Mein Internet Explorer öffnet von alleine und zeigt mir ständig werbungen

DJASK87 · 24.10.2010, 22:54

Hallo Zusammen, ich bitte um Hilfe , wie ich im forum gelesen habe , sollte ich HijackThis verwenden, habe ich gemacht, aber ich kenne mich dem programm garnicht aus hier die meine daten:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:37:49, on 24.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\Xwovia.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Mozilla Firefox\firefox.exe
D:\Mozilla Firefox\plugin-container.exe
C:\Users\***\AppData\Local\Temp\Xtx.exe
C:\Users\***\Desktop\HiJackThis204.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AdblockIE - {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LManager] D:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\Users\Kerim\AppData\Local\Temp\Xtx.exe
O4 - HKCU\..\Run: [X3EKEPXJP2] C:\Windows\Xwovia.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: &Block This Image (ABP) - D:\Program Files\Adblock Pro\blockimg.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:ICQ6.5\ICQ.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9177 bytes

kira · 25.10.2010, 07:06

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vB Code Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Sicherheitskonzept v. SETI@home/Punkt 1.

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

1.
- Lade dir RSIT - Random's System Information Tool (RSIT) von random/random herunter
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von RSIT installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten
**Kannst Du das Log in Textdatei speichern und hier anhängen (auf "Erweitert" klicken)

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool "Ccleaner" herunter
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - nklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
→ Tipps für die Suche nach Dateien

Code:

ATTFilter

C:\Windows\Xwovia.exe

→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
→ das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:

Code:

ATTFilter

Datei  File name:
<hier kommt die Dateiname>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
    
VT Community

goodware/badware
 Safety score: 100.0% 
Compact
Print results
Antivirus     Version     Last Update     Result
AhnLab-V3    2010.10.22.00    2010.10.21    -
AntiVir    7.10.13.15    2010.10.21    -
Antiy-AVL    2.0.3.7    2010.10.22    -
Authentium    5.2.0.5    2010.10.22    -
Avast    4.8.1351.0    2010.10.21    -
Avast5    5.0.594.0    2010.10.21    -
usw........

...werden gepprüft v. mehr wie 40 Online Virus Scanner...also Geduld!!

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

DJASK87 · 25.10.2010, 18:30

Hallo danke für deine Hilfe . Hier sind die folgenden logs reihe nach:

C:\rsit\log.txt

RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kerim at 2010-10-25 19:01:28
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 92 GB (62%) free of 148 GB
Total RAM: 3066 MB (51% free)


======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{5A0D5830-462D-4450-901E-10C1E3C1B043}.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-05-14 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90EFF544-3981-4d46-85C9-C0361D0931D6}]
af0.Adblock.BHO - C:\Windows\system32\mscoree.dll [2009-11-08 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-12 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-29 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-14 142896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-12 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"eRecoveryService"= []
"LManager"=D:\Program Files\Launch Manager\LManager.exe [2009-03-05 805384]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"KOO9RV9K4Z"=C:\Users\Kerim\AppData\Local\Temp\Xtx.exe [2010-10-23 274432]
"X3EKEPXJP2"=C:\Windows\Xwovia.exe [2010-10-23 266240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-01 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-09-02 205256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-07-24 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-03-13 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-07-24 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-05-30 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-05-14 526896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-08-01 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-01 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-06-04 817672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2008-07-18 13543968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-07-18 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-07-18 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
C:\Windows\PLFSetI.exe [2007-10-23 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
D:\Program Files\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-05-07 6139904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-01 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TQ566808]
F:\Setup.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\ADVANC~1\wh_exec.exe [2007-11-10 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
d:\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2008-10-11 3676160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~1\Acer\ACERVC~1\AcerVCM.exe [2008-03-05 1216512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Kerim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
C:\PROGRA~1\CONVES~1\Orion\MESSEN~1.EXE  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2008-10-11 3197952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2008-03-25 567560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Acer\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-10-25 19:01:29 ----D---- C:\Program Files\trend micro
2010-10-25 19:01:28 ----D---- C:\rsit
2010-10-24 12:50:04 ----SHD---- C:\Config.Msi
2010-10-24 11:45:39 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-24 02:44:48 ----D---- C:\Program Files\Common Files\Java
2010-10-24 02:44:15 ----A---- C:\Windows\system32\javaws.exe
2010-10-24 02:44:15 ----A---- C:\Windows\system32\javaw.exe
2010-10-24 02:44:15 ----A---- C:\Windows\system32\java.exe
2010-10-24 02:08:40 ----D---- C:\Users\Kerim\AppData\Roaming\Avira
2010-10-24 01:55:49 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2010-10-24 01:55:45 ----A---- C:\Windows\system32\drivers\avipbb.sys
2010-10-24 01:55:45 ----A---- C:\Windows\system32\drivers\avgntmgr.sys
2010-10-24 01:55:45 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2010-10-24 01:55:45 ----A---- C:\Windows\system32\drivers\avgntdd.sys
2010-10-24 01:55:43 ----D---- C:\ProgramData\Avira
2010-10-24 01:55:43 ----D---- C:\Program Files\Avira
2010-10-24 01:09:15 ----A---- C:\Windows\Xwovib.exe
2010-10-23 23:45:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-10-23 22:14:09 ----A---- C:\Windows\Xwovia.exe
2010-10-20 21:21:47 ----A---- C:\Windows\system32\auth.dll
2010-10-20 21:21:47 ----A---- C:\Windows\system32\advd.dll
2010-10-20 21:21:46 ----A---- C:\Windows\system32\NCTAudioTransform2.dll
2010-10-20 21:21:46 ----A---- C:\Windows\system32\NCTAudioRecord2.dll
2010-10-20 21:21:46 ----A---- C:\Windows\system32\NCTAudioPlayer2.dll
2010-10-20 21:21:46 ----A---- C:\Windows\system32\NCTAudioEditor2.dll
2010-10-20 21:21:45 ----A---- C:\Windows\system32\NCTAudioInformation2.dll
2010-10-20 21:21:45 ----A---- C:\Windows\system32\NCTAudioFile2.dll
2010-10-20 21:21:45 ----A---- C:\Windows\system32\lame_enc.dll
2010-10-20 21:21:44 ----D---- C:\Users\Kerim\AppData\Roaming\concept design
2010-10-20 20:55:39 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-10-20 20:54:48 ----D---- C:\Users\Kerim\AppData\Roaming\DAEMON Tools Lite
2010-10-20 20:54:46 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-10-20 20:48:53 ----A---- C:\Windows\ODBC.INI
2010-10-20 20:48:51 ----A---- C:\Windows\system32\mdimon.dll
2010-10-20 20:46:41 ----D---- C:\Program Files\Common Files\DESIGNER
2010-10-20 20:29:43 ----D---- C:\Users\Kerim\AppData\Roaming\Template
2010-10-13 18:14:00 ----A---- C:\Windows\system32\wmp.dll
2010-10-13 18:13:57 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-13 18:13:32 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-13 18:13:32 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-13 18:13:32 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-13 18:13:32 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-13 18:13:29 ----A---- C:\Windows\system32\netevent.dll
2010-10-13 18:13:07 ----A---- C:\Windows\system32\schannel.dll
2010-10-13 18:13:04 ----A---- C:\Windows\system32\ole32.dll
2010-10-13 18:13:01 ----A---- C:\Windows\system32\t2embed.dll
2010-10-13 18:12:57 ----A---- C:\Windows\system32\mshtml.dll
2010-10-13 18:12:56 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-13 18:12:56 ----A---- C:\Windows\system32\ieframe.dll
2010-10-13 18:12:55 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-13 18:12:54 ----A---- C:\Windows\system32\urlmon.dll
2010-10-13 18:12:53 ----A---- C:\Windows\system32\wininet.dll
2010-10-13 18:12:53 ----A---- C:\Windows\system32\mstime.dll
2010-10-13 18:12:53 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-13 18:12:53 ----A---- C:\Windows\system32\iertutil.dll
2010-10-13 18:12:53 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\occache.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-13 18:12:50 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-13 18:12:50 ----A---- C:\Windows\system32\ieui.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\iesetup.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\iernonce.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\iepeers.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-13 18:10:37 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-13 18:10:37 ----A---- C:\Windows\system32\mfc40.dll
2010-10-13 18:10:18 ----A---- C:\Windows\system32\win32k.sys
2010-10-13 18:10:15 ----A---- C:\Windows\system32\msshsq.dll
2010-10-13 18:10:12 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-13 18:10:09 ----A---- C:\Windows\system32\comctl32.dll
2010-09-29 17:25:13 ----A---- C:\Windows\system32\tzres.dll

======List of files/folders modified in the last 1 months======

2010-10-25 19:01:41 ----D---- C:\Windows\system32\Tasks
2010-10-25 19:01:40 ----D---- C:\Windows\Tasks
2010-10-25 19:01:29 ----D---- C:\Program Files
2010-10-25 19:01:04 ----D---- C:\Windows\Temp
2010-10-24 13:32:54 ----SHD---- C:\System Volume Information
2010-10-24 12:50:51 ----SHD---- C:\Windows\Installer
2010-10-24 12:50:10 ----A---- C:\Windows\win.ini
2010-10-24 12:47:37 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-24 12:41:41 ----RSD---- C:\Windows\assembly
2010-10-24 11:45:39 ----D---- C:\Windows\System32
2010-10-24 11:40:55 ----D---- C:\Windows
2010-10-24 02:44:48 ----D---- C:\Program Files\Common Files
2010-10-24 02:43:27 ----A---- C:\Windows\system32\deployJava1.dll
2010-10-24 02:06:09 ----D---- C:\ProgramData\McAfee
2010-10-24 02:03:31 ----HD---- C:\ProgramData
2010-10-24 02:02:50 ----D---- C:\Windows\system32\drivers
2010-10-24 01:55:01 ----D---- C:\Windows\winsxs
2010-10-24 01:36:53 ----D---- C:\Windows\system32\WDI
2010-10-24 01:15:05 ----D---- C:\Windows\inf
2010-10-24 01:15:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-24 01:05:49 ----RSD---- C:\Windows\Fonts
2010-10-24 00:56:50 ----A---- C:\Windows\WinInit.Ini
2010-10-24 00:14:50 ----SD---- C:\Users\Kerim\AppData\Roaming\Microsoft
2010-10-24 00:03:23 ----D---- C:\Users\Kerim\AppData\Roaming\Winamp
2010-10-24 00:03:19 ----D---- C:\Windows\Debug
2010-10-23 23:52:45 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-23 23:47:30 ----A---- C:\Windows\system32\msxml3a.dll
2010-10-23 23:47:29 ----A---- C:\Windows\system32\msvcr71.dll
2010-10-23 23:47:29 ----A---- C:\Windows\system32\msvcp71.dll
2010-10-23 22:06:38 ----AD---- C:\ProgramData\Temp
2010-10-23 21:58:33 ----D---- C:\ProgramData\CyberLink
2010-10-23 21:44:40 ----D---- C:\Users\Kerim\AppData\Roaming\vlc
2010-10-23 21:34:40 ----D---- C:\Users\Kerim\AppData\Roaming\dvdcss
2010-10-23 21:33:15 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-10-23 21:33:00 ----D---- C:\Program Files\Cyberlink
2010-10-22 10:28:20 ----D---- C:\Windows\system32\catroot2
2010-10-20 20:50:37 ----DC---- C:\Windows\system32\DRVSTORE
2010-10-20 20:47:13 ----D---- C:\Windows\ShellNew
2010-10-20 20:46:25 ----D---- C:\Program Files\Common Files\System
2010-10-20 20:46:04 ----SD---- C:\ProgramData\Microsoft
2010-10-20 20:46:04 ----D---- C:\Program Files\Microsoft.NET
2010-10-20 20:43:40 ----D---- C:\Windows\system
2010-10-20 20:40:09 ----A---- C:\Windows\NeroDigital.ini
2010-10-20 20:39:24 ----D---- C:\Windows\Prefetch
2010-10-20 20:26:14 ----D---- C:\Program Files\Acer GameZone
2010-10-20 20:25:37 ----SHD---- C:\Users\Kerim\AppData\Roaming\.#
2010-10-20 20:10:30 ----D---- C:\ProgramData\Microsoft Help
2010-10-20 20:09:54 ----D---- C:\Program Files\Microsoft Works
2010-10-15 21:53:07 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-10-14 23:12:11 ----D---- C:\Windows\rescache
2010-10-14 20:12:16 ----D---- C:\Windows\system32\de-DE
2010-10-14 20:12:16 ----D---- C:\Program Files\Windows Media Player
2010-10-14 20:12:13 ----D---- C:\Windows\system32\migration
2010-10-14 20:12:13 ----D---- C:\Program Files\Internet Explorer
2010-10-14 15:41:25 ----A---- C:\Windows\system32\mrt.exe
2010-10-13 18:09:50 ----D---- C:\Windows\system32\catroot
2010-10-11 21:08:04 ----D---- C:\Users\Kerim\AppData\Roaming\ICQ
2010-10-09 03:12:25 ----D---- C:\Windows\Microsoft.NET
2010-10-09 02:07:22 ----D---- C:\Windows\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF File System mini-filter; C:\Windows\system32\Drivers\AlfaFF.sys [2008-10-11 42608]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-07-20 324120]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-05-14 18992]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-20 691696]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/23 21:56:08]; \??\D:\Program Files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [2010-08-26 87536]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-26 69632]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-14 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-14 60464]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-19 8704]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-03-26 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-03-26 207872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-07 2134424]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-05-19 47104]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-18 7545824]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-02-15 515584]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-03-26 61440]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-04-28 50576]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-26 6784]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-03-26 661504]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
S3 ab9me7q9;ab9me7q9; C:\Windows\system32\drivers\ab9me7q9.sys []
S3 adfyscdy;adfyscdy; C:\Windows\system32\drivers\adfyscdy.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-14 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2008-10-11 3602432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-18 196608]
R2 Realtek11nSU;Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2009-04-24 36864]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
R2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-19 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-01 24064]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 182768]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

--- --- ---

C:\rsit\info.txt

info.txtRSIT Logfile:

Code:

ATTFilter

logfile of random's system information tool 1.08 2010-10-25 19:01:48

======Uninstall list======

-->D:\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe"  -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe"  -uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Bio Protection

AAU 6.0.00.17-->"C:\Program Files\Acer\Acer Bio Protection\uninstall.exe"
Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0007 -removeonly
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x7  -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x7  -removeonly
AdblockIE-->MsiExec.exe /I{5508128A-2C7B-46B5-81F9-58E8E8115F0B}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced Wheel Mouse 6.0.0.002-->C:\ADVANC~1\uninst.exe
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0007 -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Azureus-->d:\Azureus\Uninstall.exe
Bluesoleil2.6.0.8 Release 070517-->MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D}
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
CCleaner-->"D:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
concept/design onlineTV 5-->"D:\Program Files\concept design\onlineTV 5\unins000.exe"
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
DivX Codec-->D:\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"d:\eMule\Uninstall.exe"
EVEREST Home Edition v2.20-->"d:\Lavalys\EVEREST Home Edition\unins000.exe"
FLV Player 2.0 (build 25)-->D:\Program Files\FLV Player\uninst.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcrZUn32z.INF
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
LOGO!Soft Comfort V6.1-->"D:\LogoSoft\UninstallerData\Uninstall.exe"
Messenger Plus! Live-->"D:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
Mozilla Firefox (3.0.4)-->d:\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8 Lite 8.2.8.0-->"d:\Nero\unins000.exe"
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PDFCreator-->D:\Program Files\PDFCreator\unins000.exe
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
REALTEK 11n USB Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}\Install.exe -uninst -l0x7 
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9  -removeonly
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
SopCast 3.2.9-->D:\Program Files\SopCast\uninst.exe
SPBA 5.8-->MsiExec.exe /I{ECCD28B2-8798-4D16-8126-625D728294A1}
sPlan 6.0 (Demo)-->"D:\sPlan60\unins000.exe"
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPER © Version 2009.bld.36 (June 10, 2009)-->D:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->d:\Teamspeak2_RC2\unins000.exe
TeamSpeak 3 Client-->"d:\Program Files\TeamSpeak 3 Client\uninstall.exe"
TubeBox!-->MsiExec.exe /I{4527481F-E36D-408E-9F40-89E2630E2120}
TVUPlayer 2.5.2.1-->d:\Program Files\TVUPlayer\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Veetle TV 0.9.18-->D:\Program Files\Veetle\UninstallVeetleTV.exe
VLC media player 1.0.5-->D:\VLC\uninstall.exe
Winamp-->"d:\Winamp\UninstWA.exe"
Winbond CIR Device Drivers-->MsiExec.exe /I{10F498FF-5392-4DF3-8F73-FE172A9F3800}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->D:\Winrar\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\WORLD OF WARCRAFT\Uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Kerim-PC
Event Code: 7036
Message: Dienst "DHCP-Client" befindet sich jetzt im Status "Ausgeführt".
Record Number: 193411
Source Name: Service Control Manager
Time Written: 20100606092523.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 7036
Message: Dienst "Netzwerkspeicher-Schnittstellendienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 193410
Source Name: Service Control Manager
Time Written: 20100606092523.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 7036
Message: Dienst "CNG-Schlüsselisolation" befindet sich jetzt im Status "Ausgeführt".
Record Number: 193409
Source Name: Service Control Manager
Time Written: 20100606092523.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 7036
Message: Dienst "TCP/IP-NetBIOS-Hilfsdienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 193408
Source Name: Service Control Manager
Time Written: 20100606092523.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 7036
Message: Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework" befindet sich jetzt im Status "Ausgeführt".
Record Number: 193407
Source Name: Service Control Manager
Time Written: 20100606092523.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: Kerim-PC
Event Code: 8194
Message: Der Wiederherstellungspunkt wurde erfolgreich erstellt (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update).
Record Number: 13100
Source Name: System Restore
Time Written: 20090827145303.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 13099
Source Name: SecurityCenter
Time Written: 20090827145104.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 13098
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090827145002.328387-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Kerim-PC
Event Code: 0
Message: 
Record Number: 13097
Source Name: gusvc
Time Written: 20090827144935.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 10
Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Record Number: 13096
Source Name: Microsoft-Windows-WMI
Time Written: 20090827144931.000000-000
Event Type: Fehler
User: 

=====Security event log=====

Computer Name: Kerim-PC
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode:	2
Record Number: 32569
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091209233308.696856-000
Event Type: Überwachung gescheitert
User: 

Computer Name: Kerim-PC
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode:	2
Record Number: 32568
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091209233304.999656-000
Event Type: Überwachung gescheitert
User: 

Computer Name: Kerim-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-0-0
	Kontoname:		-
	Kontodomäne:		-
	Anmelde-ID:		0x0

Anmeldetyp:			3

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-7
	Kontoname:		ANONYMOUS-ANMELDUNG
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x357d2
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x0
	Prozessname:		-

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		NtLmSsp 
	Authentifizierungspaket:	NTLM
	Übertragene Dienste:	-
	Paketname (nur NTLM):	NTLM V1
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 32567
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091209233304.999656-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Kerim-PC
Event Code: 5024
Message: Der Windows-Firewalldienst wurde erfolgreich gestartet.
Record Number: 32566
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091209233258.728456-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Kerim-PC
Event Code: 5033
Message: Der Windows-Firewalltreiber wurde erfolgreich gestartet.
Record Number: 32565
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091209233258.463256-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;D:\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

--- --- ---

hjtscanlist.txt

Code:

ATTFilter

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

  25.10.2010 19:01     C:\rsit --------- 0   
  25.10.2010 19:01     C:\Program Files --------- 20480   
       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  24.10.2010 17:07     C:\Config.Msi --------- 0   
  24.10.2010 13:32     C:\System Volume Information --------- 28672   
  24.10.2010 11:40     C:\Windows --------- 32768   
  24.10.2010 02:03     C:\ProgramData --------- 12288   
  09.06.2010 18:01     C:\Advanced Wheel Mouse --------- 4096   
  17.01.2010 18:01     C:\Boot --------- 4096   
  11.04.2009 08:36     C:\bootmgr --------- 333257   
  05.12.2008 23:57     C:\IO.SYS --------- 0   
  05.12.2008 23:57     C:\MSDOS.SYS --------- 0   
  05.12.2008 21:57     C:\ACER --------- 4096   
  01.12.2008 21:37     C:\$RECYCLE.BIN --------- 0   
  01.12.2008 21:35     C:\ACERSW --------- 0   
  01.12.2008 21:34     C:\Users --------- 4096   
  01.12.2008 21:31     C:\Programme --------- 0   
  01.12.2008 21:31     C:\Dokumente und Einstellungen --------- 0   
  11.10.2008 02:04     C:\CLSetup --------- 0   
  11.10.2008 02:04     C:\Medion.ini --------- 20   
  11.10.2008 01:58     C:\Partition.txt --------- 60   
  30.07.2008 12:23     C:\BOOTSECT.BAK --------- 8192   
  30.07.2008 04:41     C:\book --------- 0   
  30.07.2008 03:26     C:\RHDSetup.log --------- 426   
  30.07.2008 03:15     C:\Intel --------- 0   
  11.06.2008 07:55     C:\TEMP --------- 0   
  21.01.2008 04:32     C:\PerfLogs --------- 0   
  02.11.2006 15:02     C:\Documents and Settings --------- 0   
  18.09.2006 23:43     C:\config.sys --------- 10   
  18.09.2006 23:43     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  25.10.2010 18:32     C:\Windows\WindowsUpdate.log --------- 1201239   
  25.10.2010 18:26     C:\Windows\bootstat.dat --------- 67584   
  25.10.2010 18:26     C:\Windows\PFRO.log --------- 27464   
  24.10.2010 12:50     C:\Windows\win.ini --------- 240   
  24.10.2010 00:56     C:\Windows\WinInit.Ini --------- 802   
  23.10.2010 22:26     C:\Windows\Xwovib.exe --------- 266240   
  23.10.2010 22:14     C:\Windows\Xwovia.exe --------- 266240   
  20.10.2010 20:48     C:\Windows\ODBC.INI --------- 400   
  20.10.2010 20:40     C:\Windows\NeroDigital.ini --------- 69   
  20.06.2010 13:11     C:\Windows\LManager.UNI --------- 83   
  15.02.2010 13:01     C:\Windows\RtlUI2.exe --------- 380928   
  15.02.2010 13:01     C:\Windows\Rtlihvs.dll --------- 614400   
  15.02.2010 13:01     C:\Windows\RTLExtUI.dll --------- 188416   
  28.12.2009 16:36     C:\Windows\popcinfo.dat --------- 10   
  23.11.2009 19:06     C:\Windows\d3dx.dat --------- 4096   
  29.04.2009 15:46     C:\Windows\RtlIhvOid.dll --------- 208896   
  11.04.2009 08:27     C:\Windows\explorer.exe --------- 2926592   
  30.12.2008 22:35     C:\Windows\0 --------- 32   
  06.12.2008 17:52     C:\Windows\nsreg.dat --------- 0   
  05.12.2008 23:57     C:\Windows\uninst.exe --------- 283648   
  24.10.2008 17:39     C:\Windows\UNINST32.EXE --------- 309768   
  11.10.2008 01:53     C:\Windows\GridV.UNI --------- 92   
  11.10.2008 01:52     C:\Windows\QtZgAcer.UNI --------- 83   
  02.09.2008 04:13     C:\Windows\MOD01SET000000005J.enc --------- 1976   
  02.09.2008 04:13     C:\Windows\CSUP.TXT --------- 10   
  14.08.2008 09:33     C:\Windows\MOD01SET0S00860004.enc --------- 2176   
  30.07.2008 03:25     C:\Windows\DIFxAPI.dll --------- 319456   
  30.07.2008 03:25     C:\Windows\HideWin.exe --------- 315392   
  30.07.2008 02:42     C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 16449536   
  30.07.2008 02:42     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 196608   
  30.07.2008 02:42     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 65536   
  22.07.2008 10:02     C:\Windows\MOD01SET07EN000004.enc --------- 2392   
  18.07.2008 04:59     C:\Windows\ReleaseNotes.txt --------- 2006   
  17.07.2008 06:27     C:\Windows\AcerStore.exe --------- 380928   
  11.06.2008 07:55     C:\Windows\MOD01OPK0400860001.enc --------- 2400   
  20.05.2008 09:57     C:\Windows\Acer Crystal Eye webcam.EXE --------- 262144   
  09.05.2008 07:45     C:\Windows\MOD01SET07EN000002.enc --------- 2392   
  08.05.2008 23:58     C:\Windows\Interop.IWshRuntimeLibrary.dll --------- 49152   
  07.05.2008 10:19     C:\Windows\RtHDVCpl.exe --------- 6139904   
  25.04.2008 07:11     C:\Windows\MOD01SET0J00860003.enc --------- 1996   
  02.04.2008 03:27     C:\Windows\RtlUpd.exe --------- 1196032   
  13.03.2008 11:48     C:\Windows\RTKVADDA.EXE --------- 290816   
  05.03.2008 12:07     C:\Windows\RtlExUpd.dll --------- 520192   
  25.02.2008 11:13     C:\Windows\Suyin.reg --------- 4838   
  31.01.2008 15:18     C:\Windows\RtDefLvl.ini --------- 1694   
  21.01.2008 04:43     C:\Windows\WindowsShell.Manifest --------- 749   
  21.01.2008 04:24     C:\Windows\regedit.exe --------- 134656   
  21.01.2008 04:24     C:\Windows\bfsvc.exe --------- 58880   
  21.01.2008 04:24     C:\Windows\fveupdate.exe --------- 13312   
  21.01.2008 04:24     C:\Windows\HelpPane.exe --------- 498176   
  21.01.2008 04:23     C:\Windows\notepad.exe --------- 151040   
  10.01.2008 05:44     C:\Windows\GVUni.exe --------- 199176   
  20.11.2007 12:15     C:\Windows\SkyTel.exe --------- 1826816   
  14.11.2007 09:18     C:\Windows\USetup.iss --------- 553   
  29.10.2007 13:35     C:\Windows\PidList.ini --------- 36   
  23.10.2007 10:56     C:\Windows\PLFSetI.exe --------- 200704   
  20.04.2007 06:30     C:\Windows\Acer Crystal Eye webcam.ico --------- 222382   
  29.03.2007 16:48     C:\Windows\Image.dll --------- 626688   
  02.11.2006 14:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 14:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 14:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 14:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 14:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 13:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 23:46     C:\Windows\system.ini --------- 219   
  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   
----------------------------------------

 
C:\Windows\System

 27.09.2007 15:32      C:\Windows\System\ms.ico --------- 34530 
 27.09.2007 15:17      C:\Windows\System\sm.ico --------- 37041 
 27.09.2007 15:12      C:\Windows\System\sd.ico --------- 38660 
 27.09.2007 15:04      C:\Windows\System\cf.ico --------- 37300 
 02.08.2007 22:32      C:\Windows\System\DriveIcon.dll --------- 5631520 
 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 
 30.06.2004 16:24      C:\Windows\System\MyMulti.ico --------- 5430 
----------------------------------------

 
C:\Windows\System32

 25.10.2010 19:02     C:\Windows\system32\Tasks --------- 4096  
 25.10.2010 18:26     C:\Windows\system32\LogConfigTemp.xml --------- 0  
 25.10.2010 18:26     C:\Windows\system32\agent.log --------- 147  
 25.10.2010 18:26     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3216  
 25.10.2010 18:26     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3216  
 24.10.2010 02:43     C:\Windows\system32\javaws.exe --------- 153376  
 24.10.2010 02:43     C:\Windows\system32\javaw.exe --------- 145184  
 24.10.2010 02:43     C:\Windows\system32\java.exe --------- 145184  
 24.10.2010 02:43     C:\Windows\system32\deployJava1.dll --------- 472808  
 24.10.2010 02:02     C:\Windows\system32\drivers --------- 81920  
 24.10.2010 01:36     C:\Windows\system32\WDI --------- 4096  
 24.10.2010 01:15     C:\Windows\system32\perfh009.dat --------- 591320  
 24.10.2010 01:15     C:\Windows\system32\perfc009.dat --------- 103194  
 24.10.2010 01:15     C:\Windows\system32\perfh007.dat --------- 623280  
 24.10.2010 01:15     C:\Windows\system32\perfc007.dat --------- 125378  
 24.10.2010 01:15     C:\Windows\system32\PerfStringBackup.INI --------- 1432888  
 24.10.2010 01:10     C:\Windows\system32\GDIPFONTCACHEV1.DAT --------- 85696  
 24.10.2010 01:09     C:\Windows\system32\FNTCACHE.DAT --------- 345512  
 23.10.2010 23:47     C:\Windows\system32\msxml3a.dll --------- 29480  
 23.10.2010 23:47     C:\Windows\system32\msvcr71.dll --------- 353576  
 23.10.2010 23:47     C:\Windows\system32\msvcp71.dll --------- 505128  
 22.10.2010 10:28     C:\Windows\system32\catroot2 --------- 4096  
 20.10.2010 20:50     C:\Windows\system32\DRVSTORE --------- 0  
 19.10.2010 11:41     C:\Windows\system32\MpSigStub.exe --------- 222080  
 14.10.2010 20:12     C:\Windows\system32\de-DE --------- 655360  
 14.10.2010 20:12     C:\Windows\system32\migration --------- 8192  
 14.10.2010 15:41     C:\Windows\system32\mrt.exe --------- 35385288  
 13.10.2010 18:09     C:\Windows\system32\catroot --------- 4096  
 13.09.2010 17:46     C:\Windows\system32\wmp.dll --------- 10628096  
 13.09.2010 15:56     C:\Windows\system32\wmploc.DLL --------- 8147456  
 08.09.2010 08:01     C:\Windows\system32\wininet.dll --------- 916480  
 08.09.2010 08:01     C:\Windows\system32\urlmon.dll --------- 1210880  
 08.09.2010 07:59     C:\Windows\system32\occache.dll --------- 206848  
 08.09.2010 07:58     C:\Windows\system32\mstime.dll --------- 611840  
 08.09.2010 07:57     C:\Windows\system32\mshtmled.dll --------- 66560  
 08.09.2010 07:57     C:\Windows\system32\mshtml.dll --------- 5957120  
 08.09.2010 07:57     C:\Windows\system32\msfeeds.dll --------- 602112  
 08.09.2010 07:57     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 08.09.2010 07:57     C:\Windows\system32\licmgr10.dll --------- 43520  
 08.09.2010 07:57     C:\Windows\system32\jsproxy.dll --------- 25600  
 08.09.2010 07:57     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 08.09.2010 07:56     C:\Windows\system32\ieui.dll --------- 164352  
 08.09.2010 07:56     C:\Windows\system32\iesysprep.dll --------- 109056  
 08.09.2010 07:56     C:\Windows\system32\iertutil.dll --------- 1986560  
 08.09.2010 07:56     C:\Windows\system32\iesetup.dll --------- 71680  
 08.09.2010 07:56     C:\Windows\system32\iernonce.dll --------- 55808  
 08.09.2010 07:56     C:\Windows\system32\iepeers.dll --------- 184320  
 08.09.2010 07:56     C:\Windows\system32\ieframe.dll --------- 11080192  
 08.09.2010 07:56     C:\Windows\system32\iedkcs32.dll --------- 387584  
 08.09.2010 07:04     C:\Windows\system32\html.iec --------- 385024  
 08.09.2010 06:26     C:\Windows\system32\ieUnatt.exe --------- 133632  
 08.09.2010 06:26     C:\Windows\system32\ie4uinit.exe --------- 173056  
 08.09.2010 06:25     C:\Windows\system32\msfeedssync.exe --------- 13312  
 08.09.2010 06:25     C:\Windows\system32\mshtml.tlb --------- 1638912  
 06.09.2010 18:20     C:\Windows\system32\srvsvc.dll --------- 125952  
 06.09.2010 18:19     C:\Windows\system32\netevent.dll --------- 17920  
 31.08.2010 17:46     C:\Windows\system32\mfc40u.dll --------- 954288  
 31.08.2010 17:46     C:\Windows\system32\mfc40.dll --------- 954752  
 31.08.2010 17:44     C:\Windows\system32\comctl32.dll --------- 531968  
 31.08.2010 15:27     C:\Windows\system32\win32k.sys --------- 2038272  
 26.08.2010 18:37     C:\Windows\system32\t2embed.dll --------- 157184  
 20.08.2010 18:05     C:\Windows\system32\wmpmde.dll --------- 867328  
 17.08.2010 16:11     C:\Windows\system32\spoolsv.exe --------- 128000  
 10.08.2010 17:53     C:\Windows\system32\schannel.dll --------- 274944  
 26.07.2010 17:51     C:\Windows\system32\shell32.dll --------- 11584512  
 28.06.2010 19:00     C:\Windows\system32\ole32.dll --------- 1316864  
 26.06.2010 00:27     C:\Windows\system32\en-US --------- 8192  
 22.06.2010 15:30     C:\Windows\system32\tzres.dll --------- 2048  
 18.06.2010 19:31     C:\Windows\system32\rtutils.dll --------- 36864  
 11.06.2010 18:15     C:\Windows\system32\msxml3.dll --------- 1248768  
 11.06.2010 16:15     C:\Windows\system32\wbem --------- 81920  
 08.06.2010 19:35     C:\Windows\system32\ntoskrnl.exe --------- 3548040  
 08.06.2010 19:35     C:\Windows\system32\ntkrnlpa.exe --------- 3600768  
 27.05.2010 22:08     C:\Windows\system32\inetcomm.dll --------- 739328  
 27.05.2010 22:08     C:\Windows\system32\iccvid.dll --------- 81920  
 26.05.2010 19:06     C:\Windows\system32\atmlib.dll --------- 34304  
 26.05.2010 16:47     C:\Windows\system32\atmfd.dll --------- 289792  
 18.05.2010 16:35     C:\Windows\system32\dns-sd.exe --------- 107808  
 18.05.2010 16:35     C:\Windows\system32\dnssd.dll --------- 91424  
 04.05.2010 21:13     C:\Windows\system32\msshsq.dll --------- 231424  
 19.04.2010 20:47     C:\Windows\system32\usbaaplrc.dll --------- 3062048  
 16.04.2010 18:46     C:\Windows\system32\usp10.dll --------- 502272  
 16.04.2010 18:43     C:\Windows\system32\Apphlpdm.dll --------- 28672  
 16.04.2010 16:39     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  
 05.04.2010 19:02     C:\Windows\system32\MP4SDECD.DLL --------- 317952  
 05.04.2010 19:01     C:\Windows\system32\asycfilt.dll --------- 67072  
 18.03.2010 13:16     C:\Windows\system32\msvcr100_clr0400.dll --------- 771424  
 17.03.2010 21:53     C:\Windows\system32\QuickTime.qts --------- 69632  
 17.03.2010 21:53     C:\Windows\system32\QuickTimeVR.qtx --------- 94208  
 05.03.2010 16:01     C:\Windows\system32\vbscript.dll --------- 420352  
 21.02.2010 01:06     C:\Windows\system32\nshhttp.dll --------- 24064  
 21.02.2010 01:05     C:\Windows\system32\httpapi.dll --------- 30720  
 18.02.2010 15:30     C:\Windows\system32\iphlpsvc.dll --------- 200704  
 15.02.2010 13:01     C:\Windows\system32\RtlUI2.exe --------- 380928  
 15.02.2010 13:01     C:\Windows\system32\Rtlihvs.dll --------- 614400  
 15.02.2010 13:01     C:\Windows\system32\RTLExtUI.dll --------- 188416  
 12.02.2010 12:32     C:\Windows\system32\browserchoice.exe --------- 293376  
 10.02.2010 19:13     C:\Windows\system32\unrar.dll --------- 165376  
 25.01.2010 14:00     C:\Windows\system32\secproc_ssp_isv.dll --------- 152576  
 25.01.2010 14:00     C:\Windows\system32\secproc_ssp.dll --------- 152064  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 25.10.2010 19:02     C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job --------- 286  
 25.10.2010 19:01     C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job --------- 286  
 25.10.2010 18:32     C:\Windows\Tasks\User_Feed_Synchronization-{5A0D5830-462D-4450-901E-10C1E3C1B043}.job --------- 426  
 25.10.2010 18:27     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092  
 25.10.2010 18:26     C:\Windows\Tasks\SA.DAT --------- 6  
 25.10.2010 00:15     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32510  
 24.10.2010 23:23     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096  
----------------------------------------

 
C:\Windows\Temp

 25.10.2010 18:31     C:\Windows\Temp\GoogleToolbarInstaller1.log --------- 270  
 24.10.2010 17:06     C:\Windows\Temp\fwtsqmfile01.sqm --------- 632  
 24.10.2010 11:45     C:\Windows\Temp\MpSigStub.log --------- 3462  
 24.10.2010 02:45     C:\Windows\Temp\History --------- 0  
 24.10.2010 02:45     C:\Windows\Temp\Cookies --------- 0  
 24.10.2010 02:45     C:\Windows\Temp\Temporary Internet Files --------- 0  
 24.10.2010 01:10     C:\Windows\Temp\sqlite_070nLscDkgxjJWi --------- 0  
 24.10.2010 01:10     C:\Windows\Temp\sqlite_PM4QmVm1ZKRcrHe --------- 0  
 24.10.2010 01:07     C:\Windows\Temp\sqlite_MsthssROtao7E8z --------- 0  
 24.10.2010 01:06     C:\Windows\Temp\fwtsqmfile00.sqm --------- 632  
 23.10.2010 19:59     C:\Windows\Temp\sqlite_jTVaEfgVxPrV7bZ --------- 0  
 23.10.2010 19:59     C:\Windows\Temp\sqlite_64E437p97W39gO2 --------- 0  
 23.10.2010 19:58     C:\Windows\Temp\mcmsc_sjRSqLaubsuLAD1 --------- 0  
 23.10.2010 14:36     C:\Windows\Temp\sqlite_oFmrmafAsL3u9kL --------- 0  
 23.10.2010 14:36     C:\Windows\Temp\sqlite_NJSteGJ9jaucOyP --------- 0  
 23.10.2010 10:44     C:\Windows\Temp\sqlite_ZXULdca65eSgkgJ --------- 0  
 23.10.2010 10:44     C:\Windows\Temp\sqlite_iGPhYyQHJLifuKG --------- 0  
----------------------------------------

 
C:\Users\Kerim\AppData\Local\Temp

 25.10.2010 19:09     C:\Users\Kerim\AppData\Local\Temp\~DF71BA.tmp --------- 16384  
 25.10.2010 19:09     C:\Users\Kerim\AppData\Local\Temp\~DF5D05.tmp --------- 16384  
 25.10.2010 19:08     C:\Users\Kerim\AppData\Local\Temp\fla254E.tmp --------- 6617782  
 25.10.2010 19:04     C:\Users\Kerim\AppData\Local\Temp\Low --------- 4096  
 25.10.2010 18:32     C:\Users\Kerim\AppData\Local\Temp\jusched.log --------- 5509  
 25.10.2010 18:27     C:\Users\Kerim\AppData\Local\Temp\WPDNSE --------- 0  
 25.10.2010 18:27     C:\Users\Kerim\AppData\Local\Temp\Kerim.bmp --------- 31832  
 24.10.2010 18:04     C:\Users\Kerim\AppData\Local\Temp\veetlea --------- 0  
 24.10.2010 18:04     C:\Users\Kerim\AppData\Local\Temp\veetleb --------- 0  
 24.10.2010 17:05     C:\Users\Kerim\AppData\Local\Temp\plugtmp --------- 0  
 24.10.2010 16:04     C:\Users\Kerim\AppData\Local\Temp\MessengerCache --------- 0  
 24.10.2010 13:55     C:\Users\Kerim\AppData\Local\Temp\CLUpdater8.ini --------- 296  
 24.10.2010 12:50     C:\Users\Kerim\AppData\Local\Temp\hsperfdata_Kerim --------- 0  
 24.10.2010 12:50     C:\Users\Kerim\AppData\Local\Temp\CFG34E6.tmp --------- 123  
 24.10.2010 12:50     C:\Users\Kerim\AppData\Local\Temp\CFGA4A8.tmp --------- 123  
 24.10.2010 03:32     C:\Users\Kerim\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 440  
 24.10.2010 03:32     C:\Users\Kerim\AppData\Local\Temp\AUCHECK_CORE.txt --------- 302  
 24.10.2010 02:44     C:\Users\Kerim\AppData\Local\Temp\JAUReg.log --------- 504  
 24.10.2010 02:44     C:\Users\Kerim\AppData\Local\Temp\java_install_reg.log --------- 3582  
 24.10.2010 02:44     C:\Users\Kerim\AppData\Local\Temp\java_install.log --------- 28989  
 24.10.2010 01:56     C:\Users\Kerim\AppData\Local\Temp\RarSFX0 --------- 40960  
 24.10.2010 01:55     C:\Users\Kerim\AppData\Local\Temp\dd_vcredistUI6673.txt --------- 12554  
 24.10.2010 01:55     C:\Users\Kerim\AppData\Local\Temp\dd_vcredistMSI6673.txt --------- 432520  
 24.10.2010 01:27     C:\Users\Kerim\AppData\Local\Temp\Cookies --------- 4096  
 24.10.2010 01:09     C:\Users\Kerim\AppData\Local\Temp\History --------- 0  
 24.10.2010 01:09     C:\Users\Kerim\AppData\Local\Temp\Temporary Internet Files --------- 0  
 24.10.2010 00:15     C:\Users\Kerim\AppData\Local\Temp\eDatasecurity --------- 0  
 24.10.2010 00:12     C:\Users\Kerim\AppData\Local\Temp\CLUpdater7.ini --------- 296  
 24.10.2010 00:07     C:\Users\Kerim\AppData\Local\Temp\CLUpdater6.ini --------- 296  
 24.10.2010 00:03     C:\Users\Kerim\AppData\Local\Temp\Google Toolbar --------- 4096  
 23.10.2010 23:56     C:\Users\Kerim\AppData\Local\Temp\CLUpdater5.ini --------- 296  
 23.10.2010 23:53     C:\Users\Kerim\AppData\Local\Temp\CLUpdater4.ini --------- 296  
 23.10.2010 23:22     C:\Users\Kerim\AppData\Local\Temp\CLUpdater3.ini --------- 296  
 23.10.2010 23:11     C:\Users\Kerim\AppData\Local\Temp\CLUpdater2.ini --------- 296  
 23.10.2010 23:11     C:\Users\Kerim\AppData\Local\Temp\wmplog07.sqm --------- 1672  
 23.10.2010 22:30     C:\Users\Kerim\AppData\Local\Temp\CLUpdater1.ini --------- 296  
 23.10.2010 22:29     C:\Users\Kerim\AppData\Local\Temp\Xt0..bat --------- 246  
 23.10.2010 22:29     C:\Users\Kerim\AppData\Local\Temp\Xuj.exe --------- 249856  
 23.10.2010 22:27     C:\Users\Kerim\AppData\Local\Temp\CLUpdater0.ini --------- 296  
 23.10.2010 22:26     C:\Users\Kerim\AppData\Local\Temp\Xtz..bat --------- 246  
 23.10.2010 22:26     C:\Users\Kerim\AppData\Local\Temp\Xui.exe --------- 249856  
 23.10.2010 22:26     C:\Users\Kerim\AppData\Local\Temp\Xuh.exe --------- 274432  
 23.10.2010 22:26     C:\Users\Kerim\AppData\Local\Temp\Xug.exe --------- 266240  
 23.10.2010 22:26     C:\Users\Kerim\AppData\Local\Temp\Xuf.exe --------- 401408  
 23.10.2010 22:22     C:\Users\Kerim\AppData\Local\Temp\Xue.exe --------- 274432  
 23.10.2010 22:22     C:\Users\Kerim\AppData\Local\Temp\Xud.exe --------- 266240  
 23.10.2010 22:22     C:\Users\Kerim\AppData\Local\Temp\Xuc.exe --------- 401408  
 23.10.2010 22:20     C:\Users\Kerim\AppData\Local\Temp\Xtv..bat --------- 246  
 23.10.2010 22:20     C:\Users\Kerim\AppData\Local\Temp\Xub.exe --------- 249856  
 23.10.2010 22:18     C:\Users\Kerim\AppData\Local\Temp\CLUpdater.ini --------- 296  
 23.10.2010 22:18     C:\Users\Kerim\AppData\Local\Temp\Xua.exe --------- 274432  
 23.10.2010 22:18     C:\Users\Kerim\AppData\Local\Temp\Xt9.exe --------- 266240  
 23.10.2010 22:18     C:\Users\Kerim\AppData\Local\Temp\Xt8.exe --------- 401408  
 23.10.2010 22:17     C:\Users\Kerim\AppData\Local\Temp\Xty..bat --------- 246  
 23.10.2010 22:17     C:\Users\Kerim\AppData\Local\Temp\Xtx..bat --------- 244  
 23.10.2010 22:17     C:\Users\Kerim\AppData\Local\Temp\Xt7.exe --------- 249856  
 23.10.2010 22:17     C:\Users\Kerim\AppData\Local\Temp\Xtw..bat --------- 244  
 23.10.2010 22:16     C:\Users\Kerim\AppData\Local\Temp\Xt6.exe --------- 249856  
 23.10.2010 22:15     C:\Users\Kerim\AppData\Local\Temp\Xt5.exe --------- 274432  
 23.10.2010 22:15     C:\Users\Kerim\AppData\Local\Temp\Xt4.exe --------- 266240  
 23.10.2010 22:15     C:\Users\Kerim\AppData\Local\Temp\Xt3.exe --------- 274432  
 23.10.2010 22:15     C:\Users\Kerim\AppData\Local\Temp\Xt2.exe --------- 266240  
 23.10.2010 22:15     C:\Users\Kerim\AppData\Local\Temp\Xt1.exe --------- 401408  
 23.10.2010 22:14     C:\Users\Kerim\AppData\Local\Temp\Xt0.exe --------- 401408  
 23.10.2010 22:14     C:\Users\Kerim\AppData\Local\Temp\Xtz.exe --------- 274432  
 23.10.2010 22:14     C:\Users\Kerim\AppData\Local\Temp\Xty.exe --------- 266240  
 23.10.2010 22:14     C:\Users\Kerim\AppData\Local\Temp\Xtx.exe --------- 274432  
 23.10.2010 22:14     C:\Users\Kerim\AppData\Local\Temp\Xtw.exe --------- 266240  
 23.10.2010 22:13     C:\Users\Kerim\AppData\Local\Temp\Xtv.exe --------- 401408  
 23.10.2010 21:34     C:\Users\Kerim\AppData\Local\Temp\wmplog06.sqm --------- 1672  
 23.10.2010 21:24     C:\Users\Kerim\AppData\Local\Temp\{DF7E20AB-2765-416E-8344-A38E08101D22} --------- 12288  
 11.10.2008 02:28     C:\Users\Kerim\AppData\Local\Temp\4894c1.mst --------- 38912  
 20.12.2006 08:53     C:\Users\Kerim\AppData\Local\Temp\Set6F37.tmp --------- 171568  
----------------------------------------

 
C:\Program Files

 25.10.2010 19:01     C:\Program Files\trend micro --------- 0  
 24.10.2010 02:44     C:\Program Files\Common Files --------- 4096  
 24.10.2010 01:55     C:\Program Files\Avira --------- 0  
 23.10.2010 23:52     C:\Program Files\InstallShield Installation Information --------- 12288  
 23.10.2010 21:33     C:\Program Files\Cyberlink --------- 0  
 20.10.2010 20:46     C:\Program Files\Microsoft.NET --------- 0  
 20.10.2010 20:26     C:\Program Files\Acer GameZone --------- 0  
 20.10.2010 20:09     C:\Program Files\Microsoft Works --------- 28672  
 14.10.2010 20:12     C:\Program Files\Windows Media Player --------- 4096  
 14.10.2010 20:12     C:\Program Files\Internet Explorer --------- 4096  
 16.09.2010 23:49     C:\Program Files\Windows Mail --------- 4096  
 12.08.2010 20:44     C:\Program Files\Movie Maker --------- 8192  
 04.08.2010 20:09     C:\Program Files\iPod --------- 0  
 17.06.2010 22:00     C:\Program Files\Bonjour --------- 4096  
 06.06.2010 11:52     C:\Program Files\World of Warcraft --------- 0  
 06.03.2010 16:58     C:\Program Files\Google --------- 4096  
 15.02.2010 13:03     C:\Program Files\Cisco --------- 0  
 15.02.2010 13:02     C:\Program Files\Realtek --------- 0  
 18.01.2010 04:20     C:\Program Files\Windows Portable Devices --------- 0  
 17.01.2010 17:53     C:\Program Files\Windows Calendar --------- 0  
 17.01.2010 17:53     C:\Program Files\Windows Sidebar --------- 4096  
 17.01.2010 17:53     C:\Program Files\Windows Collaboration --------- 4096  
 17.01.2010 17:53     C:\Program Files\Windows Journal --------- 4096  
 17.01.2010 17:53     C:\Program Files\Windows Photo Gallery --------- 4096  
 17.01.2010 17:53     C:\Program Files\Windows Defender --------- 4096  
 11.11.2009 18:48     C:\Program Files\DIFX --------- 0  
 11.11.2009 18:48     C:\Program Files\PC Connectivity Solution --------- 12288  
 06.11.2009 16:58     C:\Program Files\Microsoft --------- 0  
 06.11.2009 16:58     C:\Program Files\Windows Live --------- 0  
 06.11.2009 16:58     C:\Program Files\Windows Live SkyDrive --------- 0  
 07.10.2009 19:33     C:\Program Files\AviSynth 2.5 --------- 0  
 06.12.2008 18:34     C:\Program Files\Zero G Registry --------- 0  
 06.12.2008 17:27     C:\Program Files\Apple Software Update --------- 4096  
 06.12.2008 17:04     C:\Program Files\QuickTime --------- 0  
 01.12.2008 22:59     C:\Program Files\Java --------- 0  
 01.12.2008 22:09     C:\Program Files\MSXML 4.0 --------- 0  
 01.12.2008 21:35     C:\Program Files\Acer --------- 4096  
 01.12.2008 21:31     C:\Program Files\Windows NT --------- 4096  
 01.12.2008 21:31     C:\Program Files\Gemeinsame Dateien --------- 0  
 11.10.2008 02:29     C:\Program Files\Acer Incorporated --------- 0  
 11.10.2008 02:14     C:\Program Files\Acer Arcade Deluxe --------- 4096  
 11.10.2008 01:53     C:\Program Files\Acer Inc --------- 0  
 11.10.2008 01:52     C:\Program Files\Launch Manager --------- 4096  
 30.07.2008 04:15     C:\Program Files\Convesoft --------- 0  
 30.07.2008 04:14     C:\Program Files\Adobe --------- 0  
 30.07.2008 04:13     C:\Program Files\NewTech Infosystems --------- 0  
 30.07.2008 04:10     C:\Program Files\Big Kahuna Reef --------- 0  
 30.07.2008 03:31     C:\Program Files\Winbond Electronics Corporation --------- 0  
 30.07.2008 03:31     C:\Program Files\Synaptics --------- 0  
 30.07.2008 03:27     C:\Program Files\CONEXANT --------- 0  
 30.07.2008 03:23     C:\Program Files\Intel --------- 0  
 21.01.2008 04:43     C:\Program Files\desktop.ini --------- 174  
 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 14:37     C:\Program Files\Microsoft Games --------- 4096  
 02.11.2006 14:37     C:\Program Files\MSBuild --------- 0  
 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

Public    
Kerim    
Default    
desktop.ini    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         1.000 K
smss.exe                       488 Services                   0           576 K
csrss.exe                      620 Services                   0         6.472 K
wininit.exe                    672 Services                   0         3.480 K
csrss.exe                      684 Console                    1         9.804 K
services.exe                   716 Services                   0         6.092 K
lsass.exe                      732 Services                   0         2.404 K
lsm.exe                        740 Services                   0         3.452 K
svchost.exe                    880 Services                   0         5.808 K
nvvsvc.exe                     944 Services                   0         2.836 K
svchost.exe                    972 Services                   0         6.060 K
svchost.exe                   1008 Services                   0        28.268 K
svchost.exe                   1060 Services                   0        12.592 K
svchost.exe                   1088 Services                   0        79.740 K
svchost.exe                   1104 Services                   0       121.884 K
audiodg.exe                   1188 Services                   0         8.980 K
svchost.exe                   1208 Services                   0         4.080 K
SLsvc.exe                     1224 Services                   0         3.968 K
svchost.exe                   1272 Services                   0        11.916 K
winlogon.exe                  1372 Console                    1         4.700 K
svchost.exe                   1436 Services                   0        12.660 K
spoolsv.exe                   1648 Services                   0         7.144 K
sched.exe                     1672 Services                   0         1.568 K
svchost.exe                   1684 Services                   0        15.152 K
avguard.exe                   1868 Services                   0        16.196 K
AppleMobileDeviceService.     1912 Services                   0         3.180 K
mDNSResponder.exe             1932 Services                   0         4.468 K
Agentsvc.exe                  1944 Services                   0         3.204 K
CLHNService.exe               2020 Services                   0         3.340 K
avshadow.exe                  2044 Services                   0         3.424 K
eDSService.exe                 312 Services                   0         3.536 K
rundll32.exe                   412 Console                    1         4.884 K
ETService.exe                  600 Services                   0        11.052 K
upeksvr.exe                   1216 Console                    1         6.972 K
IAANTmon.exe                  1740 Services                   0         5.036 K
BASVC.exe                     2068 Services                   0         4.708 K
LSSrvc.exe                    2208 Services                   0         2.944 K
MobilityService.exe           2340 Services                   0         7.520 K
CompPtcVUI.exe                2396 Console                    1         7.108 K
BackupSvc.exe                 2420 Services                   0         4.108 K
SchedulerSvc.exe              2464 Services                   0         4.188 K
svchost.exe                   2488 Services                   0         4.456 K
RtlService.exe                2564 Services                   0         4.108 K
RS_Service.exe                2640 Services                   0         2.644 K
RtWLan.exe                    2660 Console                    1         8.888 K
StarWindServiceAE.exe         2688 Services                   0         4.072 K
svchost.exe                   2720 Services                   0         4.904 K
svchost.exe                   2760 Services                   0         1.904 K
SearchIndexer.exe             2780 Services                   0        20.544 K
XAudio.exe                    2856 Services                   0         2.332 K
taskeng.exe                   3184 Services                   0         5.172 K
WmiPrvSE.exe                  3396 Services                   0         5.132 K
dwm.exe                       3988 Console                    1        72.592 K
taskeng.exe                   4024 Console                    1        10.864 K
explorer.exe                  2132 Console                    1        50.848 K
MSASCui.exe                    712 Console                    1        13.720 K
LManager.exe                  2588 Console                    1         5.272 K
avgnt.exe                     2968 Console                    1         3.968 K
jusched.exe                   3904 Console                    1         3.536 K
wmpnscfg.exe                  3912 Console                    1         4.240 K
GoogleToolbarNotifier.exe     2684 Console                    1         2.652 K
wmpnetwk.exe                  4016 Services                   0        18.736 K
unsecapp.exe                  4160 Console                    1         5.108 K
Xwovia.exe                    5980 Console                    1       102.180 K
Xwovia.exe                    4224 Console                    1        91.888 K
Xwovia.exe                    7020 Console                    1        87.468 K
Xwovia.exe                    7032 Console                    1        68.504 K
Xwovia.exe                    7104 Console                    1        80.324 K
Xwovia.exe                    7156 Console                    1        99.856 K
Xwovia.exe                    7428 Console                    1        84.224 K
firefox.exe                   7452 Console                    1        89.540 K
Xuj.exe                       1884 Console                    1        23.636 K
Xtx.exe                       6164 Console                    1        29.296 K
notepad.exe                   3028 Console                    1         5.944 K
notepad.exe                   4404 Console                    1         6.040 K
cmd.exe                       4604 Console                    1         3.016 K
conime.exe                    2776 Console                    1         3.956 K
SearchFilterHost.exe          2636 Services                   0         5.328 K
SearchProtocolHost.exe        5392 Services                   0         8.060 K
iexplore.exe                  2908 Console                    1        15.544 K
iexplore.exe                  6916 Console                    1        23.996 K
GoogleToolbarUser_32.exe      5516 Console                    1        10.940 K
tasklist.exe                  3604 Console                    1         4.792 K
WmiPrvSE.exe                  6644 Services                   0         5.712 K

 
***** Ende des Scans 25.10.2010 um 19:09:26,30 ***

INSTALL

Acer Arcade Deluxe CyberLink Corp. 10.10.2008 83,0MB 2.0.5529
Acer Bio Protection

AAU 6.0.00.17 10.10.2008 183,2MB
Acer Crystal Eye Webcam 2.0.8 SuYin 10.10.2008 2,95MB 2.0.8
Acer eAudio Management CyberLink Corp. 10.10.2008 4,71MB 3.0.3008
Acer eDataSecurity Management Egis Inc. 29.07.2008 69,3MB 3.0.3062
Acer Empowering Technology Acer Incorporated 10.10.2008 147,8MB 3.0.3009
Acer ePower Management Acer Incorporated 10.10.2008 9,84MB 3.0.3014
Acer eRecovery Management Acer Incorporated 10.10.2008 27,6MB 3.0.3014
Acer eSettings Management Acer Incorporated 29.07.2008 27,4MB 3.0.3007
Acer GridVista 10.10.2008 1,51MB 2.72.317
Acer Mobility Center Plug-In Acer Inc. 29.07.2008 4,13MB 3.0.3000
Acer ScreenSaver Acer Incorporated 10.10.2008 1.11.0701
Acer VCM Acer Incorporated 10.10.2008 22,9MB 3.1.3000
AdblockIE af0.net 23.10.2010 9,46MB 1.2
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 15.08.2010 10.1.82.76
Adobe Flash Player ActiveX Adobe Systems Incorporated 10.10.2008 9.0.124.0
Adobe Reader 8.1.0 Adobe Systems Incorporated 29.07.2008 87,9MB 8.1.0
Advanced Wheel Mouse 6.0.0.002 08.06.2010 0,46MB
Apple Application Support Apple Inc. 16.06.2010 42,8MB 1.3.0
Apple Mobile Device Support Apple Inc. 16.06.2010 19,9MB 3.1.0.62
Apple Software Update Apple Inc. 05.12.2008 2,16MB 2.1.1.116
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver Atheros Communications Inc. 29.07.2008 2,93MB 1.0.0.30
Avira AntiVir Personal - Free Antivirus Avira GmbH 23.10.2010 122,7MB 10.0.0.567
Azureus 05.12.2008 15,9MB 2.5.0.4
Bluesoleil2.6.0.8 Release 070517 IVT Corporation 29.12.2008 11,4MB 2.6.0.8 Release 070517
Bonjour Apple Inc. 16.06.2010 0,76MB 2.0.2.0
CCleaner Piriform 22.10.2010 2,96MB 2.36
Cisco EAP-FAST Module Cisco Systems, Inc. 14.02.2010 2,98MB 2.0.26
Cisco LEAP Module Cisco Systems, Inc. 14.02.2010 1,04MB 1.0.11
Cisco PEAP Module Cisco Systems, Inc. 14.02.2010 0,84MB 1.0.12
concept/design onlineTV 5 concept/design GmbH 19.10.2010 8,13MB onlineTV 5
CyberLink PowerDVD 10 CyberLink Corp. 22.10.2010 237,7MB 10.0.2113
DivX Codec DivX, Inc. 05.12.2008 1,40MB 6.8.5
DivX Converter DivX, Inc. 05.12.2008 30,4MB 6.6.1
DivX Player 05.12.2008 15,4MB 6.8.2
DivX Web Player DivX,Inc. 05.12.2008 2,92MB 1.4.2
eMule 05.12.2008 10,6MB
EVEREST Home Edition v2.20 Lavalys Inc 12.12.2008 6,58MB 2.20
FLV Player 2.0 (build 25) Martijn de Visser 24.05.2009 1,95MB 2.0 (build 25)
Google Desktop Google 30.11.2008 30,2MB 5.7.0808.07150
Google Earth Google 12.12.2008 25,3MB 4.3.7284.3916
Google Toolbar for Internet Explorer Google Inc. 11.07.2010 34,9MB
HDAUDIO Soft Data Fax Modem with SmartCP Conexant Systems 29.07.2008 0,98MB 7.73.00.52
ICQ6.5 ICQ 03.01.2009 48,0MB 6.5
Intel® Matrix Storage Manager Intel Corporation 10.10.2008 49,7MB
iTunes Apple Inc. 03.08.2010 161,9MB 9.2.1.5
Java(TM) 6 Update 22 Oracle 23.10.2010 97,1MB 6.0.220
Launch Manager Acer Inc. 19.06.2010 2,66MB 2.0.02
LOGO!Soft Comfort V6.1 Siemens AG 05.12.2008 104,6MB 6.1.0.0
Messenger Plus! Live Patchou 12.08.2009 12,8MB 4.82.0.368
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 07.08.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 20.05.2009 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319
Microsoft Office Professional Edition 2003 Microsoft Corporation 23.10.2010 401,9MB 11.0.8173.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 06.11.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 29.07.2008 0,41MB 8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 12.11.2009 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 10.11.2009 0,45MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.07.2010 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23.10.2010 0,58MB 9.0.30729.4148
Microsoft Works Microsoft Corporation 09.12.2009 282,6MB 08.05.0822
Mozilla Firefox (3.0.4) Mozilla 05.12.2008 26,4MB 3.0.4 (de)
Mozilla Firefox (3.6.11) Mozilla 19.10.2010 32,7MB 3.6.11 (de)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 30.11.2008 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0
Nero 8 Lite 8.2.8.0 Updatepack.nl 07.12.2008 55,5MB 8.2.8.0
NTI Backup Now 5 NewTech Infosystems 29.07.2008 28,6MB 5.1.2.606
NTI Media Maker 8 NewTech Infosystems 29.07.2008 187,0MB 8.0.2.6329
NVIDIA Drivers 16.01.2010
PC Connectivity Solution Nokia 10.11.2009 12,1MB 9.23.3.0
PDFCreator Frank Heindörfer, Philip Chinery 22.05.2010 21,1MB 0.9.9
QuickTime Apple Inc. 15.05.2010 73,8MB 7.66.71.0
REALTEK 11n USB Wireless LAN Driver and Utility REALTEK Semiconductor Corp. 14.02.2010 5,08MB 1.00.0106
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 29.07.2008 21,6MB 6.0.1.5618
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 29.07.2008 2,97MB
SopCast 3.2.9 www.sopcast.com 22.10.2010 8,44MB 3.2.9
SPBA 5.8 UPEK Inc. 10.10.2008 20,1MB 5.8.2.4218
sPlan 6.0 (Demo) 04.12.2008 5,50MB
Spybot - Search & Destroy Safer Networking Limited 22.10.2010 50,3MB 1.6.2
SUPER © Version 2009.bld.36 (June 10, 2009) eRightSoft 06.10.2009 27,2MB Version 2009.bld.36 (June 10, 2009)
Synaptics Pointing Device Driver Synaptics 29.07.2008 14,4MB 11.1.4.0
TeamSpeak 2 RC2 Dominating Bytes Design 12.12.2008 2.0.32.60
TeamSpeak 3 Client TeamSpeak Systems GmbH 05.07.2010 30,3MB
TubeBox! Jens Lorek 05.05.2010 14,4MB 3.3.10
TVUPlayer 2.5.2.1 TVU networks 13.03.2010 14,6MB 2.5.2.1
Veetle TV 0.9.18 Veetle, Inc 23.10.2010 36,3MB 0.9.18
VLC media player 1.0.5 VideoLAN Team 19.03.2010 60,0MB 1.0.5
Winamp Nullsoft, Inc 12.12.2008 29,2MB 5.541
Winbond CIR Device Drivers Winbond Electronics Corporation 29.07.2008 2,25MB 7.60.1012
Windows Live Anmelde-Assistent Microsoft Corporation 05.11.2009 1,93MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 05.11.2009 44,0MB 14.0.8089.0726
Windows Live-Uploadtool Microsoft Corporation 05.11.2009 0,22MB 14.0.8014.1029
Windows Media Player Firefox Plugin Microsoft Corp 07.06.2010 0,29MB 1.0.0.8
WinRAR 04.12.2008 3,73MB
World of Warcraft Blizzard Entertainment 14.10.2010 26.734,1MB 4.0.1.13164

[code]

File name:
Xwovia.exe
Submission date:
2010-10-25 17:14:10 (UTC)
Current status:
queued (#10) queued (#10) analysing finished
Result:
23/ 43 (53.5%)

Antivirus Version Last Update Result
AhnLab-V3 2010.10.25.00 2010.10.25 -
AntiVir 7.10.13.35 2010.10.25 -
Antiy-AVL 2.0.3.7 2010.10.25 -
Authentium 5.2.0.5 2010.10.24 W32/Renos.A!Generic
Avast 4.8.1351.0 2010.10.25 Win32:Malware-gen
Avast5 5.0.594.0 2010.10.25 Win32:Malware-gen
AVG 9.0.0.851 2010.10.25 Downloader.Generic10.AFTP
BitDefender 7.2 2010.10.25 Gen:Variant.Kazy.2182
CAT-QuickHeal 11.00 2010.10.25 -
ClamAV 0.96.2.0-git 2010.10.25 -
Comodo 6504 2010.10.25 MalCrypt.Indus!
DrWeb 5.0.2.03300 2010.10.25 Trojan.DownLoader1.28144
Emsisoft 5.0.0.50 2010.10.25 -
eSafe 7.0.17.0 2010.10.25 -
eTrust-Vet 36.1.7933 2010.10.25 Win32/Renos.D!generic
F-Prot 4.6.2.117 2010.10.24 W32/Renos.A!Generic
F-Secure 9.0.16160.0 2010.10.25 Gen:Variant.Kazy.2182
Fortinet 4.2.249.0 2010.10.25 -
GData 21 2010.10.25 Gen:Variant.Kazy.2182
Ikarus T3.1.1.90.0 2010.10.25 -
Jiangmin 13.0.900 2010.10.25 -
K7AntiVirus 9.66.2830 2010.10.25 Virus
Kaspersky 7.0.0.125 2010.10.25 -
McAfee 5.400.0.1158 2010.10.25 Downloader-CEW.b
McAfee-GW-Edition 2010.1C 2010.10.25 Heuristic.BehavesLike.Win32.Obfuscated.H
Microsoft 1.6301 2010.10.25 TrojanDownloader:Win32/Renos.LX
NOD32 5561 2010.10.25 a variant of Win32/Kryptik.HQN
Norman 6.06.10 2010.10.25 -
nProtect 2010-10-25.01 2010.10.25 Gen:Variant.Kazy.2182
Panda 10.0.2.7 2010.10.25 Suspicious file
PCTools 7.0.3.5 2010.10.25 -
Prevx 3.0 2010.10.25 Medium Risk Malware
Rising 22.70.06.04 2010.10.25 -
Sophos 4.58.0 2010.10.25 Mal/FakeAV-CX
Sunbelt 7138 2010.10.25 VirTool.Win32.Obfuscator.hg!b1 (v)
SUPERAntiSpyware 4.40.0.1006 2010.10.25 -
Symantec 20101.2.0.161 2010.10.25 -
TheHacker 6.7.0.1.066 2010.10.25 Trojan/Kryptik.hqn
TrendMicro 9.120.0.1004 2010.10.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.25 -
VBA32 3.12.14.1 2010.10.25 BScope.Trojan.MTA.01049
ViRobot 2010.10.25.4110 2010.10.25 -
VirusBuster 12.70.4.0 2010.10.25 -

Additional information

MD5 : 3376afd9723e67e714e08a7f9abd56e4
SHA1 : c7c7064028faf36d1c5930da3ae647c20ac0e15d
SHA256: 6aad83e0cdaf33b7665299ab9d89cded58e34995bc86dac926dce39d3df244de

DJASK87 · 25.10.2010, 18:35

ssdeep: 6144:ZBK2I+i+Nzv5fxUqLO5+kgtH/jekcpiRNmi6:K2IM8qLUgs3pONo
File size : 266240 bytes
First seen: 2010-10-25 17:14:10
Last seen : 2010-10-25 17:14:10
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Trend Micro Inc.
copyright....: CopyGolds
product......: Golds
description..: Golds
original name: Golds.exe
internal name: Golds
file version.: 3.3.0.348
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1000
timedatestamp....: 0x4A3828D9 (Tue Jun 16 23:20:57 2009)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x16AFE, 0x17000, 4.98, 0b8958deb0cdafe0d326c7bf80521dd8
.rdata, 0x18000, 0x310C, 0x4000, 4.03, 91170cdc34e444e77f1a109fc745bfd1
.data, 0x1C000, 0x6C7, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.bss, 0x1D000, 0x16CF, 0x2000, 3.44, c406c45a20cd3c46df48975da192df89
.gdata, 0x1F000, 0x1F38F, 0x20000, 7.30, d9fd7e88823213969b4e8645e4bfe354
.rsrc, 0x3F000, 0x1EA4, 0x2000, 3.42, f017022343b7b9be4486be047c12052a

[[ 18 import(s) ]]
SHLWAPI.dll: SHGetValueA, PathIsDirectoryA, PathIsContentTypeA, SHQueryValueExA, PathFileExistsA, SHDeleteKeyA, SHStrDupA
MSVCRT.dll: memcpy, wcsncmp, exit, sqrt, exp
MSVCRT.dll: srand, asin, strlen
OLEAUT32.dll: SysStringLen, VariantCopyInd, SysAllocStringLen, SafeArrayUnaccessData, VariantChangeType
VERSION.dll: GetFileVersionInfoA, VerFindFileA
COMCTL32.dll: ImageList_Write, ImageList_DrawEx
SHELL32.dll: SHGetFolderPathA, SHGetSpecialFolderLocation, SHFileOperationA, Shell_NotifyIconA
OLE32.dll: CreateBindCtx, StgCreateDocfileOnILockBytes, OleRegGetUserType, CoRegisterClassObject, StgOpenStorage, CoRevokeClassObject
comdlg32.dll: GetFileTitleA
gdi32.dll: GetClipBox
version.dll: VerQueryValueA, GetFileVersionInfoSizeA
user32.dll: RegisterWindowMessageA, IsIconic, RedrawWindow, MessageBoxA, GetParent, WaitMessage, SetScrollPos, GetScrollInfo, GetMenuItemID, GetWindow, SetClipboardData, PeekMessageW, KillTimer, GetActiveWindow, DestroyMenu, GetSysColor, GetClientRect, InsertMenuA, DispatchMessageW, GetKeyboardLayout, GetPropA, CharToOemA, GetMenuState, ScrollWindow, CharLowerBuffA, SetCapture, IsWindowEnabled
gdi32.dll: CreateBitmap, SaveDC, SetPixel, CopyEnhMetaFileA, CreateCompatibleBitmap, CreateCompatibleDC, SelectPalette, CreateDIBSection, GetClipBox, GetBitmapBits
kernel32.dll: GetFileAttributesA, CloseHandle, lstrlenA, DeleteCriticalSection, LocalReAlloc, lstrcatA, CompareStringA, WaitForSingleObject, GetFullPathNameA, VirtualAllocEx, HeapAlloc, GetFileType, SetEvent, DeleteFileA, GetLocaleInfoA, GetModuleFileNameA, GetCurrentProcessId, ExitThread, GetProcAddress, LoadLibraryExA, GetCommandLineW, CreateFileA, GetUserDefaultLCID, WideCharToMultiByte, GetSystemDefaultLangID, SetHandleCount, ExitProcess, VirtualQuery, LoadResource, HeapDestroy, GetStringTypeW, GetLocalTime, VirtualAlloc, GetOEMCP, GlobalAlloc, LockResource, GetCommandLineA, ResetEvent, GetACP, GlobalFindAtomA, GetProcessHeap, EnterCriticalSection, LocalAlloc, EnumCalendarInfoA, CreateEventA, SetFilePointer, GetCurrentProcess, lstrlenW, IsBadReadPtr, GetStdHandle, IsBadHugeReadPtr, GetModuleHandleA
VERSION.dll: VerQueryValueA
ADVAPI32.dll: GetLengthSid, RegQueryInfoKeyA, RegDeleteKeyA, RegCreateKeyA
SHLWAPI.dll: SHStrDupA, PathFileExistsA, SHQueryInfoKeyA, SHDeleteValueA, SHQueryValueExA, PathIsContentTypeA, SHGetValueA, PathIsDirectoryA, SHSetValueA, PathGetCharTypeA
gdi32.dll: GetObjectA, SaveDC, RestoreDC, CreateBitmap, CreateBrushIndirect, CreatePalette, SelectObject, SetTextColor
Prevx Info:
Prevx
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 94208
CompanyName: Trend Micro Inc.
EntryPoint: 0x1000
FileDescription: Golds
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 260 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 3.3.0.348
FileVersionNumber: 3.3.0.348
ImageVersion: 0.0
InitializedDataSize: 167936
InternalName: Golds
LanguageCode: English (U.S.)
LegalCopyright: CopyGolds
LinkerVersion: 3.6
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: Golds.exe
PEType: PE32
ProductName: Golds
ProductVersion: 3.3.0.348
ProductVersionNumber: 3.3.0.348
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2009:06:17 01:20:57+02:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight

kira · 26.10.2010, 08:54

1.

Code:

ATTFilter

Azureus

Zitat:

Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!

Selbst wenn du ein „sicheres“ P2P Programm verwendest, ist es nur das Programm, das sicher ist.Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...

Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von diverse Filesharing-Programme & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen und solchen Clients erlaubt, würde ich nicht empfehlen!

2.
Der Messenger Plus! Live enthält einige Komponenten (Sponsorprogramm), die deinen Rechner ausspionieren, deshalb wird von diesem Programm abgeraten.
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil da oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
also deinstalliere Messenger Plus! Live unter `Start→ Systemsteuereung→ Ändern/Entfernen...` - ► achte aber darauf, ob da etwas beim Deinstallieren mit da steht, wie "Partner/Sponsorenprogramme entfernen"!
- es ist besser ein Spy- und Adware freies Messenger Tool einzusetzen - wie z.B Trillian,kann man in der Basisversion von Trillian die Instant Messenger ICQ, AIM, Yahoo! Messenger, Windows Live Messenger (MSN) und IRC vereinen) oder Miranda
wenn Du ihn doch nochmal installieren möchtest, Sponsorprogramm bitte abwählen!

3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

4.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
hjtscanlist v2.0 - Dateiliste

DJASK87 · 26.10.2010, 19:43

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4953

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

26.10.2010 20:32:22
mbam-log-2010-10-26 (20-32-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 266025
Laufzeit: 1 Stunde(n), 16 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 26

Infizierte Speicherprozesse:
C:\Users\Kerim\AppData\Local\Temp\Xtx.exe (Rootkit.TDSS) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\X3EKEPXJP2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\koo9rv9k4z (Rootkit.TDSS) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Kerim\AppData\Local\Temp\Xtx.exe (Rootkit.TDSS) -> Delete on reboot.
C:\Users\Kerim\AppData\Local\Temp\Xui.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xt0.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xt1.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xt2.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xt3.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xt4.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xt5.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xt6.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xt7.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xt8.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xt9.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xtv.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xtw.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xty.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xtz.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xua.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xub.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xuc.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xud.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xue.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xuf.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xug.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Kerim\AppData\Local\Temp\Xuh.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Xwovib.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

-----------------------------------------------------------------

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:39:31, on 26.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Kerim\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LManager] D:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: &Block This Image (ABP) - D:\Program Files\Adblock Pro\blockimg.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:ICQ6.5\ICQ.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8775 bytes

--- --- ---

kira · 26.10.2010, 19:56

hjtscanlist v2.0 - Dateiliste - nicht vergessen!

DJASK87 · 26.10.2010, 21:04

upps :-D

Code:

ATTFilter

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  26.10.2010 20:32     C:\Windows --------- 32768   
  26.10.2010 19:12     C:\ProgramData --------- 12288   
  26.10.2010 18:50     C:\System Volume Information --------- 28672   
  25.10.2010 19:01     C:\rsit --------- 0   
  25.10.2010 19:01     C:\Program Files --------- 20480   
  09.06.2010 18:01     C:\Advanced Wheel Mouse --------- 4096   
  17.01.2010 18:01     C:\Boot --------- 4096   
  11.04.2009 08:36     C:\bootmgr --------- 333257   
  05.12.2008 23:57     C:\IO.SYS --------- 0   
  05.12.2008 23:57     C:\MSDOS.SYS --------- 0   
  05.12.2008 21:57     C:\ACER --------- 4096   
  01.12.2008 21:37     C:\$RECYCLE.BIN --------- 0   
  01.12.2008 21:35     C:\ACERSW --------- 0   
  01.12.2008 21:34     C:\Users --------- 4096   
  01.12.2008 21:31     C:\Programme --------- 0   
  01.12.2008 21:31     C:\Dokumente und Einstellungen --------- 0   
  11.10.2008 02:04     C:\CLSetup --------- 0   
  11.10.2008 02:04     C:\Medion.ini --------- 20   
  11.10.2008 01:58     C:\Partition.txt --------- 60   
  30.07.2008 12:23     C:\BOOTSECT.BAK --------- 8192   
  30.07.2008 04:41     C:\book --------- 0   
  30.07.2008 03:26     C:\RHDSetup.log --------- 426   
  30.07.2008 03:15     C:\Intel --------- 0   
  11.06.2008 07:55     C:\TEMP --------- 0   
  21.01.2008 04:32     C:\PerfLogs --------- 0   
  02.11.2006 15:02     C:\Documents and Settings --------- 0   
  18.09.2006 23:43     C:\config.sys --------- 10   
  18.09.2006 23:43     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  26.10.2010 20:39     C:\Windows\WindowsUpdate.log --------- 1244658   
  26.10.2010 20:35     C:\Windows\bootstat.dat --------- 67584   
  26.10.2010 20:35     C:\Windows\PFRO.log --------- 35644   
  24.10.2010 12:50     C:\Windows\win.ini --------- 240   
  24.10.2010 00:56     C:\Windows\WinInit.Ini --------- 802   
  20.10.2010 20:48     C:\Windows\ODBC.INI --------- 400   
  20.10.2010 20:40     C:\Windows\NeroDigital.ini --------- 69   
  20.06.2010 13:11     C:\Windows\LManager.UNI --------- 83   
  15.02.2010 13:01     C:\Windows\RtlUI2.exe --------- 380928   
  15.02.2010 13:01     C:\Windows\Rtlihvs.dll --------- 614400   
  15.02.2010 13:01     C:\Windows\RTLExtUI.dll --------- 188416   
  28.12.2009 16:36     C:\Windows\popcinfo.dat --------- 10   
  23.11.2009 19:06     C:\Windows\d3dx.dat --------- 4096   
  29.04.2009 15:46     C:\Windows\RtlIhvOid.dll --------- 208896   
  11.04.2009 08:27     C:\Windows\explorer.exe --------- 2926592   
  30.12.2008 22:35     C:\Windows\0 --------- 32   
  06.12.2008 17:52     C:\Windows\nsreg.dat --------- 0   
  05.12.2008 23:57     C:\Windows\uninst.exe --------- 283648   
  24.10.2008 17:39     C:\Windows\UNINST32.EXE --------- 309768   
  11.10.2008 01:53     C:\Windows\GridV.UNI --------- 92   
  11.10.2008 01:52     C:\Windows\QtZgAcer.UNI --------- 83   
  02.09.2008 04:13     C:\Windows\MOD01SET000000005J.enc --------- 1976   
  02.09.2008 04:13     C:\Windows\CSUP.TXT --------- 10   
  14.08.2008 09:33     C:\Windows\MOD01SET0S00860004.enc --------- 2176   
  30.07.2008 03:25     C:\Windows\DIFxAPI.dll --------- 319456   
  30.07.2008 03:25     C:\Windows\HideWin.exe --------- 315392   
  30.07.2008 02:42     C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 16449536   
  30.07.2008 02:42     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 196608   
  30.07.2008 02:42     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 65536   
  22.07.2008 10:02     C:\Windows\MOD01SET07EN000004.enc --------- 2392   
  18.07.2008 04:59     C:\Windows\ReleaseNotes.txt --------- 2006   
  17.07.2008 06:27     C:\Windows\AcerStore.exe --------- 380928   
  11.06.2008 07:55     C:\Windows\MOD01OPK0400860001.enc --------- 2400   
  20.05.2008 09:57     C:\Windows\Acer Crystal Eye webcam.EXE --------- 262144   
  09.05.2008 07:45     C:\Windows\MOD01SET07EN000002.enc --------- 2392   
  08.05.2008 23:58     C:\Windows\Interop.IWshRuntimeLibrary.dll --------- 49152   
  07.05.2008 10:19     C:\Windows\RtHDVCpl.exe --------- 6139904   
  25.04.2008 07:11     C:\Windows\MOD01SET0J00860003.enc --------- 1996   
  02.04.2008 03:27     C:\Windows\RtlUpd.exe --------- 1196032   
  13.03.2008 11:48     C:\Windows\RTKVADDA.EXE --------- 290816   
  05.03.2008 12:07     C:\Windows\RtlExUpd.dll --------- 520192   
  25.02.2008 11:13     C:\Windows\Suyin.reg --------- 4838   
  31.01.2008 15:18     C:\Windows\RtDefLvl.ini --------- 1694   
  21.01.2008 04:43     C:\Windows\WindowsShell.Manifest --------- 749   
  21.01.2008 04:24     C:\Windows\regedit.exe --------- 134656   
  21.01.2008 04:24     C:\Windows\bfsvc.exe --------- 58880   
  21.01.2008 04:24     C:\Windows\fveupdate.exe --------- 13312   
  21.01.2008 04:24     C:\Windows\HelpPane.exe --------- 498176   
  21.01.2008 04:23     C:\Windows\notepad.exe --------- 151040   
  10.01.2008 05:44     C:\Windows\GVUni.exe --------- 199176   
  20.11.2007 12:15     C:\Windows\SkyTel.exe --------- 1826816   
  14.11.2007 09:18     C:\Windows\USetup.iss --------- 553   
  29.10.2007 13:35     C:\Windows\PidList.ini --------- 36   
  23.10.2007 10:56     C:\Windows\PLFSetI.exe --------- 200704   
  20.04.2007 06:30     C:\Windows\Acer Crystal Eye webcam.ico --------- 222382   
  29.03.2007 16:48     C:\Windows\Image.dll --------- 626688   
  02.11.2006 14:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 14:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 14:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 14:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 14:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 13:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 23:46     C:\Windows\system.ini --------- 219   
  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   
----------------------------------------

 
C:\Windows\System

 27.09.2007 15:32      C:\Windows\System\ms.ico --------- 34530 
 27.09.2007 15:17      C:\Windows\System\sm.ico --------- 37041 
 27.09.2007 15:12      C:\Windows\System\sd.ico --------- 38660 
 27.09.2007 15:04      C:\Windows\System\cf.ico --------- 37300 
 02.08.2007 22:32      C:\Windows\System\DriveIcon.dll --------- 5631520 
 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 
 30.06.2004 16:24      C:\Windows\System\MyMulti.ico --------- 5430 
----------------------------------------

 
C:\Windows\System32

 26.10.2010 20:35     C:\Windows\system32\LogConfigTemp.xml --------- 0  
 26.10.2010 20:35     C:\Windows\system32\agent.log --------- 147  
 26.10.2010 20:35     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3216  
 26.10.2010 20:35     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3216  
 26.10.2010 20:35     C:\Windows\system32\drivers --------- 81920  
 26.10.2010 20:18     C:\Windows\system32\Tasks --------- 4096  
 24.10.2010 02:43     C:\Windows\system32\javaws.exe --------- 153376  
 24.10.2010 02:43     C:\Windows\system32\javaw.exe --------- 145184  
 24.10.2010 02:43     C:\Windows\system32\java.exe --------- 145184  
 24.10.2010 02:43     C:\Windows\system32\deployJava1.dll --------- 472808  
 24.10.2010 01:36     C:\Windows\system32\WDI --------- 4096  
 24.10.2010 01:15     C:\Windows\system32\perfh009.dat --------- 591320  
 24.10.2010 01:15     C:\Windows\system32\perfc009.dat --------- 103194  
 24.10.2010 01:15     C:\Windows\system32\perfh007.dat --------- 623280  
 24.10.2010 01:15     C:\Windows\system32\perfc007.dat --------- 125378  
 24.10.2010 01:15     C:\Windows\system32\PerfStringBackup.INI --------- 1432888  
 24.10.2010 01:10     C:\Windows\system32\GDIPFONTCACHEV1.DAT --------- 85696  
 24.10.2010 01:09     C:\Windows\system32\FNTCACHE.DAT --------- 345512  
 23.10.2010 23:47     C:\Windows\system32\msxml3a.dll --------- 29480  
 23.10.2010 23:47     C:\Windows\system32\msvcr71.dll --------- 353576  
 23.10.2010 23:47     C:\Windows\system32\msvcp71.dll --------- 505128  
 22.10.2010 10:28     C:\Windows\system32\catroot2 --------- 4096  
 20.10.2010 20:50     C:\Windows\system32\DRVSTORE --------- 0  
 19.10.2010 11:41     C:\Windows\system32\MpSigStub.exe --------- 222080  
 14.10.2010 20:12     C:\Windows\system32\de-DE --------- 655360  
 14.10.2010 20:12     C:\Windows\system32\migration --------- 8192  
 14.10.2010 15:41     C:\Windows\system32\mrt.exe --------- 35385288  
 13.10.2010 18:09     C:\Windows\system32\catroot --------- 4096  
 13.09.2010 17:46     C:\Windows\system32\wmp.dll --------- 10628096  
 13.09.2010 15:56     C:\Windows\system32\wmploc.DLL --------- 8147456  
 08.09.2010 08:01     C:\Windows\system32\wininet.dll --------- 916480  
 08.09.2010 08:01     C:\Windows\system32\urlmon.dll --------- 1210880  
 08.09.2010 07:59     C:\Windows\system32\occache.dll --------- 206848  
 08.09.2010 07:58     C:\Windows\system32\mstime.dll --------- 611840  
 08.09.2010 07:57     C:\Windows\system32\mshtmled.dll --------- 66560  
 08.09.2010 07:57     C:\Windows\system32\mshtml.dll --------- 5957120  
 08.09.2010 07:57     C:\Windows\system32\msfeeds.dll --------- 602112  
 08.09.2010 07:57     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 08.09.2010 07:57     C:\Windows\system32\licmgr10.dll --------- 43520  
 08.09.2010 07:57     C:\Windows\system32\jsproxy.dll --------- 25600  
 08.09.2010 07:57     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 08.09.2010 07:56     C:\Windows\system32\ieui.dll --------- 164352  
 08.09.2010 07:56     C:\Windows\system32\iesysprep.dll --------- 109056  
 08.09.2010 07:56     C:\Windows\system32\iertutil.dll --------- 1986560  
 08.09.2010 07:56     C:\Windows\system32\iesetup.dll --------- 71680  
 08.09.2010 07:56     C:\Windows\system32\iernonce.dll --------- 55808  
 08.09.2010 07:56     C:\Windows\system32\iepeers.dll --------- 184320  
 08.09.2010 07:56     C:\Windows\system32\ieframe.dll --------- 11080192  
 08.09.2010 07:56     C:\Windows\system32\iedkcs32.dll --------- 387584  
 08.09.2010 07:04     C:\Windows\system32\html.iec --------- 385024  
 08.09.2010 06:26     C:\Windows\system32\ieUnatt.exe --------- 133632  
 08.09.2010 06:26     C:\Windows\system32\ie4uinit.exe --------- 173056  
 08.09.2010 06:25     C:\Windows\system32\msfeedssync.exe --------- 13312  
 08.09.2010 06:25     C:\Windows\system32\mshtml.tlb --------- 1638912  
 06.09.2010 18:20     C:\Windows\system32\srvsvc.dll --------- 125952  
 06.09.2010 18:19     C:\Windows\system32\netevent.dll --------- 17920  
 31.08.2010 17:46     C:\Windows\system32\mfc40u.dll --------- 954288  
 31.08.2010 17:46     C:\Windows\system32\mfc40.dll --------- 954752  
 31.08.2010 17:44     C:\Windows\system32\comctl32.dll --------- 531968  
 31.08.2010 15:27     C:\Windows\system32\win32k.sys --------- 2038272  
 26.08.2010 18:37     C:\Windows\system32\t2embed.dll --------- 157184  
 20.08.2010 18:05     C:\Windows\system32\wmpmde.dll --------- 867328  
 17.08.2010 16:11     C:\Windows\system32\spoolsv.exe --------- 128000  
 10.08.2010 17:53     C:\Windows\system32\schannel.dll --------- 274944  
 26.07.2010 17:51     C:\Windows\system32\shell32.dll --------- 11584512  
 28.06.2010 19:00     C:\Windows\system32\ole32.dll --------- 1316864  
 26.06.2010 00:27     C:\Windows\system32\en-US --------- 8192  
 22.06.2010 15:30     C:\Windows\system32\tzres.dll --------- 2048  
 18.06.2010 19:31     C:\Windows\system32\rtutils.dll --------- 36864  
 11.06.2010 18:15     C:\Windows\system32\msxml3.dll --------- 1248768  
 11.06.2010 16:15     C:\Windows\system32\wbem --------- 81920  
 08.06.2010 19:35     C:\Windows\system32\ntoskrnl.exe --------- 3548040  
 08.06.2010 19:35     C:\Windows\system32\ntkrnlpa.exe --------- 3600768  
 27.05.2010 22:08     C:\Windows\system32\inetcomm.dll --------- 739328  
 27.05.2010 22:08     C:\Windows\system32\iccvid.dll --------- 81920  
 26.05.2010 19:06     C:\Windows\system32\atmlib.dll --------- 34304  
 26.05.2010 16:47     C:\Windows\system32\atmfd.dll --------- 289792  
 18.05.2010 16:35     C:\Windows\system32\dns-sd.exe --------- 107808  
 18.05.2010 16:35     C:\Windows\system32\dnssd.dll --------- 91424  
 04.05.2010 21:13     C:\Windows\system32\msshsq.dll --------- 231424  
 19.04.2010 20:47     C:\Windows\system32\usbaaplrc.dll --------- 3062048  
 16.04.2010 18:46     C:\Windows\system32\usp10.dll --------- 502272  
 16.04.2010 18:43     C:\Windows\system32\Apphlpdm.dll --------- 28672  
 16.04.2010 16:39     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  
 05.04.2010 19:02     C:\Windows\system32\MP4SDECD.DLL --------- 317952  
 05.04.2010 19:01     C:\Windows\system32\asycfilt.dll --------- 67072  
 18.03.2010 13:16     C:\Windows\system32\msvcr100_clr0400.dll --------- 771424  
 17.03.2010 21:53     C:\Windows\system32\QuickTime.qts --------- 69632  
 17.03.2010 21:53     C:\Windows\system32\QuickTimeVR.qtx --------- 94208  
 05.03.2010 16:01     C:\Windows\system32\vbscript.dll --------- 420352  
 21.02.2010 01:06     C:\Windows\system32\nshhttp.dll --------- 24064  
 21.02.2010 01:05     C:\Windows\system32\httpapi.dll --------- 30720  
 18.02.2010 15:30     C:\Windows\system32\iphlpsvc.dll --------- 200704  
 15.02.2010 13:01     C:\Windows\system32\RtlUI2.exe --------- 380928  
 15.02.2010 13:01     C:\Windows\system32\Rtlihvs.dll --------- 614400  
 15.02.2010 13:01     C:\Windows\system32\RTLExtUI.dll --------- 188416  
 12.02.2010 12:32     C:\Windows\system32\browserchoice.exe --------- 293376  
 10.02.2010 19:13     C:\Windows\system32\unrar.dll --------- 165376  
 25.01.2010 14:00     C:\Windows\system32\secproc_ssp_isv.dll --------- 152576  
 25.01.2010 14:00     C:\Windows\system32\secproc_ssp.dll --------- 152064  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 26.10.2010 21:23     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096  
 26.10.2010 20:35     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092  
 26.10.2010 20:35     C:\Windows\Tasks\SA.DAT --------- 6  
 26.10.2010 20:34     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32510  
 26.10.2010 18:22     C:\Windows\Tasks\User_Feed_Synchronization-{5A0D5830-462D-4450-901E-10C1E3C1B043}.job --------- 426  
----------------------------------------

 
C:\Windows\Temp

 26.10.2010 18:26     C:\Windows\Temp\MpSigStub.log --------- 6752  
 26.10.2010 18:21     C:\Windows\Temp\GoogleToolbarInstaller1.log --------- 360  
 25.10.2010 23:11     C:\Windows\Temp\fwtsqmfile02.sqm --------- 632  
 24.10.2010 17:06     C:\Windows\Temp\fwtsqmfile01.sqm --------- 632  
 24.10.2010 02:45     C:\Windows\Temp\History --------- 0  
 24.10.2010 02:45     C:\Windows\Temp\Cookies --------- 0  
 24.10.2010 02:45     C:\Windows\Temp\Temporary Internet Files --------- 0  
 24.10.2010 01:10     C:\Windows\Temp\sqlite_070nLscDkgxjJWi --------- 0  
 24.10.2010 01:10     C:\Windows\Temp\sqlite_PM4QmVm1ZKRcrHe --------- 0  
 24.10.2010 01:07     C:\Windows\Temp\sqlite_MsthssROtao7E8z --------- 0  
 24.10.2010 01:06     C:\Windows\Temp\fwtsqmfile00.sqm --------- 632  
 23.10.2010 19:59     C:\Windows\Temp\sqlite_jTVaEfgVxPrV7bZ --------- 0  
 23.10.2010 19:59     C:\Windows\Temp\sqlite_64E437p97W39gO2 --------- 0  
 23.10.2010 19:58     C:\Windows\Temp\mcmsc_sjRSqLaubsuLAD1 --------- 0  
 23.10.2010 14:36     C:\Windows\Temp\sqlite_oFmrmafAsL3u9kL --------- 0  
 23.10.2010 14:36     C:\Windows\Temp\sqlite_NJSteGJ9jaucOyP --------- 0  
 23.10.2010 10:44     C:\Windows\Temp\sqlite_ZXULdca65eSgkgJ --------- 0  
 23.10.2010 10:44     C:\Windows\Temp\sqlite_iGPhYyQHJLifuKG --------- 0  
----------------------------------------

 
C:\Users\Kerim\AppData\Local\Temp

 26.10.2010 21:19     C:\Users\Kerim\AppData\Local\Temp\fla2600.tmp --------- 126470162  
 26.10.2010 21:18     C:\Users\Kerim\AppData\Local\Temp\plugtmp-2 --------- 0  
 26.10.2010 20:41     C:\Users\Kerim\AppData\Local\Temp\jusched.log --------- 6712  
 26.10.2010 20:38     C:\Users\Kerim\AppData\Local\Temp\Kerim.bmp --------- 31832  
 26.10.2010 20:36     C:\Users\Kerim\AppData\Local\Temp\WPDNSE --------- 0  
 26.10.2010 20:33     C:\Users\Kerim\AppData\Local\Temp\plugtmp-1 --------- 0  
 26.10.2010 20:03     C:\Users\Kerim\AppData\Local\Temp\Low --------- 4096  
 26.10.2010 19:12     C:\Users\Kerim\AppData\Local\Temp\hsperfdata_Kerim --------- 0  
 25.10.2010 23:09     C:\Users\Kerim\AppData\Local\Temp\CFGA1DF.tmp --------- 123  
 25.10.2010 21:26     C:\Users\Kerim\AppData\Local\Temp\MessengerCache --------- 0  
 24.10.2010 18:04     C:\Users\Kerim\AppData\Local\Temp\veetlea --------- 0  
 24.10.2010 18:04     C:\Users\Kerim\AppData\Local\Temp\veetleb --------- 0  
 24.10.2010 17:05     C:\Users\Kerim\AppData\Local\Temp\plugtmp --------- 0  
 24.10.2010 13:55     C:\Users\Kerim\AppData\Local\Temp\CLUpdater8.ini --------- 296  
 24.10.2010 12:50     C:\Users\Kerim\AppData\Local\Temp\CFG34E6.tmp --------- 123  
 24.10.2010 12:50     C:\Users\Kerim\AppData\Local\Temp\CFGA4A8.tmp --------- 123  
 24.10.2010 03:32     C:\Users\Kerim\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 440  
 24.10.2010 03:32     C:\Users\Kerim\AppData\Local\Temp\AUCHECK_CORE.txt --------- 302  
 24.10.2010 02:44     C:\Users\Kerim\AppData\Local\Temp\JAUReg.log --------- 504  
 24.10.2010 02:44     C:\Users\Kerim\AppData\Local\Temp\java_install_reg.log --------- 3582  
 24.10.2010 02:44     C:\Users\Kerim\AppData\Local\Temp\java_install.log --------- 28989  
 24.10.2010 01:56     C:\Users\Kerim\AppData\Local\Temp\RarSFX0 --------- 40960  
 24.10.2010 01:55     C:\Users\Kerim\AppData\Local\Temp\dd_vcredistUI6673.txt --------- 12554  
 24.10.2010 01:55     C:\Users\Kerim\AppData\Local\Temp\dd_vcredistMSI6673.txt --------- 432520  
 24.10.2010 01:27     C:\Users\Kerim\AppData\Local\Temp\Cookies --------- 0  
 24.10.2010 01:09     C:\Users\Kerim\AppData\Local\Temp\History --------- 0  
 24.10.2010 01:09     C:\Users\Kerim\AppData\Local\Temp\Temporary Internet Files --------- 0  
 24.10.2010 00:15     C:\Users\Kerim\AppData\Local\Temp\eDatasecurity --------- 0  
 24.10.2010 00:12     C:\Users\Kerim\AppData\Local\Temp\CLUpdater7.ini --------- 296  
 24.10.2010 00:07     C:\Users\Kerim\AppData\Local\Temp\CLUpdater6.ini --------- 296  
 24.10.2010 00:03     C:\Users\Kerim\AppData\Local\Temp\Google Toolbar --------- 4096  
 23.10.2010 23:56     C:\Users\Kerim\AppData\Local\Temp\CLUpdater5.ini --------- 296  
 23.10.2010 23:53     C:\Users\Kerim\AppData\Local\Temp\CLUpdater4.ini --------- 296  
 23.10.2010 23:22     C:\Users\Kerim\AppData\Local\Temp\CLUpdater3.ini --------- 296  
 23.10.2010 23:11     C:\Users\Kerim\AppData\Local\Temp\CLUpdater2.ini --------- 296  
 23.10.2010 23:11     C:\Users\Kerim\AppData\Local\Temp\wmplog07.sqm --------- 1672  
 23.10.2010 22:30     C:\Users\Kerim\AppData\Local\Temp\CLUpdater1.ini --------- 296  
 23.10.2010 22:29     C:\Users\Kerim\AppData\Local\Temp\Xt0..bat --------- 246  
 23.10.2010 22:27     C:\Users\Kerim\AppData\Local\Temp\CLUpdater0.ini --------- 296  
 23.10.2010 22:26     C:\Users\Kerim\AppData\Local\Temp\Xtz..bat --------- 246  
 23.10.2010 22:20     C:\Users\Kerim\AppData\Local\Temp\Xtv..bat --------- 246  
 23.10.2010 22:18     C:\Users\Kerim\AppData\Local\Temp\CLUpdater.ini --------- 296  
 23.10.2010 22:17     C:\Users\Kerim\AppData\Local\Temp\Xty..bat --------- 246  
 23.10.2010 22:17     C:\Users\Kerim\AppData\Local\Temp\Xtx..bat --------- 244  
 23.10.2010 22:17     C:\Users\Kerim\AppData\Local\Temp\Xtw..bat --------- 244  
 23.10.2010 21:34     C:\Users\Kerim\AppData\Local\Temp\wmplog06.sqm --------- 1672  
 23.10.2010 21:24     C:\Users\Kerim\AppData\Local\Temp\{DF7E20AB-2765-416E-8344-A38E08101D22} --------- 0  
 30.06.2009 11:35     C:\Users\Kerim\AppData\Local\Temp\MsgPlusUninstall.exe --------- 905552  
 11.10.2008 02:28     C:\Users\Kerim\AppData\Local\Temp\4894c1.mst --------- 38912  
 20.12.2006 08:53     C:\Users\Kerim\AppData\Local\Temp\Set6F37.tmp --------- 171568  
----------------------------------------

 
C:\Program Files

 25.10.2010 19:01     C:\Program Files\trend micro --------- 0  
 24.10.2010 02:44     C:\Program Files\Common Files --------- 4096  
 24.10.2010 01:55     C:\Program Files\Avira --------- 0  
 23.10.2010 23:52     C:\Program Files\InstallShield Installation Information --------- 12288  
 23.10.2010 21:33     C:\Program Files\Cyberlink --------- 0  
 20.10.2010 20:46     C:\Program Files\Microsoft.NET --------- 0  
 20.10.2010 20:26     C:\Program Files\Acer GameZone --------- 0  
 20.10.2010 20:09     C:\Program Files\Microsoft Works --------- 28672  
 14.10.2010 20:12     C:\Program Files\Windows Media Player --------- 4096  
 14.10.2010 20:12     C:\Program Files\Internet Explorer --------- 4096  
 16.09.2010 23:49     C:\Program Files\Windows Mail --------- 4096  
 12.08.2010 20:44     C:\Program Files\Movie Maker --------- 8192  
 04.08.2010 20:09     C:\Program Files\iPod --------- 0  
 17.06.2010 22:00     C:\Program Files\Bonjour --------- 4096  
 06.06.2010 11:52     C:\Program Files\World of Warcraft --------- 0  
 06.03.2010 16:58     C:\Program Files\Google --------- 4096  
 15.02.2010 13:03     C:\Program Files\Cisco --------- 0  
 15.02.2010 13:02     C:\Program Files\Realtek --------- 0  
 18.01.2010 04:20     C:\Program Files\Windows Portable Devices --------- 0  
 17.01.2010 17:53     C:\Program Files\Windows Calendar --------- 0  
 17.01.2010 17:53     C:\Program Files\Windows Sidebar --------- 4096  
 17.01.2010 17:53     C:\Program Files\Windows Collaboration --------- 4096  
 17.01.2010 17:53     C:\Program Files\Windows Journal --------- 4096  
 17.01.2010 17:53     C:\Program Files\Windows Photo Gallery --------- 4096  
 17.01.2010 17:53     C:\Program Files\Windows Defender --------- 4096  
 11.11.2009 18:48     C:\Program Files\DIFX --------- 0  
 11.11.2009 18:48     C:\Program Files\PC Connectivity Solution --------- 12288  
 06.11.2009 16:58     C:\Program Files\Microsoft --------- 0  
 06.11.2009 16:58     C:\Program Files\Windows Live --------- 0  
 06.11.2009 16:58     C:\Program Files\Windows Live SkyDrive --------- 0  
 07.10.2009 19:33     C:\Program Files\AviSynth 2.5 --------- 0  
 06.12.2008 18:34     C:\Program Files\Zero G Registry --------- 0  
 06.12.2008 17:27     C:\Program Files\Apple Software Update --------- 4096  
 06.12.2008 17:04     C:\Program Files\QuickTime --------- 0  
 01.12.2008 22:59     C:\Program Files\Java --------- 0  
 01.12.2008 22:09     C:\Program Files\MSXML 4.0 --------- 0  
 01.12.2008 21:35     C:\Program Files\Acer --------- 4096  
 01.12.2008 21:31     C:\Program Files\Windows NT --------- 4096  
 01.12.2008 21:31     C:\Program Files\Gemeinsame Dateien --------- 0  
 11.10.2008 02:29     C:\Program Files\Acer Incorporated --------- 0  
 11.10.2008 02:14     C:\Program Files\Acer Arcade Deluxe --------- 4096  
 11.10.2008 01:53     C:\Program Files\Acer Inc --------- 0  
 11.10.2008 01:52     C:\Program Files\Launch Manager --------- 4096  
 30.07.2008 04:15     C:\Program Files\Convesoft --------- 0  
 30.07.2008 04:14     C:\Program Files\Adobe --------- 0  
 30.07.2008 04:13     C:\Program Files\NewTech Infosystems --------- 0  
 30.07.2008 04:10     C:\Program Files\Big Kahuna Reef --------- 0  
 30.07.2008 03:31     C:\Program Files\Winbond Electronics Corporation --------- 0  
 30.07.2008 03:31     C:\Program Files\Synaptics --------- 0  
 30.07.2008 03:27     C:\Program Files\CONEXANT --------- 0  
 30.07.2008 03:23     C:\Program Files\Intel --------- 0  
 21.01.2008 04:43     C:\Program Files\desktop.ini --------- 174  
 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 14:37     C:\Program Files\Microsoft Games --------- 4096  
 02.11.2006 14:37     C:\Program Files\MSBuild --------- 0  
 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

Public    
Kerim    
Default    
desktop.ini    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0        19.228 K
smss.exe                       492 Services                   0           744 K
csrss.exe                      560 Services                   0         6.784 K
wininit.exe                    612 Services                   0         4.232 K
csrss.exe                      620 Console                    1         9.236 K
services.exe                   656 Services                   0         6.868 K
lsass.exe                      668 Services                   0         1.880 K
lsm.exe                        676 Services                   0         4.316 K
svchost.exe                    816 Services                   0         6.024 K
nvvsvc.exe                     880 Services                   0         3.396 K
svchost.exe                    908 Services                   0         6.452 K
svchost.exe                    944 Services                   0        44.524 K
svchost.exe                    992 Services                   0        12.076 K
svchost.exe                   1028 Services                   0       103.424 K
svchost.exe                   1072 Services                   0        52.252 K
audiodg.exe                   1128 Services                   0        13.720 K
svchost.exe                   1148 Services                   0         4.748 K
SLsvc.exe                     1164 Services                   0        11.464 K
svchost.exe                   1208 Services                   0        13.116 K
winlogon.exe                  1320 Console                    1         5.748 K
svchost.exe                   1392 Services                   0        15.668 K
spoolsv.exe                   1572 Services                   0         9.616 K
sched.exe                     1596 Services                   0           900 K
svchost.exe                   1608 Services                   0        19.960 K
avguard.exe                   1796 Services                   0        24.764 K
AppleMobileDeviceService.     1828 Services                   0         3.988 K
mDNSResponder.exe             1900 Services                   0         5.196 K
Agentsvc.exe                  1936 Services                   0         5.236 K
avshadow.exe                  1944 Services                   0         6.208 K
rundll32.exe                  2016 Console                    1         6.444 K
CLHNService.exe               2028 Services                   0         3.692 K
eDSService.exe                 344 Services                   0         4.532 K
ETService.exe                  416 Services                   0        16.036 K
IAANTmon.exe                  1156 Services                   0         6.080 K
upeksvr.exe                   1352 Console                    1         8.480 K
BASVC.exe                     1384 Services                   0         8.440 K
LSSrvc.exe                    2144 Services                   0         3.748 K
MobilityService.exe           2180 Services                   0        10.480 K
BackupSvc.exe                 2260 Services                   0         7.852 K
SchedulerSvc.exe              2300 Services                   0         6.100 K
svchost.exe                   2328 Services                   0         5.412 K
RtlService.exe                2372 Services                   0         4.752 K
CompPtcVUI.exe                2400 Console                    1        13.064 K
RS_Service.exe                2412 Services                   0         3.272 K
StarWindServiceAE.exe         2492 Services                   0         5.236 K
svchost.exe                   2552 Services                   0         6.388 K
svchost.exe                   2580 Services                   0         2.164 K
SearchIndexer.exe             2600 Services                   0        16.084 K
RtWLan.exe                    2616 Console                    1        12.588 K
XAudio.exe                    2660 Services                   0         2.768 K
taskeng.exe                   3068 Services                   0         5.824 K
taskeng.exe                   3360 Console                    1        11.448 K
dwm.exe                       3384 Console                    1        79.660 K
explorer.exe                  3440 Console                    1        52.436 K
WmiPrvSE.exe                  3800 Services                   0         5.604 K
MSASCui.exe                   4044 Console                    1         9.144 K
LManager.exe                   824 Console                    1        11.772 K
avgnt.exe                     3108 Console                    1         2.252 K
jusched.exe                    780 Console                    1         4.192 K
wmpnscfg.exe                  3064 Console                    1         5.100 K
GoogleToolbarNotifier.exe     3488 Console                    1         1.872 K
wmpnetwk.exe                  1988 Services                   0        18.620 K
unsecapp.exe                  2160 Console                    1         4.812 K
firefox.exe                    968 Console                    1       112.492 K
plugin-container.exe          3196 Console                    1        64.320 K
cmd.exe                       1520 Console                    1         3.048 K
conime.exe                    2288 Console                    1         3.776 K
SearchProtocolHost.exe        3408 Services                   0         8.036 K
SearchFilterHost.exe          2088 Services                   0         5.288 K
dllhost.exe                   2276 Console                    1         4.472 K
tasklist.exe                    12 Console                    1         4.736 K
WmiPrvSE.exe                  4076 Services                   0         5.716 K

 
***** Ende des Scans 26.10.2010 um 22:03:16,18 ***

kira · 27.10.2010, 05:10

Systemreinigung und Prüfung:

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

2.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Lade und installiere das Tool RootRepeal herunter

setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
"Stealth Objects" -> "Scan"-> Save Report"...
"Hidden Services" -> "Scan"-> Save Report"...
speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

3.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ Einträge auswählen→ Häckhen setzen→ "Fix checked"klicken→ PC neu aufstarten):

Zitat:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

4.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...(Update 22 schon fällig!)

5.
den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick
über Systemsteuerung -> Java...

6.
um die neueste Version von Adobe zu erhalten klick hier: Adobe Reader - oder über das Programm selbst kannst auch die Updatefunktion aufrufen

7.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
c:\windows\temp
- anschließend den Papierkorb leeren

8.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

9.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

10.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
→ Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Außerdem kann man die Autostarteigenschaft auch ausschalten:
→ Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org
→ Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de
→ Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst.
Achtung!:
>>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<<
→ Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier
→ um mit dem Vorgang fortzufahren klicke auf "Accept"
→ dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld!
Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld...
→ Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen
Vor dem Scan Einstellungen im Internet Explorer:
→ "Extras→ Internetoptionen→ Sicherheit":
→ alles auf Standardstufe stellen
→ Active X erlauben - damit die neue Virendefinitionen installiert werden können

** Gibt es weitere Auffälligkeiten/Probleme mit dem Rechner?

DJASK87 · 27.10.2010, 18:57

Die Werbungen kommen nicht mehr ! Aber seid dem der Virus da war, kann ich manche programme nicht öffnen (nur als admin kann die öffnen), es wird gesagt, dass mir die berechtigung fehlt, zudem kann ich auch keine einstellungen ändern wie Z.B. die Bildschirmauflösung, da wird auch gesagt dass ich keine berechtigung habe, obwohl ich der einzige nutzer admin bin ....

DJASK87 · 27.10.2010, 19:34

Gmer unterbricht während des scanvorgangs

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/10/27 20:29
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: 000.fcl
Image Path: D:\Program Files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl
Address: 0xA1D99000 Size: 180224 File Visible: - Signed: -
Status: -

Name: 000.fcl
Image Path: C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
Address: 0xA1DC5000 Size: 135168 File Visible: - Signed: -
Status: -

Name: abmm9jlt.SYS
Image Path: C:\Windows\System32\Drivers\abmm9jlt.SYS
Address: 0x8A3C4000 Size: 221184 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x807AF000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82242000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x9195B000 Size: 294912 File Visible: - Signed: -
Status: -

Name: AlfaFF.sys
Image Path: C:\Windows\system32\Drivers\AlfaFF.sys
Address: 0x8A3BB000 Size: 35968 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x8A34A000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x8A352000 Size: 122880 File Visible: - Signed: -
Status: -

Name: aufuys0f.SYS
Image Path: C:\Windows\System32\Drivers\aufuys0f.SYS
Address: 0x8F60A000 Size: 233472 File Visible: - Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\Windows\system32\DRIVERS\avgntflt.sys
Address: 0x91D70000 Size: 86016 File Visible: - Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\Windows\system32\DRIVERS\avipbb.sys
Address: 0x91D0D000 Size: 139264 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x805ED000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8FD30000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8048E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA05A7000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x9B480000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xA1DE6000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8EFE4000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804D7000 Size: 917504 File Visible: - Signed: -
Status: -

Name: circlass.sys
Image Path: C:\Windows\system32\DRIVERS\circlass.sys
Address: 0x8F786000 Size: 57344 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8A7A3000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80496000 Size: 266240 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8DEEF000 Size: 14208 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x807FD000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x91D2F000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8A7C4000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x91CF6000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8A792000 Size: 69632 File Visible: - Signed: -
Status: -

Name: DKbFltr.sys
Image Path: C:\Windows\system32\DRIVERS\DKbFltr.sys
Address: 0x8EFC2000 Size: 40960 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8FA3A000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8DE00000 Size: 888832 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x91D3C000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8E737000 Size: 659456 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8A76B000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x8A3A2000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8A370000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8FD20000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x918F4000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8A7DA000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x8220F000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8DF3A000 Size: 577536 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8FCE5000 Size: 65536 File Visible: - Signed: -
Status: -

Name: hidir.sys
Image Path: C:\Windows\system32\DRIVERS\hidir.sys
Address: 0x8FCDA000 Size: 45056 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8FCF5000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8FD64000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8FC0A000 Size: 741376 File Visible: - Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8FA9C000 Size: 1056768 File Visible: - Signed: -
Status: -

Name: HSXHWAZL.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Address: 0x8FA5F000 Size: 249856 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0xA051D000 Size: 446464 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8EFAF000 Size: 77824 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: C:\Windows\system32\DRIVERS\iaStor.sys
Address: 0x8A271000 Size: 888832 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: C:\Windows\system32\DRIVERS\iaStor.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: int15.sys
Image Path: C:\Windows\system32\drivers\int15.sys
Address: 0xA1C4F000 Size: 69632 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8F643000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ipfltdrv.sys
Address: 0xA04B4000 Size: 73728 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8EFCC000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8FCFC000 Size: 36864 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80406000 Size: 28672 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8F75C000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\system32\Drivers\ksecdd.sys
Address: 0x8A405000 Size: 462848 File Visible: - Signed: -
Status: -

Name: L1E60x86.sys
Image Path: C:\Windows\system32\DRIVERS\L1E60x86.sys
Address: 0x8EF8A000 Size: 65536 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0xA04C6000 Size: 65536 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x91D55000 Size: 110592 File Visible: - Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x8040D000 Size: 458752 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xA1C60000 Size: 12672 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8FCBF000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x91D46000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8EFD9000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8FD05000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x8A259000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA05C0000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0xA05D5000 Size: 135168 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x91D85000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x91DA4000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x91DDD000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8FD7F000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x807F5000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8F652000 Size: 192512 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8A581000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8F794000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8A75C000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8A476000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8F6E4000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0xA0500000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8F6EF000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8F7E0000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8FDB7000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x919A3000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8A5AC000 Size: 241664 File Visible: - Signed: -
Status: -

Name: NETw5v32.sys
Image Path: C:\Windows\system32\DRIVERS\NETw5v32.sys
Address: 0x8EC03000 Size: 3698688 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8FD8A000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x91CEC000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8A60B000 Size: 1114112 File Visible: - Signed: -
Status: -

Name: NTIDrvr.sys
Image Path: C:\Windows\system32\DRIVERS\NTIDrvr.sys
Address: 0x8DFF7000 Size: 32768 File Visible: - Signed: -
Status: -

Name: NTIPPKernel.sys
Image Path: C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
Address: 0xA1C64000 Size: 122368 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x82242000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8FD29000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvhda32v.sys
Image Path: C:\Windows\system32\drivers\nvhda32v.sys
Address: 0x8FCCC000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8E004000 Size: 7545824 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0xA04D6000 Size: 172032 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8FDA1000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x805DE000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x805B7000 Size: 159744 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA1C82000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82242000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8FA0D000 Size: 184320 File Visible: - Signed: -
Status: -

Name: psdfilter.sys
Image Path: C:\Windows\system32\DRIVERS\psdfilter.sys
Address: 0x8A3B2000 Size: 36864 File Visible: - Signed: -
Status: -

Name: PSDNServ.sys
Image Path: C:\Windows\system32\DRIVERS\PSDNServ.sys
Address: 0xA1D60000 Size: 36864 File Visible: - Signed: -
Status: -

Name: PSDVdisk.sys
Image Path: C:\Windows\system32\DRIVERS\PSDVdisk.sys
Address: 0xA1D69000 Size: 73728 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8047D000 Size: 69632 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8FD98000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8F6CD000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8F712000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8F721000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8F735000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82242000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x91CB0000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8FD6F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8FD77000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x91C00000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xA050A000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8F805000 Size: 2129024 File Visible: - Signed: -
Status: -

Name: RTL8192su.sys
Image Path: C:\Windows\system32\DRIVERS\RTL8192su.sys
Address: 0x91C0F000 Size: 634880 File Visible: - Signed: -
Status: -

Name: RTSTOR.SYS
Image Path: C:\Windows\system32\drivers\RTSTOR.SYS
Address: 0x8FD0D000 Size: 77824 File Visible: - Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0x91CAA000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0x8FDD8000 Size: 139264 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x80789000 Size: 155648 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA1D7B000 Size: 40960 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x91947000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spjf.sys
Image Path: C:\Windows\System32\Drivers\spjf.sys
Address: 0x8068D000 Size: 995328 File Visible: No Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8A754000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0xA0404000 Size: 720896 File Visible: - Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA1C01000 Size: 319488 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x8FB9E000 Size: 163840 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA058A000 Size: 118784 File Visible: - Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ssmdrv.sys
Address: 0x919F6000 Size: 23040 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8F681000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8F75A000 Size: 4992 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\Windows\system32\DRIVERS\SynTP.sys
Address: 0x8DFC7000 Size: 192768 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x9180A000 Size: 958464 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA1D85000 Size: 49152 File Visible: - Signed: -
Status: -

Name: tcusb.sys
Image Path: C:\Windows\System32\Drivers\tcusb.sys
Address: 0x9190F000 Size: 43904 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8F6C2000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x9191A000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8F74A000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x9B460000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8DEE6000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8DEDB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: UBHelper.sys
Image Path: C:\Windows\System32\Drivers\UBHelper.sys
Address: 0x8A269000 Size: 32768 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8F79E000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x91930000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8EFD7000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8E7EF000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8F7AB000 Size: 217088 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8DEFC000 Size: 253952 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8E7E4000 Size: 45056 File Visible: - Signed: -
Status: -

Name: usbvideo.sys
Image Path: C:\Windows\System32\Drivers\usbvideo.sys
Address: 0x919D5000 Size: 134016 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8FD37000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8FD43000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x8A200000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x8A20F000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8A71B000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8FDC5000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8E7D8000 Size: 49152 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80604000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x80680000 Size: 53248 File Visible: - Signed: -
Status: -

Name: whfltr2k.sys
Image Path: C:\Windows\system32\DRIVERS\whfltr2k.sys
Address: 0x8FD6D000 Size: 6784 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x9B240000 Size: 2109440 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x9B240000 Size: 2109440 File Visible: - Signed: -
Status: -

Name: winbondcir.sys
Image Path: C:\Windows\system32\DRIVERS\winbondcir.sys
Address: 0x8EF9A000 Size: 86016 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x8DEF3000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x80780000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82242000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xA1D91000 Size: 32768 File Visible: - Signed: -
Status: -

---------------------------------------------------------------------
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/10/27 20:30
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_CREATE]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_CLOSE]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_POWER]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_PNP]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_CREATE]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_CLOSE]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_POWER]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_PNP]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_CREATE]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_CLOSE]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_CLEANUP]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_PNP]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_CREATE]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_CLOSE]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_POWER]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_PNP]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_CREATE]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_CLOSE]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_READ]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_WRITE]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_CLEANUP]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_PNP]
Process: System Address: 0x89e1a500 Size: 121

---------------------------------------------------------------
java , adobe kann ich nicht updaten, es kommt eine Fehler meldung keine berechtigung, ich weiß es auch nicht

kira · 27.10.2010, 22:11

arbeite bitte noch die weitere Punkte ab:-> http://www.trojaner-board.de/92181-m...tml#post582672

DJASK87 · 27.10.2010, 22:22

Hi, schritt 1 funktioniert nicht, 2)Hidden Services gibt es nicht, 3) fix funktioniert irgendwie nicht, datei ist immer noch da, obwohl ich es fixiert habe, nach dem ich 2 mal gescannt habe, 4-8) erledigt schritt 9) es waren 24 meldungen, den gespeicherten log datei kann ich nicht öffnen, habe jetzt nochmal begonnen zu suchen, 10) bin noch dabei zu suchen

kira · 27.10.2010, 22:46

=> http://www.trojaner-board.de/51871-a...tispyware.html

DJASK87 · 28.10.2010, 00:15

ne leider , ich wusste , dass man die log dateien bei präferenzem findet, aber das programm öffnet die nicht, keine reaktion

26.10.2010, 19:56	#7
kira /// Helfer-Team	Mein Internet Explorer öffnet von alleine und zeigt mir ständig werbungen hjtscanlist v2.0 - Dateiliste - nicht vergessen!

27.10.2010, 22:11	#12
kira /// Helfer-Team	Mein Internet Explorer öffnet von alleine und zeigt mir ständig werbungen arbeite bitte noch die weitere Punkte ab:-> http://www.trojaner-board.de/92181-m...tml#post582672

27.10.2010, 22:46	#14
kira /// Helfer-Team	Mein Internet Explorer öffnet von alleine und zeigt mir ständig werbungen => http://www.trojaner-board.de/51871-a...tispyware.html

Mein Internet Explorer öffnet von alleine und zeigt mir ständig werbungen

Plagegeister aller Art und deren Bekämpfung: Mein Internet Explorer öffnet von alleine und zeigt mir ständig werbungen