV" (SASDIFSV) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File exists |||||| "SASKUTIL" (SASKUTIL) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS File exists |||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists |||||| "UBHelper" (UBHelper) "NewTech Infosystems Corporation" C:\Windows\system32\drivers\UBHelper.sys File exists |||||| "Upper Class Filter Driver" (NTIDrvr) "NewTech Infosystems, Inc." C:\Windows\System32\DRIVERS\NTIDrvr.sys File exists "vaxscsi" (vaxscsi) C:\Windows\System32\Drivers\vaxscsi.sys File not found |||||| "WSVD" (WSVD) "CyberLink" C:\Windows\system32\drivers\WSVD.sys File exists |||||| "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) "Cyberlink Corp." C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl File exists Explorer HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists HKLM\Software\Classes\Protocols\Filter |||| {B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" "Google Inc." C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File exists HKLM\Software\Classes\Protocols\Handler |||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists |||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists |||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" File not found | COM-object registry key not found HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found |||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found |||||| {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" "Egis Inc." C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll File exists {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" epm-po.dll File not found {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found |||||| {8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" "Arachnoid Biometrics Identification Group Corp." C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll File exists |||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists {00020d75-0000-0000-c000-000000000046} "lnkfile" File not found | COM-object registry key not found |||||| {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" "Microsoft Corporation" C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll File exists |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found |||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists {1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "ShellPlusContextMenu" File not found | COM-object registry key not found {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Program Files\WinRAR\rarext.dll File found, but it contains no detailed information Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser |||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists "ITBar7Layout" File not found | COM-object registry key not found |||| "Toolbar fuer eBay" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists |||| "Winamp Toolbar" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks |||| {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} "Winamp Search Class" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists || {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_20.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||||| "Quick-Launching Area" C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar |||||| "Acer eDataSecurity Management" "Egis Incorporated." C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll File exists |||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists |||| "Toolbar fuer eBay" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists |||| {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists || {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File exists |||| {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" "Google Inc." C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File exists |||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists |||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists |||||| {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" "Egis" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll File exists |||| {AA61DE26-FA67-4575-9033-918671094293} "TBSB03968 Class" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists |||| {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists || {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" File not found | COM-object registry key not found {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" File not found | COM-object registry key not found Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |||| "AlcoholAutomount" "Alcohol Soft Development Team" "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount File exists |||| "Orb" "Orb Networks" "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background File exists |||||| "SUPERAntiSpyware" "SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File exists |||| "swg" "Google Inc." "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File exists HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File exists |||| "ArcadeDeluxeAgent" "CyberLink Corp." "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" File exists |||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||||| "BkupTray" "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" File exists |||| "CLMLServer" "CyberLink" "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" File exists |||| "DAEMON Tools" "DT Soft Ltd." "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 File exists || "DivXUpdate" "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File exists |||| "eAudio" "Acer Incorporated" "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" File exists |||||| "eDataSecurity Loader" "Egis Incorporated" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe File exists |||||| "ePower_DMC" "Acer Inc." C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe File exists |||| "Google Desktop Search" "Google" "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File exists |||| "HostManager" "America Online, Inc." C:\Program Files\Common Files\AOL\1223197373\ee\AOLSoftware.exe File exists |||| "IAAnotif" "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File exists |||| "iTunesHelper" "Apple Inc." "C:\Program Files\iTunes\iTunesHelper.exe" File exists |||| "LexwareInfoService" "Lexware GmbH & Co. KG" C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart File exists |||| "LManager" "Dritek System Inc." C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE File exists |||||| " Malwarebytes Anti-Malware (reboot)" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File exists |||| "PlayMovie" "Acer Corp." "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" File exists || "PLFSetI" C:\Windows\PLFSetI.exe File exists |||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists |||| "WarReg_PopUp" "Acer Incorporated" C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe File exists |||| "WinampAgent" "C:\Program Files\Winamp\winampa.exe" File found, but it contains no detailed information |||| "ZPdtWzdVitaKey MC3000" "Arachnoid Biometrics Identification Group Corp." "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "PDFCreator" C:\Windows\system32\pdfcmnnt.dll File found, but it contains no detailed information Services HKLM\SYSTEM\CurrentControlSet\Services |||||| "AOL Connectivity Service" (AOL ACS) "AOL LLC" C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe File exists |||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists |||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists |||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists |||||| "CLHNService" (CLHNService) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe File exists |||||| "Cyberlink RichVideo Service(CRVS)" (RichVideo) C:\Program Files\Cyberlink\Shared files\RichVideo.exe File exists |||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists |||||| "eDataSecurity Service" (eDataSecurity Service) "Egis Incorporated" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe File exists |||||| "Empowering Technology Service" (ETService) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe File exists |||||| "FLEXnet Licensing Service" (FLEXnet Licensing Service) "Macrovision Europe Ltd." C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File exists |||| "Google Desktop Manager 5.9.911.3589" (GoogleDesktopManager-110309-193829) "Google" C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File exists |||| "Google Software Updater" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists |||||| "iGroupTec Service" (IGBASVC) C:\Program Files\Acer\Acer Bio Protection\BASVC.exe File found, but it contains no detailed information |||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe File exists |||||| "Intel(R) Matrix Storage Event Monitor" (IAANTMON) "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe File exists |||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists |||||| "LightScribeService Direct Disc Labeling Service" (LightScribeService) "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LSSrvc.exe File exists |||||| "MobilityService" (MobilityService) C:\Acer\Mobility Center\MobilityService.exe File exists |||||| "NMSAccessU" (NMSAccessU) C:\Program Files\CDBurnerXP\NMSAccessU.exe File found, but it contains no detailed information |||||| "NTI Backup Now 5 Agent Service" (BUNAgentSvc) "NewTech Infosystems, Inc." C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe File exists |||||| "NTI Backup Now 5 Backup Service" (NTIBackupSvc) "NewTech InfoSystems, Inc." C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe File exists |||||| "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe File found, but it contains no detailed information |||||| "Raw Socket Service" (RS_Service) "Acer Incorporated" C:\Program Files\Acer\Acer VCM\RS_Service.exe File exists || "Sony Ericsson OMSI download service" (OMSI download service) C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe File found, but it contains no detailed information |||||| "StarWind AE Service" (StarWindServiceAE) "Rocket Division Software" C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe File exists Winlogon HKCU\Control Panel\Desktop "SCRNSAVE.EXE" C:\Windows\System32\acer.scr File found, but it contains no detailed information HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify |||||| "AWinNotifyVitaKey MC3000" "Arachnoid Biometrics Identification Group Corp." C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll File exists |||||| "spba" "UPEK Inc." C:\Program Files\Common Files\SPBA\homefus2.dll File exists Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru und HTML-Code: <c> 2009 e Sage Lab www.esagelab.com Program Version: 1.1.0.0 OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1<build 6 001>, 32-bit System volume is \\.\C: \\.\C: → \\.\PhysicalDrive0 at offset 0x0000002'80100000 Boot sector MD5 is: 01d49f97fbbd6be24690f16caeaf20b8 Size Divice Name MBR Status 298 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Done: Press any key to quit... |
|
05.08.2010, 18:56
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Flacor.dat entdecktZitat:
Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.08.2010, 19:10
| #9 |
| | Flacor.dat entdeckt löschen erledigt... OSAM: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:07:22 on 05.08.2010 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status AppInit DLLs HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows |||| "AppInit_DLLs" "Google" C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll File exists Control Panel Objects %SystemRoot%\system32 || "DivXControlPanelApplet.cpl" "DivX, Inc." C:\Windows\system32\DivXControlPanelApplet.cpl File exists |||||| "PhysX.cpl" "NVIDIA Corporation" C:\Windows\system32\PhysX.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services "a7dnvet2" (a7dnvet2) C:\Windows\system32\drivers\a7dnvet2.sys Hidden registry entry, rootkit activity | File not found |||||| "AlfaFF File System mini-filter" (AlfaFF) "Alfa Corporation" C:\Windows\System32\Drivers\AlfaFF.sys File exists |||||| "at7i08x0" (at7i08x0) "Microsoft Corporation" C:\Windows\system32\drivers\at7i08x0.sys Hidden registry entry, rootkit activity | File signed by Microsoft |||||| "atksgt" (atksgt) C:\Windows\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information |||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists |||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists |||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists "catchme" (catchme) C:\cofi\catchme.sys File not found |||||| "int15" (int15) C:\Windows\system32\drivers\int15.sys File found, but it contains no detailed information "IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found "IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found "IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found |||||| "lirsgt" (lirsgt) C:\Windows\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information |||||| "NTIPPKernel" (NTIPPKernel) "Cyberlink Corp." C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys File exists |||||| "PSDFilter" (PSDFilter) "Egis Incorporated" C:\Windows\System32\DRIVERS\psdfilter.sys File exists |||||| "PSDNServ" (PSDNServ) "Egis Incorporated" C:\Windows\System32\DRIVERS\PSDNServ.sys File exists |||||| "PSDVdisk" (psdvdisk) "Egis Incorporated" C:\Windows\System32\DRIVERS\PSDVdisk.sys File exists |||||| "SASDIFSV" (SASDIFSV) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File exists |||||| "SASKUTIL" (SASKUTIL) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS File exists |||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists |||||| "UBHelper" (UBHelper) "NewTech Infosystems Corporation" C:\Windows\system32\drivers\UBHelper.sys File exists |||||| "Upper Class Filter Driver" (NTIDrvr) "NewTech Infosystems, Inc." C:\Windows\System32\DRIVERS\NTIDrvr.sys File exists "vaxscsi" (vaxscsi) C:\Windows\System32\Drivers\vaxscsi.sys File not found |||||| "WSVD" (WSVD) "CyberLink" C:\Windows\system32\drivers\WSVD.sys File exists |||||| "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) "Cyberlink Corp." C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl File exists Explorer HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists HKLM\Software\Classes\Protocols\Filter |||| {B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" "Google Inc." C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File exists HKLM\Software\Classes\Protocols\Handler |||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists |||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists |||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" File not found | COM-object registry key not found HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found |||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found |||||| {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" "Egis Inc." C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll File exists {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" epm-po.dll File not found {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found |||||| {8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" "Arachnoid Biometrics Identification Group Corp." C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll File exists |||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists {00020d75-0000-0000-c000-000000000046} "lnkfile" File not found | COM-object registry key not found |||||| {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" "Microsoft Corporation" C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll File exists |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found |||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists {1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "ShellPlusContextMenu" File not found | COM-object registry key not found {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Program Files\WinRAR\rarext.dll File found, but it contains no detailed information Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser |||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists "ITBar7Layout" File not found | COM-object registry key not found |||| "Toolbar fuer eBay" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists |||| "Winamp Toolbar" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks |||| {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} "Winamp Search Class" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists || {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_20.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||||| "Quick-Launching Area" C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar |||||| "Acer eDataSecurity Management" "Egis Incorporated." C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll File exists |||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists |||| "Toolbar fuer eBay" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists |||| {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists || {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File exists |||| {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" "Google Inc." C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File exists |||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File exists |||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists |||||| {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" "Egis" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll File exists |||| {AA61DE26-FA67-4575-9033-918671094293} "TBSB03968 Class" C:\Users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll File exists |||| {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" "AOL LLC." C:\Program Files\Winamp Toolbar\winamptb.dll File exists || {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" File not found | COM-object registry key not found {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" File not found | COM-object registry key not found Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |||| "AlcoholAutomount" "Alcohol Soft Development Team" "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount File exists |||| "Orb" "Orb Networks" "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background File exists |||||| "SUPERAntiSpyware" "SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File exists |||| "swg" "Google Inc." "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File exists HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File exists |||| "ArcadeDeluxeAgent" "CyberLink Corp." "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" File exists |||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||||| "BkupTray" "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" File exists |||| "CLMLServer" "CyberLink" "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" File exists |||| "DAEMON Tools" "DT Soft Ltd." "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 File exists || "DivXUpdate" "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File exists |||| "eAudio" "Acer Incorporated" "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" File exists |||||| "eDataSecurity Loader" "Egis Incorporated" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe File exists |||||| "ePower_DMC" "Acer Inc." C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe File exists |||| "Google Desktop Search" "Google" "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File exists |||| "HostManager" "America Online, Inc." C:\Program Files\Common Files\AOL\1223197373\ee\AOLSoftware.exe File exists |||| "IAAnotif" "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File exists |||| "iTunesHelper" "Apple Inc." "C:\Program Files\iTunes\iTunesHelper.exe" File exists |||| "LexwareInfoService" "Lexware GmbH & Co. KG" C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart File exists |||| "LManager" "Dritek System Inc." C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE File exists |||||| " Malwarebytes Anti-Malware (reboot)" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File exists |||| "PlayMovie" "Acer Corp." "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" File exists || "PLFSetI" C:\Windows\PLFSetI.exe File exists |||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists |||| "WarReg_PopUp" "Acer Incorporated" C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe File exists |||| "WinampAgent" "C:\Program Files\Winamp\winampa.exe" File found, but it contains no detailed information |||| "ZPdtWzdVitaKey MC3000" "Arachnoid Biometrics Identification Group Corp." "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "PDFCreator" C:\Windows\system32\pdfcmnnt.dll File found, but it contains no detailed information Services HKLM\SYSTEM\CurrentControlSet\Services |||||| "AOL Connectivity Service" (AOL ACS) "AOL LLC" C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe File exists |||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists |||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists |||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists |||||| "CLHNService" (CLHNService) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe File exists |||||| "Cyberlink RichVideo Service(CRVS)" (RichVideo) C:\Program Files\Cyberlink\Shared files\RichVideo.exe File exists |||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists |||||| "eDataSecurity Service" (eDataSecurity Service) "Egis Incorporated" C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe File exists |||||| "Empowering Technology Service" (ETService) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe File exists |||||| "FLEXnet Licensing Service" (FLEXnet Licensing Service) "Macrovision Europe Ltd." C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File exists |||| "Google Desktop Manager 5.9.911.3589" (GoogleDesktopManager-110309-193829) "Google" C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File exists |||| "Google Software Updater" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists |||||| "iGroupTec Service" (IGBASVC) C:\Program Files\Acer\Acer Bio Protection\BASVC.exe File found, but it contains no detailed information |||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe File exists |||||| "Intel(R) Matrix Storage Event Monitor" (IAANTMON) "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe File exists |||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists |||||| "LightScribeService Direct Disc Labeling Service" (LightScribeService) "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LSSrvc.exe File exists |||||| "MobilityService" (MobilityService) C:\Acer\Mobility Center\MobilityService.exe File exists |||||| "NMSAccessU" (NMSAccessU) C:\Program Files\CDBurnerXP\NMSAccessU.exe File found, but it contains no detailed information |||||| "NTI Backup Now 5 Agent Service" (BUNAgentSvc) "NewTech Infosystems, Inc." C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe File exists |||||| "NTI Backup Now 5 Backup Service" (NTIBackupSvc) "NewTech InfoSystems, Inc." C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe File exists |||||| "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe File found, but it contains no detailed information |||||| "Raw Socket Service" (RS_Service) "Acer Incorporated" C:\Program Files\Acer\Acer VCM\RS_Service.exe File exists || "Sony Ericsson OMSI download service" (OMSI download service) C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe File found, but it contains no detailed information |||||| "StarWind AE Service" (StarWindServiceAE) "Rocket Division Software" C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe File exists Winlogon HKCU\Control Panel\Desktop "SCRNSAVE.EXE" C:\Windows\System32\acer.scr File found, but it contains no detailed information HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify |||||| "AWinNotifyVitaKey MC3000" "Arachnoid Biometrics Identification Group Corp." C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll File exists |||||| "spba" "UPEK Inc." C:\Program Files\Common Files\SPBA\homefus2.dll File exists Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru und MBR check HTML-Code: MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 6930G
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 171):
0x82206000 \SystemRoot\system32\ntkrnlpa.exe
0x825BF000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80474000 \SystemRoot\system32\PSHED.dll
0x80485000 \SystemRoot\system32\BOOTVID.dll
0x8048D000 \SystemRoot\system32\CLFS.SYS
0x804CE000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068F000 \SystemRoot\System32\Drivers\spkg.sys
0x8078F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80798000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x805AE000 \SystemRoot\system32\drivers\acpi.sys
0x807BE000 \SystemRoot\system32\drivers\msisadrv.sys
0x807C6000 \SystemRoot\system32\drivers\pci.sys
0x807ED000 \SystemRoot\System32\drivers\partmgr.sys
0x807FC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x805F4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A20B000 \SystemRoot\system32\drivers\volmgr.sys
0x8A21A000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A264000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A274000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A27C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A355000 \SystemRoot\system32\drivers\atapi.sys
0x8A35D000 \SystemRoot\system32\drivers\ataport.SYS
0x8A37B000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A3AD000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A3BD000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A3C6000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x8A40B000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A47C000 \SystemRoot\system32\drivers\ndis.sys
0x8A587000 \SystemRoot\system32\drivers\msrpc.sys
0x8A5B2000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A602000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A711000 \SystemRoot\system32\drivers\volsnap.sys
0x8A74A000 \SystemRoot\System32\Drivers\spldr.sys
0x8A752000 \SystemRoot\System32\Drivers\mup.sys
0x8A761000 \SystemRoot\System32\drivers\ecache.sys
0x8A788000 \SystemRoot\system32\drivers\disk.sys
0x8A799000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7BA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E6DC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E6E7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E6F0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E6F4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F001000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F734000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F7D3000 \SystemRoot\System32\drivers\watchdog.sys
0x8F7E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E6FD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F7EB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E73B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F801000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8FB88000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8FB9D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FBB0000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8FBBA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FBC5000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FBF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E74D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E758000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FBF7000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F7FA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E770000 \SystemRoot\System32\Drivers\at7i08x0.SYS
0x8E7A6000 \SystemRoot\System32\Drivers\a7dnvet2.SYS
0x8E7F0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A7D0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EA08000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EA49000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EA54000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EA6B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EA76000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EA99000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EAA8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EABC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EAD1000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8EAD7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EAE7000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x8EAED000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EAEF000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EB19000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8EB27000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EB31000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EB3E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EB72000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FC0C000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FE14000 \SystemRoot\system32\drivers\portcls.sys
0x8FE41000 \SystemRoot\system32\drivers\drmk.sys
0x8FE66000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FEA3000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8ECB5000 \SystemRoot\system32\drivers\modem.sys
0x8ECC2000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8ECD0000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8ECDB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8ECEB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ECF2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8ECFB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8ED03000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8ED16000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8ED1F000 \SystemRoot\System32\Drivers\Null.SYS
0x8ED26000 \SystemRoot\System32\Drivers\Beep.SYS
0x8ED2D000 \SystemRoot\System32\drivers\vga.sys
0x8ED39000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8ED5A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ED62000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ED6A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8ED75000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8ED83000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90E09000 \SystemRoot\System32\drivers\tcpip.sys
0x90EF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90F0D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90F23000 \SystemRoot\system32\DRIVERS\smb.sys
0x90F37000 \SystemRoot\system32\drivers\afd.sys
0x90F7F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90F96000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90FC8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90FDE000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8ED8C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8ED9A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90E00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8EDAD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8EDCF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8FFA5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EDD5000 \SystemRoot\System32\Drivers\tcusb.sys
0x8EDE0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FFE1000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EB83000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90E06000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8EDEA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8EB9F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8EDF3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E600000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98470000 \SystemRoot\System32\win32k.sys
0x8FC00000 \SystemRoot\System32\drivers\Dxapi.sys
0x8EBB5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98690000 \SystemRoot\System32\TSDDD.dll
0x986B0000 \SystemRoot\System32\cdd.dll
0x8EBC4000 \SystemRoot\system32\drivers\luafv.sys
0x8EBDF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9E208000 \SystemRoot\system32\drivers\spsys.sys
0x9E2B7000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9E2C9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E2D9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9E303000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E30D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E320000 \SystemRoot\system32\drivers\HTTP.sys
0x9E38D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E3AA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E3C3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E3D8000 \SystemRoot\system32\drivers\mrxdav.sys
0x8A3CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0007000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0040000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0058000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA007F000 \SystemRoot\System32\DRIVERS\srv.sys
0xA00CD000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA0110000 \??\C:\Windows\system32\drivers\int15.sys
0xA0121000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA0126000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA012A000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xA3005000 \SystemRoot\system32\drivers\peauth.sys
0xA30E3000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xA30EC000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xA30FE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3108000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3114000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA311C000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0x77C40000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll
Processes (total 96):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
636 csrss.exe
688 C:\Windows\System32\wininit.exe
700 csrss.exe
732 C:\Windows\System32\services.exe
744 C:\Windows\System32\lsass.exe
752 C:\Windows\System32\lsm.exe
920 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\nvvsvc.exe
1012 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\audiodg.exe
1240 C:\Windows\System32\winlogon.exe
1268 C:\Windows\System32\SLsvc.exe
1348 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\svchost.exe
1692 C:\Windows\System32\rundll32.exe
1752 C:\Windows\System32\spoolsv.exe
1780 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1832 C:\Windows\System32\svchost.exe
584 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
640 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
804 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
816 C:\Program Files\Bonjour\mDNSResponder.exe
1132 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1196 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
1424 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
1476 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
1808 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2052 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
2120 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2148 C:\ACER\Mobility Center\MobilityService.exe
2192 C:\Program Files\CDBurnerXP\NMSAccessU.exe
2216 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2272 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2296 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2328 C:\Windows\System32\svchost.exe
2364 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2392 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2428 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2456 C:\Windows\System32\svchost.exe
2488 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\SearchIndexer.exe
2608 C:\Windows\System32\drivers\XAudio.exe
2736 C:\Windows\System32\taskeng.exe
2916 WmiPrvSE.exe
3264 C:\Program Files\Common Files\SPBA\upeksvr.exe
3428 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
3844 C:\Windows\System32\taskeng.exe
3928 C:\Windows\System32\dwm.exe
3988 C:\Windows\explorer.exe
1984 C:\Program Files\Windows Defender\MSASCui.exe
2132 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
812 C:\Windows\RtHDVCpl.exe
2848 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2956 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
2836 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
616 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2260 C:\Windows\System32\rundll32.exe
2204 C:\Windows\PLFSetI.exe
4044 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
3688 C:\Program Files\Launch Manager\QtZgAcer.EXE
1816 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3716 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
2896 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
2640 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
3884 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
996 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2940 C:\Program Files\Winamp\winampa.exe
4092 C:\Program Files\DAEMON Tools\daemon.exe
4076 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
3288 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3304 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3188 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3232 C:\Program Files\iTunes\iTunesHelper.exe
3328 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3824 C:\Program Files\Windows Media Player\wmpnscfg.exe
3900 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4136 C:\Program Files\Windows Media Player\wmpnetwk.exe
4652 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
4824 C:\Windows\System32\wbem\unsecapp.exe
5832 C:\Program Files\iPod\bin\iPodService.exe
2568 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5076 C:\Program Files\Firefox\firefox.exe
5428 C:\Windows\System32\wuauclt.exe
2092 C:\Windows\System32\conime.exe
3660 C:\Windows\System32\SearchProtocolHost.exe
5000 C:\Windows\System32\SearchFilterHost.exe
4040 dllhost.exe
2888 dllhost.exe
3416 C:\Users\Arthur\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done! |
|
05.08.2010, 19:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Flacor.dat entdeckt Lösche bitte die vorhandenen MBRCheck.txt. Starte bitte MBRCheck.exe erneut. Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter bei
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop. Poste mir den Inhalt von beiden .txt Dokumenten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2010, 17:34
| #11 |
| | Flacor.dat entdeckt schonmal vielen dank für die antworten... hab alles wie beschrieben gemacht nur dass 3 textdokumente auf dem desktop waren...hier die logs: HTML-Code: MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 6930G
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 171):
0x82205000 \SystemRoot\system32\ntkrnlpa.exe
0x825BE000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80476000 \SystemRoot\system32\PSHED.dll
0x80487000 \SystemRoot\system32\BOOTVID.dll
0x8048F000 \SystemRoot\system32\CLFS.SYS
0x804D0000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\System32\Drivers\spdw.sys
0x80789000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80792000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B8000 \SystemRoot\system32\drivers\acpi.sys
0x805B0000 \SystemRoot\system32\drivers\msisadrv.sys
0x805B8000 \SystemRoot\system32\drivers\pci.sys
0x805DF000 \SystemRoot\System32\drivers\partmgr.sys
0x805EE000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x805F1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A20A000 \SystemRoot\system32\drivers\volmgr.sys
0x8A219000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A263000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A273000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A27B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A354000 \SystemRoot\system32\drivers\atapi.sys
0x8A35C000 \SystemRoot\system32\drivers\ataport.SYS
0x8A37A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A3AC000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A3BC000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A3C5000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x8A409000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A47A000 \SystemRoot\system32\drivers\ndis.sys
0x8A585000 \SystemRoot\system32\drivers\msrpc.sys
0x8A5B0000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A60E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A71D000 \SystemRoot\system32\drivers\volsnap.sys
0x8A756000 \SystemRoot\System32\Drivers\spldr.sys
0x8A75E000 \SystemRoot\System32\Drivers\mup.sys
0x8A76D000 \SystemRoot\System32\drivers\ecache.sys
0x8A794000 \SystemRoot\system32\drivers\disk.sys
0x8A7A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E2E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E2EE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E2F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E2FB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E400000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EB33000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EBD2000 \SystemRoot\System32\drivers\watchdog.sys
0x8EBDF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E304000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EBEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E342000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EE0B000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F192000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8F1A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F1BA000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F1C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F1CF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E354000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E35F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EE02000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8EBF9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E377000 \SystemRoot\System32\Drivers\a2wh6emv.SYS
0x8E3AD000 \SystemRoot\System32\Drivers\a8h1tey4.SYS
0x8A7DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A3CE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EC0F000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EC50000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EC5B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EC72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EC7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8ECA0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ECAF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ECC3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ECD8000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8ECDE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8ECEE000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x8ECF4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ECF6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ED20000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8ED2E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ED38000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8ED45000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8ED79000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F20F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F417000 \SystemRoot\system32\drivers\portcls.sys
0x8F444000 \SystemRoot\system32\drivers\drmk.sys
0x8F469000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F4A6000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F601000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F6B6000 \SystemRoot\system32\drivers\modem.sys
0x8F6C3000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8F6D1000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8F6DC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F6EC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F6F3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F6FC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F704000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F70D000 \SystemRoot\System32\Drivers\Null.SYS
0x8F714000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F71B000 \SystemRoot\System32\drivers\vga.sys
0x8F727000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F748000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8F75B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F763000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F76B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F776000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F784000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9040C000 \SystemRoot\System32\drivers\tcpip.sys
0x904F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90510000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90519000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9052F000 \SystemRoot\system32\DRIVERS\smb.sys
0x90543000 \SystemRoot\system32\drivers\afd.sys
0x9058B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x905BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x905D3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x905E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x905F4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F78D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x905FA000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F7AF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90400000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F5A8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F5BF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x9040A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F5DB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8ED8A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F7EB000 \SystemRoot\System32\Drivers\tcusb.sys
0x8EDAB000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8F5F2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98030000 \SystemRoot\System32\win32k.sys
0x8F7F6000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F200000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98250000 \SystemRoot\System32\TSDDD.dll
0x98270000 \SystemRoot\System32\cdd.dll
0x8EDC1000 \SystemRoot\system32\drivers\luafv.sys
0x8EDDC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9D000000 \SystemRoot\system32\drivers\spsys.sys
0x9D0AF000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9D0C1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9D0D1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9D0FB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D105000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D118000 \SystemRoot\system32\drivers\HTTP.sys
0x9D185000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D1A2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D1BB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D1D0000 \SystemRoot\system32\drivers\mrxdav.sys
0x9EC0A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EC29000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9EC62000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EC7A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9ECA1000 \SystemRoot\System32\DRIVERS\srv.sys
0x9ECEF000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9ED32000 \??\C:\Windows\system32\drivers\int15.sys
0x9ED43000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9ED48000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9ED4C000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xA2603000 \SystemRoot\system32\drivers\peauth.sys
0xA26E1000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xA26EA000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xA26FC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2706000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2712000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA271A000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0x77210000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll
Processes (total 101):
0 System Idle Process
4 System
544 C:\Windows\System32\smss.exe
624 csrss.exe
676 C:\Windows\System32\wininit.exe
688 csrss.exe
720 C:\Windows\System32\services.exe
736 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
904 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\nvvsvc.exe
996 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\audiodg.exe
1240 C:\Windows\System32\SLsvc.exe
1304 C:\Windows\servicing\TrustedInstaller.exe
1320 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\winlogon.exe
1468 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\spoolsv.exe
1660 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1672 C:\Windows\System32\svchost.exe
1876 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1888 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
1908 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1932 C:\Program Files\Bonjour\mDNSResponder.exe
1952 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1980 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2024 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
976 C:\Windows\System32\rundll32.exe
1272 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2200 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2240 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
2300 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2320 C:\ACER\Mobility Center\MobilityService.exe
2364 C:\Program Files\CDBurnerXP\NMSAccessU.exe
2376 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2412 C:\Windows\System32\taskeng.exe
2480 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2508 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2548 C:\Windows\System32\svchost.exe
2576 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2592 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2664 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2676 C:\Windows\System32\svchost.exe
2708 C:\Windows\System32\svchost.exe
2772 C:\Windows\System32\SearchIndexer.exe
2840 C:\Windows\System32\drivers\XAudio.exe
3092 WmiPrvSE.exe
3244 C:\Program Files\Common Files\SPBA\upeksvr.exe
3396 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
3780 C:\Windows\System32\dwm.exe
3816 C:\Windows\System32\taskeng.exe
3908 C:\Windows\explorer.exe
3992 C:\Program Files\Windows Defender\MSASCui.exe
4008 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4028 C:\Windows\RtHDVCpl.exe
4076 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4092 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
2116 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
2352 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2520 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
2616 C:\Windows\System32\rundll32.exe
2572 C:\Windows\PLFSetI.exe
3792 C:\Program Files\Launch Manager\QtZgAcer.EXE
2804 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3796 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
3968 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
332 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
356 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
388 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3300 C:\Program Files\Winamp\winampa.exe
352 C:\Program Files\DAEMON Tools\daemon.exe
372 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
2264 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3260 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4036 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3144 C:\Program Files\iTunes\iTunesHelper.exe
3376 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3356 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
2040 C:\Program Files\Windows Media Player\wmpnscfg.exe
3148 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4152 C:\Program Files\Windows Media Player\wmpnetwk.exe
4604 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
4828 C:\Windows\System32\wbem\unsecapp.exe
5220 C:\Program Files\iPod\bin\iPodService.exe
5292 C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
5820 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5880 C:\Program Files\Firefox\firefox.exe
5952 C:\Windows\System32\SearchProtocolHost.exe
5964 C:\Windows\System32\SearchFilterHost.exe
1996 C:\Program Files\Avira\AntiVir Desktop\update.exe
5324 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
4648 C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
3028 dllhost.exe
5576 dllhost.exe
5604 C:\Users\Arthur\Desktop\MBRCheck.exe
3360 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): -1
Done! HTML-Code: MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 6930G
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 171):
0x82205000 \SystemRoot\system32\ntkrnlpa.exe
0x825BE000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80476000 \SystemRoot\system32\PSHED.dll
0x80487000 \SystemRoot\system32\BOOTVID.dll
0x8048F000 \SystemRoot\system32\CLFS.SYS
0x804D0000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\System32\Drivers\spdw.sys
0x80789000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80792000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B8000 \SystemRoot\system32\drivers\acpi.sys
0x805B0000 \SystemRoot\system32\drivers\msisadrv.sys
0x805B8000 \SystemRoot\system32\drivers\pci.sys
0x805DF000 \SystemRoot\System32\drivers\partmgr.sys
0x805EE000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x805F1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A20A000 \SystemRoot\system32\drivers\volmgr.sys
0x8A219000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A263000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A273000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A27B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A354000 \SystemRoot\system32\drivers\atapi.sys
0x8A35C000 \SystemRoot\system32\drivers\ataport.SYS
0x8A37A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A3AC000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A3BC000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A3C5000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x8A409000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A47A000 \SystemRoot\system32\drivers\ndis.sys
0x8A585000 \SystemRoot\system32\drivers\msrpc.sys
0x8A5B0000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A60E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A71D000 \SystemRoot\system32\drivers\volsnap.sys
0x8A756000 \SystemRoot\System32\Drivers\spldr.sys
0x8A75E000 \SystemRoot\System32\Drivers\mup.sys
0x8A76D000 \SystemRoot\System32\drivers\ecache.sys
0x8A794000 \SystemRoot\system32\drivers\disk.sys
0x8A7A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E2E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E2EE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E2F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E2FB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E400000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EB33000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EBD2000 \SystemRoot\System32\drivers\watchdog.sys
0x8EBDF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E304000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EBEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E342000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EE0B000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F192000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8F1A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F1BA000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F1C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F1CF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E354000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E35F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EE02000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8EBF9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E377000 \SystemRoot\System32\Drivers\a2wh6emv.SYS
0x8E3AD000 \SystemRoot\System32\Drivers\a8h1tey4.SYS
0x8A7DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A3CE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EC0F000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EC50000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EC5B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EC72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EC7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8ECA0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ECAF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ECC3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ECD8000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8ECDE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8ECEE000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x8ECF4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ECF6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ED20000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8ED2E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ED38000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8ED45000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8ED79000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F20F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F417000 \SystemRoot\system32\drivers\portcls.sys
0x8F444000 \SystemRoot\system32\drivers\drmk.sys
0x8F469000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F4A6000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F601000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F6B6000 \SystemRoot\system32\drivers\modem.sys
0x8F6C3000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8F6D1000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8F6DC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F6EC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F6F3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F6FC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F704000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F70D000 \SystemRoot\System32\Drivers\Null.SYS
0x8F714000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F71B000 \SystemRoot\System32\drivers\vga.sys
0x8F727000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F748000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8F75B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F763000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F76B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F776000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F784000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9040C000 \SystemRoot\System32\drivers\tcpip.sys
0x904F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90510000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90519000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9052F000 \SystemRoot\system32\DRIVERS\smb.sys
0x90543000 \SystemRoot\system32\drivers\afd.sys
0x9058B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x905BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x905D3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x905E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x905F4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F78D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x905FA000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F7AF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90400000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F5A8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F5BF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x9040A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F5DB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8ED8A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F7EB000 \SystemRoot\System32\Drivers\tcusb.sys
0x8EDAB000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8F5F2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98030000 \SystemRoot\System32\win32k.sys
0x8F7F6000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F200000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98250000 \SystemRoot\System32\TSDDD.dll
0x98270000 \SystemRoot\System32\cdd.dll
0x8EDC1000 \SystemRoot\system32\drivers\luafv.sys
0x8EDDC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9D000000 \SystemRoot\system32\drivers\spsys.sys
0x9D0AF000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9D0C1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9D0D1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9D0FB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D105000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D118000 \SystemRoot\system32\drivers\HTTP.sys
0x9D185000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D1A2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D1BB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D1D0000 \SystemRoot\system32\drivers\mrxdav.sys
0x9EC0A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EC29000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9EC62000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EC7A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9ECA1000 \SystemRoot\System32\DRIVERS\srv.sys
0x9ECEF000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9ED32000 \??\C:\Windows\system32\drivers\int15.sys
0x9ED43000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9ED48000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9ED4C000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xA2603000 \SystemRoot\system32\drivers\peauth.sys
0xA26E1000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xA26EA000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xA26FC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2706000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2712000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA271A000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0x77210000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll
Processes (total 101):
0 System Idle Process
4 System
544 C:\Windows\System32\smss.exe
624 csrss.exe
676 C:\Windows\System32\wininit.exe
688 csrss.exe
720 C:\Windows\System32\services.exe
736 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
904 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\nvvsvc.exe
996 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\audiodg.exe
1240 C:\Windows\System32\SLsvc.exe
1304 C:\Windows\servicing\TrustedInstaller.exe
1320 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\winlogon.exe
1468 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\spoolsv.exe
1660 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1672 C:\Windows\System32\svchost.exe
1876 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1888 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
1908 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1932 C:\Program Files\Bonjour\mDNSResponder.exe
1952 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1980 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2024 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
976 C:\Windows\System32\rundll32.exe
1272 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2200 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2240 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
2300 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2320 C:\ACER\Mobility Center\MobilityService.exe
2364 C:\Program Files\CDBurnerXP\NMSAccessU.exe
2376 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2412 C:\Windows\System32\taskeng.exe
2480 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2508 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2548 C:\Windows\System32\svchost.exe
2576 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2592 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2664 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2676 C:\Windows\System32\svchost.exe
2708 C:\Windows\System32\svchost.exe
2772 C:\Windows\System32\SearchIndexer.exe
2840 C:\Windows\System32\drivers\XAudio.exe
3092 WmiPrvSE.exe
3244 C:\Program Files\Common Files\SPBA\upeksvr.exe
3396 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
3780 C:\Windows\System32\dwm.exe
3816 C:\Windows\System32\taskeng.exe
3908 C:\Windows\explorer.exe
3992 C:\Program Files\Windows Defender\MSASCui.exe
4008 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4028 C:\Windows\RtHDVCpl.exe
4076 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4092 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
2116 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
2352 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2520 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
2616 C:\Windows\System32\rundll32.exe
2572 C:\Windows\PLFSetI.exe
3792 C:\Program Files\Launch Manager\QtZgAcer.EXE
2804 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3796 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
3968 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
332 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
356 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
388 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3300 C:\Program Files\Winamp\winampa.exe
352 C:\Program Files\DAEMON Tools\daemon.exe
372 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
2264 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3260 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4036 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3144 C:\Program Files\iTunes\iTunesHelper.exe
3376 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3356 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
2040 C:\Program Files\Windows Media Player\wmpnscfg.exe
3148 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4152 C:\Program Files\Windows Media Player\wmpnetwk.exe
4604 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
4828 C:\Windows\System32\wbem\unsecapp.exe
5220 C:\Program Files\iPod\bin\iPodService.exe
5820 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5880 C:\Program Files\Firefox\firefox.exe
5324 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3360 C:\Windows\System32\conime.exe
3160 WmiPrvSE.exe
5520 C:\Windows\System32\wuauclt.exe
4020 C:\Windows\System32\SearchProtocolHost.exe
5140 C:\Windows\System32\SearchFilterHost.exe
5240 C:\Windows\System32\wbem\WMIADAP.exe
5340 dllhost.exe
4920 dllhost.exe
4568 C:\Users\Arthur\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done! HTML-Code: BRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 6930G
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 171):
0x82242000 \SystemRoot\system32\ntkrnlpa.exe
0x8220F000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046C000 \SystemRoot\system32\PSHED.dll
0x8047D000 \SystemRoot\system32\BOOTVID.dll
0x80485000 \SystemRoot\system32\CLFS.SYS
0x804C6000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\System32\Drivers\sppb.sys
0x80796000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8079F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x805A6000 \SystemRoot\system32\drivers\acpi.sys
0x807C5000 \SystemRoot\system32\drivers\msisadrv.sys
0x807CD000 \SystemRoot\system32\drivers\pci.sys
0x805EC000 \SystemRoot\System32\drivers\partmgr.sys
0x807F4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80600000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A208000 \SystemRoot\system32\drivers\volmgr.sys
0x8A217000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A261000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A271000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A279000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A352000 \SystemRoot\system32\drivers\atapi.sys
0x8A35A000 \SystemRoot\system32\drivers\ataport.SYS
0x8A378000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A3AA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A3BA000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A3C3000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x8A40A000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A47B000 \SystemRoot\system32\drivers\ndis.sys
0x8A586000 \SystemRoot\system32\drivers\msrpc.sys
0x8A5B1000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A608000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A717000 \SystemRoot\system32\drivers\volsnap.sys
0x8A750000 \SystemRoot\System32\Drivers\spldr.sys
0x8A758000 \SystemRoot\System32\Drivers\mup.sys
0x8A767000 \SystemRoot\System32\drivers\ecache.sys
0x8A78E000 \SystemRoot\system32\drivers\disk.sys
0x8A79F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7C0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E4E1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E4EC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E4F5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E4F9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E60A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8ED3D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EDDC000 \SystemRoot\System32\drivers\watchdog.sys
0x8EDE9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E502000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E540000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E54F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F006000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F38D000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8F3A2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F3B5000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F3BF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F3CA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F3FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EDF4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E561000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E600000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E579000 \SystemRoot\System32\Drivers\ayw8qppr.SYS
0x8E5AF000 \SystemRoot\System32\Drivers\a6whx74s.SYS
0x8A7D6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A3CC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EE07000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EE48000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EE53000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EE6A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EE75000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EE98000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EEA7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EEBB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EED0000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8EED6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EEE6000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x8EEEC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EEEE000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EF18000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8EF26000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EF30000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EF3D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EF71000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F403000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F60B000 \SystemRoot\system32\drivers\portcls.sys
0x8F638000 \SystemRoot\system32\drivers\drmk.sys
0x8F65D000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F69A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FA06000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FABB000 \SystemRoot\system32\drivers\modem.sys
0x8FAC8000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8FAD6000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8FAE1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FAF1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FAF8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8FB01000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FB09000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FB12000 \SystemRoot\System32\Drivers\Null.SYS
0x8FB19000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FB20000 \SystemRoot\System32\drivers\vga.sys
0x8FB2C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FB4D000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8FB60000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FB68000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FB70000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FB7B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FB89000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9080F000 \SystemRoot\System32\drivers\tcpip.sys
0x908F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90913000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90929000 \SystemRoot\system32\DRIVERS\smb.sys
0x9093D000 \SystemRoot\system32\drivers\afd.sys
0x90985000 \SystemRoot\System32\DRIVERS\netbt.sys
0x909B7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x909CD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x909D6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x909E4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x909F7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FB92000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x90800000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8FBB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FBF0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F79C000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F7B3000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90806000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F7CF000 \SystemRoot\System32\Drivers\tcusb.sys
0x8F7DA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EF82000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8EFA3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8F7F1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98880000 \SystemRoot\System32\win32k.sys
0x8EFB9000 \SystemRoot\System32\drivers\Dxapi.sys
0x8EFC3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98AA0000 \SystemRoot\System32\TSDDD.dll
0x98AC0000 \SystemRoot\System32\cdd.dll
0x8EFD2000 \SystemRoot\system32\drivers\luafv.sys
0x8A7E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9D40C000 \SystemRoot\system32\drivers\spsys.sys
0x9D4BB000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9D4CD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9D4DD000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9D507000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D511000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D524000 \SystemRoot\system32\drivers\HTTP.sys
0x9D591000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D5AE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D5C7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D5DC000 \SystemRoot\system32\drivers\mrxdav.sys
0x9EC0C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EC2B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9EC64000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EC7C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9ECA3000 \SystemRoot\System32\DRIVERS\srv.sys
0x9ECF1000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9ED34000 \??\C:\Windows\system32\drivers\int15.sys
0x9ED45000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9ED4A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9ED4E000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xA260D000 \SystemRoot\system32\drivers\peauth.sys
0xA26EB000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xA26F4000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xA2706000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2710000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA271C000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA2724000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0x775C0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll
Processes (total 98):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
624 csrss.exe
676 C:\Windows\System32\wininit.exe
688 csrss.exe
720 C:\Windows\System32\services.exe
732 C:\Windows\System32\lsass.exe
740 C:\Windows\System32\lsm.exe
888 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\nvvsvc.exe
984 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\audiodg.exe
1224 C:\Windows\System32\SLsvc.exe
1260 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\winlogon.exe
1440 C:\Windows\System32\svchost.exe
1612 C:\Windows\System32\spoolsv.exe
1636 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1648 C:\Windows\System32\svchost.exe
1856 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1868 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
1888 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1908 C:\Program Files\Bonjour\mDNSResponder.exe
1944 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1960 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2028 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
712 C:\Windows\System32\rundll32.exe
668 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
1428 C:\Program Files\Common Files\SPBA\upeksvr.exe
2200 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
2240 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2256 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
2384 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2412 C:\ACER\Mobility Center\MobilityService.exe
2520 C:\Program Files\CDBurnerXP\NMSAccessU.exe
2564 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2620 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2648 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2680 C:\Windows\System32\svchost.exe
2712 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2736 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2768 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2788 C:\Windows\System32\svchost.exe
2832 C:\Windows\System32\svchost.exe
2860 C:\Windows\System32\SearchIndexer.exe
2928 C:\Windows\System32\drivers\XAudio.exe
3260 WmiPrvSE.exe
3292 C:\Windows\System32\taskeng.exe
3392 WmiPrvSE.exe
3696 C:\Windows\System32\dwm.exe
3732 C:\Windows\System32\taskeng.exe
3812 C:\Windows\explorer.exe
3912 C:\Program Files\Windows Defender\MSASCui.exe
3928 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4004 C:\Windows\RtHDVCpl.exe
4020 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4044 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
4068 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
2052 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2128 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
2156 C:\Windows\System32\rundll32.exe
2160 C:\Windows\PLFSetI.exe
884 C:\Program Files\Launch Manager\QtZgAcer.EXE
2188 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3712 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
3756 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
3784 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
308 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
3844 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3876 C:\Program Files\Winamp\winampa.exe
3984 C:\Program Files\DAEMON Tools\daemon.exe
4080 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
2024 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4084 C:\Program Files\Common Files\Java\Java Update\jusched.exe
632 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
1448 C:\Program Files\iTunes\iTunesHelper.exe
3972 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2808 C:\Program Files\Windows Media Player\wmpnscfg.exe
3196 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2940 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
4272 C:\Program Files\Windows Media Player\wmpnetwk.exe
4440 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
4728 C:\Windows\System32\wbem\unsecapp.exe
5020 C:\Program Files\iPod\bin\iPodService.exe
5100 C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
5344 C:\Program Files\Firefox\firefox.exe
5744 C:\Windows\System32\SearchProtocolHost.exe
5756 C:\Windows\System32\SearchFilterHost.exe
6000 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4248 dllhost.exe
3988 dllhost.exe
4476 C:\Users\Arthur\Desktop\MBRCheck.exe
4516 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done! |
|
06.08.2010, 21:03
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Flacor.dat entdeckt Wieso denn jetzt drei Logfiles? Du solltest doch nur den Fix auf Platte0 mit MBR-Code für Vista (Option3) machen  Hast Du Windows neugestartet und zur Kontrolle wie in Posting #8 beschrieben nochmal ausgeführt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.08.2010, 06:04
| #13 |
| | Flacor.dat entdeckt Hallo, Ich hab es so gemacht wie es beschrieben war. Nachdem ich das Programm ausgeführt hatte waren 2 logfiles (die ersten beiden aus meinem post) und ein weiteres file welches sich nicht öffnen lässt auf dem desktop danach hab ich den Neustart gemacht und dann das prog nochmal ausgeführt, dann war das dritte logfiles zu sehen. Soll ich es nochmal machen? |
|
07.08.2010, 13:00
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Flacor.dat entdeckt Ja nochmal machen. Erst den Fix auf PhysicalDrive0 mit dem MBR-Code für Vista. Dann das gleich nochmal für PhysicalDrive1
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.08.2010, 17:38
| #15 |
| | Flacor.dat entdeckt hallo, habe es noch mal gemacht und jetzt sind 2 logfiles auf dem desktop nr.1 vor dem neustart: HTML-Code: MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 6930G
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 171):
0x82210000 \SystemRoot\system32\ntkrnlpa.exe
0x825C9000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80473000 \SystemRoot\system32\PSHED.dll
0x80484000 \SystemRoot\system32\BOOTVID.dll
0x8048C000 \SystemRoot\system32\CLFS.SYS
0x804CD000 \SystemRoot\system32\CI.dll
0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80695000 \SystemRoot\System32\Drivers\spcl.sys
0x80795000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8079E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x805AD000 \SystemRoot\system32\drivers\acpi.sys
0x807C4000 \SystemRoot\system32\drivers\msisadrv.sys
0x807CC000 \SystemRoot\system32\drivers\pci.sys
0x8A20F000 \SystemRoot\System32\drivers\partmgr.sys
0x8A21E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A221000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A22B000 \SystemRoot\system32\drivers\volmgr.sys
0x8A23A000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A284000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A294000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A29C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A375000 \SystemRoot\system32\drivers\atapi.sys
0x8A37D000 \SystemRoot\system32\drivers\ataport.SYS
0x8A39B000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A3CD000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A3DD000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A3E6000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x8A405000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A476000 \SystemRoot\system32\drivers\ndis.sys
0x8A581000 \SystemRoot\system32\drivers\msrpc.sys
0x8A5AC000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A606000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A715000 \SystemRoot\system32\drivers\volsnap.sys
0x8A74E000 \SystemRoot\System32\Drivers\spldr.sys
0x8A756000 \SystemRoot\System32\Drivers\mup.sys
0x8A765000 \SystemRoot\System32\drivers\ecache.sys
0x8A78C000 \SystemRoot\system32\drivers\disk.sys
0x8A79D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7BE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E2DD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E2E8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E2F1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E2F5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E408000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EB3B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EBDA000 \SystemRoot\System32\drivers\watchdog.sys
0x8EBE7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E2FE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E33C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E34B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EE0E000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F195000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8F1AA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F1BD000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F1C7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E35D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F1D2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F1D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F1DF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F1F7000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E38D000 \SystemRoot\System32\Drivers\afdbm2f6.SYS
0x8F20B000 \SystemRoot\System32\Drivers\aote5n6r.SYS
0x8F255000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F264000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F292000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F2D3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F2DE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F2F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F300000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F323000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F332000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F346000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F35B000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8F361000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F371000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x8F377000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F379000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F3A3000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8F3B1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F3BB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F3C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E3C3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F401000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F609000 \SystemRoot\system32\drivers\portcls.sys
0x8F636000 \SystemRoot\system32\drivers\drmk.sys
0x8F65B000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F698000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F802000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F8B7000 \SystemRoot\system32\drivers\modem.sys
0x8F8C4000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8F8D2000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8F8DD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F8ED000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F8F4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F8FD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F905000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F90E000 \SystemRoot\System32\Drivers\Null.SYS
0x8F915000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F91C000 \SystemRoot\System32\drivers\vga.sys
0x8F928000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F949000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8F95C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F964000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F96C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F977000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F985000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90204000 \SystemRoot\System32\drivers\tcpip.sys
0x902ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90308000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9031E000 \SystemRoot\system32\DRIVERS\smb.sys
0x90332000 \SystemRoot\system32\drivers\afd.sys
0x9037A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x903AC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x903C2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x903D0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x903E3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F98E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x903E9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x903F2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F9B0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F9EC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F79A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F7B1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x903F8000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F7CD000 \SystemRoot\System32\Drivers\tcusb.sys
0x8F7D8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E3D4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8E200000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8F7EF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91E0E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98620000 \SystemRoot\System32\win32k.sys
0x91EE7000 \SystemRoot\System32\drivers\Dxapi.sys
0x91EF1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98840000 \SystemRoot\System32\TSDDD.dll
0x98860000 \SystemRoot\System32\cdd.dll
0x91F00000 \SystemRoot\system32\drivers\luafv.sys
0x91F1B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x91F2F000 \SystemRoot\system32\drivers\spsys.sys
0x91FDE000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x91FF0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8E216000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x91E00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8E240000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8E253000 \SystemRoot\system32\drivers\HTTP.sys
0x8E2C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8A7D4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8A5E6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9EC0E000 \SystemRoot\system32\drivers\mrxdav.sys
0x9EC2E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EC4D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9EC86000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EC9E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9ECC5000 \SystemRoot\System32\DRIVERS\srv.sys
0x9ED13000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9ED56000 \??\C:\Windows\system32\drivers\int15.sys
0x9ED67000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9ED6C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9ED70000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xA2009000 \SystemRoot\system32\drivers\peauth.sys
0xA20E7000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xA20F0000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xA2102000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA210C000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2118000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA2120000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0x76E50000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll
Processes (total 100):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
624 csrss.exe
676 C:\Windows\System32\wininit.exe
688 csrss.exe
720 C:\Windows\System32\services.exe
732 C:\Windows\System32\lsass.exe
740 C:\Windows\System32\lsm.exe
900 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\nvvsvc.exe
992 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\audiodg.exe
1240 C:\Windows\System32\SLsvc.exe
1272 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\winlogon.exe
1444 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\spoolsv.exe
1648 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1660 C:\Windows\System32\svchost.exe
1840 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1872 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
1884 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1904 C:\Program Files\Bonjour\mDNSResponder.exe
1928 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1952 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
1980 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2020 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
768 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1436 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
1832 C:\Windows\System32\rundll32.exe
2060 C:\Program Files\Common Files\SPBA\upeksvr.exe
2104 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2176 C:\ACER\Mobility Center\MobilityService.exe
2348 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
2360 C:\Program Files\CDBurnerXP\NMSAccessU.exe
2376 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2420 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2432 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2496 C:\Windows\System32\svchost.exe
2516 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2552 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2580 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2628 C:\Windows\System32\svchost.exe
2660 C:\Windows\System32\svchost.exe
2696 C:\Windows\System32\SearchIndexer.exe
2736 C:\Windows\System32\drivers\XAudio.exe
3264 WmiPrvSE.exe
3384 C:\Windows\System32\taskeng.exe
3648 C:\Windows\System32\taskeng.exe
3612 C:\Windows\System32\dwm.exe
3772 C:\Windows\explorer.exe
2320 C:\Program Files\Windows Defender\MSASCui.exe
2324 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2644 C:\Windows\RtHDVCpl.exe
3432 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3688 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
4012 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
3744 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
4060 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3972 C:\Windows\System32\rundll32.exe
3360 C:\Windows\PLFSetI.exe
1620 C:\Program Files\Launch Manager\QtZgAcer.EXE
1224 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3896 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
3452 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
2280 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
2296 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
632 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
836 C:\Program Files\Winamp\winampa.exe
2196 C:\Program Files\DAEMON Tools\daemon.exe
428 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
2212 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3872 C:\Program Files\Common Files\Java\Java Update\jusched.exe
596 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
1640 C:\Program Files\iTunes\iTunesHelper.exe
3672 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2464 C:\Program Files\Windows Media Player\wmpnscfg.exe
2332 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
988 C:\Program Files\Windows Media Player\wmpnetwk.exe
4132 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
4588 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
4680 C:\Windows\System32\wbem\unsecapp.exe
4832 C:\Program Files\Firefox\firefox.exe
4876 C:\Windows\System32\wuauclt.exe
5136 C:\Windows\servicing\TrustedInstaller.exe
5236 C:\Program Files\iPod\bin\iPodService.exe
5368 C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
5460 C:\Windows\System32\wbem\WMIADAP.exe
5736 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4480 C:\Windows\System32\SearchProtocolHost.exe
4492 C:\Windows\System32\SearchFilterHost.exe
4188 dllhost.exe
4288 dllhost.exe
3904 C:\Users\Arthur\Desktop\MBRCheck.exe
1408 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done! und jetzt das logfile was da war nach dem neustart und erneuten programmstart: HTML-Code: MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 6930G
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 171):
0x82250000 \SystemRoot\system32\ntkrnlpa.exe
0x8221D000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046A000 \SystemRoot\system32\PSHED.dll
0x8047B000 \SystemRoot\system32\BOOTVID.dll
0x80483000 \SystemRoot\system32\CLFS.SYS
0x804C4000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\System32\Drivers\spnv.sys
0x80791000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8079A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x805A4000 \SystemRoot\system32\drivers\acpi.sys
0x807C0000 \SystemRoot\system32\drivers\msisadrv.sys
0x807C8000 \SystemRoot\system32\drivers\pci.sys
0x807EF000 \SystemRoot\System32\drivers\partmgr.sys
0x80600000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x805EA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A208000 \SystemRoot\system32\drivers\volmgr.sys
0x8A217000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A261000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A271000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A279000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A352000 \SystemRoot\system32\drivers\atapi.sys
0x8A35A000 \SystemRoot\system32\drivers\ataport.SYS
0x8A378000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A3AA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A3BA000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A3C3000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x8A403000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A474000 \SystemRoot\system32\drivers\ndis.sys
0x8A57F000 \SystemRoot\system32\drivers\msrpc.sys
0x8A5AA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A601000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A710000 \SystemRoot\system32\drivers\volsnap.sys
0x8A749000 \SystemRoot\System32\Drivers\spldr.sys
0x8A751000 \SystemRoot\System32\Drivers\mup.sys
0x8A760000 \SystemRoot\System32\drivers\ecache.sys
0x8A787000 \SystemRoot\system32\drivers\disk.sys
0x8A798000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7B9000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E6E6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E6F1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E6FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E6FE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E800000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EF33000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EFD2000 \SystemRoot\System32\drivers\watchdog.sys
0x8EFDF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E707000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EFEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E745000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F00D000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F394000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8F3A9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F3BC000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F3C6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E757000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F3D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F3D3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F3DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F3F6000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E787000 \SystemRoot\System32\Drivers\ajpif44f.SYS
0x8F40E000 \SystemRoot\System32\Drivers\ab83fvij.SYS
0x8F458000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F467000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F495000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F4D6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F4E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F4F8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F503000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F526000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F535000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F549000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F55E000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8F564000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F574000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x8F57A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F57C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F5A6000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8F5B4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F5BE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F5CB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E7BD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F60E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F816000 \SystemRoot\system32\drivers\portcls.sys
0x8F843000 \SystemRoot\system32\drivers\drmk.sys
0x8F868000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F8A5000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FA0E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FAC3000 \SystemRoot\system32\drivers\modem.sys
0x8FAD0000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8FADE000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8FAE9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FAF9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FB00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8FB09000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FB11000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FB1A000 \SystemRoot\System32\Drivers\Null.SYS
0x8FB21000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FB28000 \SystemRoot\System32\drivers\vga.sys
0x8FB34000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FB55000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8FB68000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FB70000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FB78000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FB83000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FB91000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9060B000 \SystemRoot\System32\drivers\tcpip.sys
0x906F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x9070F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90725000 \SystemRoot\system32\DRIVERS\smb.sys
0x90739000 \SystemRoot\system32\drivers\afd.sys
0x90781000 \SystemRoot\System32\DRIVERS\netbt.sys
0x907B3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x907C9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x907D7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x907EA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FB9A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x907F0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8FBBC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x907F6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90600000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F9A7000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F9BE000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8FBF8000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8FA00000 \SystemRoot\System32\Drivers\tcusb.sys
0x8F9DA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E7CE000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8E600000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8F9F1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9220B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98690000 \SystemRoot\System32\win32k.sys
0x922E4000 \SystemRoot\System32\drivers\Dxapi.sys
0x922EE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x988B0000 \SystemRoot\System32\TSDDD.dll
0x922FD000 \SystemRoot\system32\drivers\luafv.sys
0x92318000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x988D0000 \SystemRoot\System32\cdd.dll
0x9232C000 \SystemRoot\system32\drivers\spsys.sys
0x923DB000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x923ED000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8E616000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x92200000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8E640000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8E653000 \SystemRoot\system32\drivers\HTTP.sys
0x8E6C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8A7CF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8A7E8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8A3CC000 \SystemRoot\system32\drivers\mrxdav.sys
0x9EA00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EA1F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9EA58000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EA70000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9EA97000 \SystemRoot\System32\DRIVERS\srv.sys
0x9EAE5000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9EB28000 \??\C:\Windows\system32\drivers\int15.sys
0x9EB39000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9EB3E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9EB42000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xA2209000 \SystemRoot\system32\drivers\peauth.sys
0xA22E7000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xA22F0000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xA2302000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA230C000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2318000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA2320000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0x76FA0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll
Processes (total 96):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
624 csrss.exe
676 C:\Windows\System32\wininit.exe
688 csrss.exe
720 C:\Windows\System32\services.exe
732 C:\Windows\System32\lsass.exe
740 C:\Windows\System32\lsm.exe
880 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\nvvsvc.exe
972 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\audiodg.exe
1220 C:\Windows\System32\SLsvc.exe
1252 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\winlogon.exe
1424 C:\Windows\System32\svchost.exe
1612 C:\Windows\System32\spoolsv.exe
1648 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1664 C:\Windows\System32\svchost.exe
1852 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1880 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
1896 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1920 C:\Program Files\Bonjour\mDNSResponder.exe
1948 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1968 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
1988 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2004 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
956 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1180 C:\Windows\System32\rundll32.exe
1444 C:\Program Files\Common Files\SPBA\upeksvr.exe
1704 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
2104 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2168 C:\ACER\Mobility Center\MobilityService.exe
2272 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
2296 C:\Program Files\CDBurnerXP\NMSAccessU.exe
2308 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2384 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2404 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2448 C:\Windows\System32\svchost.exe
2476 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2516 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2600 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2656 C:\Windows\System32\svchost.exe
2696 C:\Windows\System32\svchost.exe
2720 C:\Windows\System32\SearchIndexer.exe
2816 C:\Windows\System32\drivers\XAudio.exe
3364 WmiPrvSE.exe
3456 WmiPrvSE.exe
3512 C:\Windows\System32\taskeng.exe
3828 C:\Windows\System32\taskeng.exe
3852 C:\Windows\System32\dwm.exe
3944 C:\Windows\explorer.exe
4016 C:\Program Files\Windows Defender\MSASCui.exe
4024 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4044 C:\Windows\RtHDVCpl.exe
4052 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4072 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
2140 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
2112 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2232 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
2328 C:\Windows\System32\rundll32.exe
2436 C:\Windows\PLFSetI.exe
3868 C:\Program Files\Launch Manager\QtZgAcer.EXE
3960 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
2228 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
3496 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
2940 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
540 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
2952 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2092 C:\Program Files\Winamp\winampa.exe
800 C:\Program Files\DAEMON Tools\daemon.exe
524 C:\Users\Arthur\AppData\Local\temp\RtkBtMnt.exe
616 C:\Program Files\Common Files\aol\1223197373\ee\aolsoftware.exe
3768 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2584 C:\Program Files\Common Files\Java\Java Update\jusched.exe
532 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2192 C:\Program Files\iTunes\iTunesHelper.exe
2340 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2932 C:\Program Files\Windows Media Player\wmpnscfg.exe
2936 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4216 C:\Program Files\Windows Media Player\wmpnetwk.exe
4304 C:\Windows\System32\wbem\unsecapp.exe
4472 C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
4800 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
4904 C:\Program Files\iPod\bin\iPodService.exe
5356 C:\Program Files\Firefox\firefox.exe
5740 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5984 dllhost.exe
6012 dllhost.exe
6044 C:\Users\Arthur\Desktop\MBRCheck.exe
6060 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done! |
|
| Themen zu Flacor.dat entdeckt |
| acroiehelper.dll, adware.adon, alternate, antivir, audacity, audiograbber, autorun, avgntflt.sys, avira, bho, bonjour, cdburnerxp, components, conduit, corp./icp, diner dash, ebayshortcuts.exe, error, fast start, firefox, firefox.exe, flash player, format, google, grand theft auto, home, home premium, iastor.sys, install.exe, intranet, ip-adresse, launch, local\temp, location, logfile, mozilla, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, password.stealer, phishing, plug-in, popup, programdata, realtek, registry, rundll, saver, scan, sched.exe, searchplugins, security, shell32.dll, siteadvisor, software, sptd.sys, svchost.exe, torrent.exe, usb, usb 2.0, vista, vlc media player, winload toolbar |
Hybrid-Darstellung
