Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verdacht auf Portwexexe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.01.2011, 17:34   #1
Vasi23
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Hallo,

habe meinen Rechner vermutlich mit Portwexexe infiziert. Seit Freitag traten Meldungen von Windows auf bezüglich "Offlinebetrieb". Pc war nicht mit dem Internet verbunden, aber eine Anwendung wollte wohl ständig Daten aus dem Internet laden. Habe darauf nur noch kurz das Internet genutzt und versucht das Problem zu beseitigen. AntiVir konnte nichts finden..
Nachdem einen Tag später das Internet nochmal kurz genutzt wurde zeigte mir Spybot an:
23.01.2011 11:05:26 Verweigert (based on user decision) value "portwexexe.exe" (new data: "C:\portwexexe\portwexexe.exe") hinzugefügt in System Startup user entry!
Habe versucht dies zu verweigern...Hab dann später nach erneuter Nutzung des Pc nach dem Hochfahren nachgeschaut und portwexexe war in dem Verzeichnis. Habe den Ordner dann direkt gelöscht und dann hier load.exe heruntergeladen und alle Schritte ausgeführt. Hier meine Ergebnisse:

Code:
ATTFilter
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5581

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

23.01.2011 23:06:18
mbam-log-2011-01-23 (23-06-18).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148237
Laufzeit: 5 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 752 -> Unloaded process successfully.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 3320 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\pdfforge toolbar\IE\4.1\pdfforgetoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:15 on 24/01/2011 (Christoph)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-24 16:20:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000006d WDC_WD32 rev.1.11
Running: g2m3e4r.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\axrdqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\Windows\system32\DRIVERS\atikmdag.sys                                                              section is writeable [0x8D606000, 0x1FB57A, 0xE8000020]
.text                                                                                                                                 C:\Windows\system32\drivers\ACEDRV07.sys                                                              section is writeable [0x99E06000, 0x328BA, 0xE8000020]
.pklstb                                                                                                                               C:\Windows\system32\drivers\ACEDRV07.sys                                                              entry point in ".pklstb" section [0x99E4A000]
.relo2                                                                                                                                C:\Windows\system32\drivers\ACEDRV07.sys                                                              unknown last section [0x99E66000, 0x8E, 0x42000040]
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys                                                              section is writeable [0x9BF00400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9BFA4620]  C:\Windows\system32\drivers\hardlock.sys                                                              entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9BFA4620]
.protectÿÿÿÿhardlockunknown last code section [0x9BFA4400, 0x5126, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                                              unknown last code section [0x9BFA4400, 0x5126, 0xE0000020]
                                                                                                                                      C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                 entry point in "" section [0x9EB3D41C]
.clc                                                                                                                                  C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                 unknown last code section [0x9EB3E000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\Windows\Explorer.EXE[3720] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                            75FDB37C 4 Bytes  [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                      
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                   0
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                0xB4 0x81 0xFF 0x0D ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)  
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                       0
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                    0xB4 0x81 0xFF 0x0D ...

---- EOF - GMER 1.0.15 ----
         
Code:
ATTFilter
OTL logfile created on: 24.01.2011 16:32:45 - Run 1
OTL by OldTimer - Version 3.2.20.4     Folder = C:\Users\Christoph\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 53,81 Gb Free Space | 37,36% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 140,41 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: CLEXIS | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.23 22:49:15 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\CHRIST~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.01.23 21:39:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\MFTools\OTL.exe
PRC - [2010.12.21 18:04:51 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.04 20:42:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.04 20:42:37 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.10.05 18:56:48 | 009,742,952 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.30 11:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.05.27 11:13:42 | 000,850,440 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.05.12 21:11:04 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.05.12 21:10:54 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.05.12 16:28:04 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.05.09 13:07:08 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.04 22:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.04 22:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.10.23 09:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2005.09.30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.01.23 21:39:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\MFTools\OTL.exe
MOD - [2010.12.27 12:32:43 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll
MOD - [2010.12.27 12:32:36 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010.12.27 12:32:36 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009.04.11 07:28:25 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.04.11 07:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009.04.11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.04.11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008.05.20 21:44:35 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80DEU.dll
MOD - [2008.03.04 22:38:16 | 000,240,176 | ---- | M] (Egis Incorporated.) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
MOD - [2008.03.04 22:38:12 | 000,121,392 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.21 03:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.21 03:23:54 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2008.01.21 03:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2007.02.12 07:38:12 | 000,044,648 | ---- | M] (Autodesk, Inc.) -- C:\Windows\System32\AcSignIcon.dll
MOD - [2007.02.12 07:06:30 | 000,325,736 | ---- | M] (Autodesk, Inc.) -- C:\Programme\Common Files\Autodesk Shared\AcSignCore16.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.12.21 18:04:51 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.04 20:42:37 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.11.11 22:32:51 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.04 22:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2005.09.30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.12.21 18:04:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.25 19:46:05 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.05 18:57:10 | 003,211,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.28 18:12:08 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2008.09.02 15:12:02 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.05.30 12:17:54 | 000,093,968 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.05.27 11:13:48 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2008.05.27 11:13:42 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2008.05.09 11:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.04.29 17:33:00 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.04.28 02:26:00 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.04.15 06:56:18 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008.03.27 21:44:56 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.03.25 23:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008.03.25 23:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008.03.25 23:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008.03.21 09:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.03.19 17:28:52 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.03.04 22:38:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008.03.04 22:38:44 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008.03.04 22:38:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008.02.18 15:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.01.30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008.01.30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.10.26 07:41:02 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007.10.18 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.03.14 06:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sportal.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://portal.krefeld-pinguine.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.backup.ftp: "137.99.11.86"
FF - prefs.js..network.proxy.backup.ftp_port: 3127
FF - prefs.js..network.proxy.backup.gopher: "137.99.11.86"
FF - prefs.js..network.proxy.backup.gopher_port: 3127
FF - prefs.js..network.proxy.backup.socks: "137.99.11.86"
FF - prefs.js..network.proxy.backup.socks_port: 3127
FF - prefs.js..network.proxy.backup.ssl: "137.99.11.86"
FF - prefs.js..network.proxy.backup.ssl_port: 3127
FF - prefs.js..network.proxy.ftp: "137.99.11.86"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "137.99.11.86"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "137.99.11.86"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "137.99.11.86"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "137.99.11.86"
FF - prefs.js..network.proxy.ssl_port: 3127
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.05 21:51:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.11 20:52:55 | 000,000,000 | ---D | M]
 
[2008.08.30 14:31:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2011.01.23 21:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions
[2010.11.16 22:11:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.15 12:44:33 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010.11.07 20:55:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.15 12:44:35 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.04.15 12:44:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.15 12:44:35 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.04.15 12:44:43 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\firebug@software.joehewitt.com
[2011.01.22 13:22:12 | 000,001,056 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\d78v3gwl.default\searchplugins\icqplugin.xml
[2011.01.22 13:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.11.01 12:09:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008.12.03 19:16:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.10 18:57:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.12.27 21:14:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.10.22 22:00:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.22 22:00:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.22 22:00:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.22 22:00:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.22 22:00:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Common Files\microsoft shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.23 22:57:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.23 22:55:45 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.01.23 22:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.01.23 21:43:39 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes
[2011.01.23 21:42:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.23 21:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.23 21:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.23 21:42:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.23 21:42:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.23 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\MFTools
[2011.01.23 12:18:23 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.01.21 17:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.01.21 17:33:36 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.01.21 17:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.01.21 16:38:29 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\3D-Bilder
[2011.01.21 16:38:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\Software
[2010.12.29 14:48:34 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Desktop\SketchUp
[2010.12.28 12:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 7
[2010.12.27 13:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.24 15:54:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.24 15:51:55 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.01.24 15:50:46 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.24 15:49:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 15:49:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 15:49:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.24 15:49:10 | 2649,145,344 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.24 10:15:29 | 000,000,020 | ---- | M] () -- C:\Users\Christoph\defogger_reenable
[2011.01.23 22:55:46 | 000,000,737 | ---- | M] () -- C:\Users\Christoph\Desktop\NTREGOPT.lnk
[2011.01.23 22:55:45 | 000,000,718 | ---- | M] () -- C:\Users\Christoph\Desktop\ERUNT.lnk
[2011.01.23 22:53:21 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.23 22:53:21 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.23 22:53:21 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.23 22:53:21 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.23 21:43:11 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A8580F1B-7656-4EE0-A554-B5DFC59E8674}.job
[2011.01.23 21:42:52 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.23 21:39:59 | 000,296,448 | ---- | M] () -- C:\Users\Christoph\Desktop\g2m3e4r.exe
[2011.01.23 21:39:57 | 000,050,477 | ---- | M] () -- C:\Users\Christoph\Desktop\defogger.exe
[2011.01.23 21:38:23 | 000,151,566 | ---- | M] () -- C:\Users\Christoph\Documents\Load.pdf
[2011.01.23 21:37:14 | 000,472,098 | ---- | M] () -- C:\Users\Christoph\Desktop\Load.exe
[2011.01.23 21:35:52 | 000,002,631 | ---- | M] () -- C:\Users\Christoph\Desktop\Microsoft Office Word 2007.lnk
[2011.01.22 13:09:02 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.01.21 17:33:50 | 000,001,059 | ---- | M] () -- C:\Users\Christoph\Desktop\Spybot - Search & Destroy.lnk
[2011.01.18 20:33:04 | 000,613,152 | ---- | M] () -- C:\Users\Christoph\Desktop\Gestaltungsplan_Praesi.dwg
[2011.01.18 20:31:52 | 002,883,409 | ---- | M] () -- C:\Users\Christoph\Desktop\Gestaltungsplan_Praesi1_1000.jpg
[2011.01.18 20:07:12 | 000,622,144 | ---- | M] () -- C:\Users\Christoph\Desktop\Gestaltungsplan2.dwg
[2011.01.18 14:59:40 | 009,448,183 | ---- | M] () -- C:\Users\Christoph\Desktop\3D_Modell_fertig.skp
[2011.01.15 21:51:38 | 001,463,609 | ---- | M] () -- C:\Users\Christoph\Desktop\Strukturkonzept_neu.jpg
[2011.01.09 15:30:58 | 000,002,633 | ---- | M] () -- C:\Users\Christoph\Desktop\Microsoft Office Excel 2007.lnk
[2011.01.08 10:59:21 | 000,013,227 | ---- | M] () -- C:\Users\Christoph\Documents\ic.docx
[2011.01.02 12:57:26 | 000,033,792 | ---- | M] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.01 13:12:24 | 000,006,944 | ---- | M] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat
[2010.12.28 12:56:15 | 000,003,120 | ---- | M] () -- C:\Windows\System32\ALLFSAF7a.ocx
 
========== Files Created - No Company Name ==========
 
[2011.01.24 10:15:08 | 000,000,020 | ---- | C] () -- C:\Users\Christoph\defogger_reenable
[2011.01.23 22:55:46 | 000,000,737 | ---- | C] () -- C:\Users\Christoph\Desktop\NTREGOPT.lnk
[2011.01.23 22:55:45 | 000,000,718 | ---- | C] () -- C:\Users\Christoph\Desktop\ERUNT.lnk
[2011.01.23 21:42:52 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.23 21:39:58 | 000,296,448 | ---- | C] () -- C:\Users\Christoph\Desktop\g2m3e4r.exe
[2011.01.23 21:39:57 | 000,050,477 | ---- | C] () -- C:\Users\Christoph\Desktop\defogger.exe
[2011.01.23 21:38:21 | 000,151,566 | ---- | C] () -- C:\Users\Christoph\Documents\Load.pdf
[2011.01.23 21:37:11 | 000,472,098 | ---- | C] () -- C:\Users\Christoph\Desktop\Load.exe
[2011.01.21 17:33:50 | 000,001,059 | ---- | C] () -- C:\Users\Christoph\Desktop\Spybot - Search & Destroy.lnk
[2011.01.21 16:38:28 | 009,448,183 | ---- | C] () -- C:\Users\Christoph\Desktop\3D_Modell_fertig.skp
[2011.01.21 16:38:28 | 000,613,152 | ---- | C] () -- C:\Users\Christoph\Desktop\Gestaltungsplan_Praesi.dwg
[2011.01.21 16:38:15 | 003,065,954 | ---- | C] () -- C:\Users\Christoph\Desktop\Strukturkonzept_Final.jpg
[2011.01.21 16:38:15 | 002,883,409 | ---- | C] () -- C:\Users\Christoph\Desktop\Gestaltungsplan_Praesi1_1000.jpg
[2011.01.21 16:38:15 | 001,463,609 | ---- | C] () -- C:\Users\Christoph\Desktop\Strukturkonzept_neu.jpg
[2011.01.21 16:38:15 | 000,622,144 | ---- | C] () -- C:\Users\Christoph\Desktop\Gestaltungsplan2.dwg
[2010.12.28 12:56:15 | 000,003,120 | ---- | C] () -- C:\Windows\System32\ALLFSAF7a.ocx
[2010.11.17 17:51:40 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.08.01 17:02:13 | 000,017,408 | ---- | C] () -- C:\Users\Christoph\AppData\Local\WebpageIcons.db
[2010.06.01 21:05:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.09.11 14:09:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.05 20:06:11 | 000,000,112 | -HS- | C] () -- C:\Windows\WinWs2k2009.sys
[2009.07.05 20:03:58 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2009.07.05 19:56:55 | 000,000,032 | ---- | C] () -- C:\Windows\Start_wslc2009.INI
[2009.05.06 18:05:22 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2009.05.06 18:05:22 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2009.05.06 18:05:22 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2009.05.06 18:00:48 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.05.06 18:00:48 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.02.28 13:57:56 | 000,000,112 | -HS- | C] () -- C:\Windows\WinWs2k2007.sys
[2008.10.03 09:24:42 | 000,000,062 | ---- | C] () -- C:\Windows\pcvcdbr.INI
[2008.10.03 09:18:43 | 000,000,000 | ---- | C] () -- C:\Windows\pcvcdvw.INI
[2008.09.23 17:03:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.09.02 16:26:58 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2008.09.02 13:04:24 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.09.02 13:01:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini
[2008.09.01 11:25:37 | 000,033,792 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.30 16:12:34 | 000,006,944 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat
[2008.07.30 05:34:36 | 000,004,442 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2008.07.30 02:45:55 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.07.30 02:45:55 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.05.20 23:20:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.20 23:20:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.20 22:20:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.05.20 22:15:50 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.15 11:09:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.11.20 15:24:52 | 000,159,744 | ---- | C] () -- C:\Windows\gdf.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1997.06.25 14:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\System32\RegObj.dll
 
========== LOP Check ==========
 
[2008.08.30 13:24:50 | 000,000,000 | -HSD | M] -- C:\Users\Christoph\AppData\Roaming\.#
[2008.05.20 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Acer GameZone Console
[2009.02.28 13:44:35 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Autodesk
[2010.01.10 17:29:59 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Canon
[2008.09.02 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools
[2008.09.10 15:08:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\EPSON
[2008.08.30 16:42:32 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\eSobi
[2008.09.10 21:17:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ESRI
[2011.01.20 22:21:24 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ
[2008.08.30 13:17:55 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\iWin
[2010.02.23 19:08:17 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\MAXQDA2007
[2008.11.12 19:33:05 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\RayV
[2011.01.24 10:16:00 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.23 21:43:11 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A8580F1B-7656-4EE0-A554-B5DFC59E8674}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.05.21 07:34:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011.01.24 15:49:10 | 2649,145,344 | -HS- | M] () -- C:\hiberfil.sys
[2008.09.02 18:54:36 | 000,002,688 | ---- | M] () -- C:\LGSInst.Log
[2008.07.30 03:20:39 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2011.01.24 15:49:08 | 2962,743,296 | -HS- | M] () -- C:\pagefile.sys
[2008.07.30 03:16:35 | 000,000,060 | ---- | M] () -- C:\Partition.txt
[2008.05.20 22:00:53 | 000,000,650 | ---- | M] () -- C:\RHDSetup.log
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.10.17 11:31:48 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.09.13 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD83.DLL
[2006.09.13 05:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP83.DLL
[2006.11.02 10:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.04.29 15:00:00 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-21 08:57:14
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:131C0EE9

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 24.01.2011 16:32:45 - Run 1
OTL by OldTimer - Version 3.2.20.4     Folder = C:\Users\Christoph\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 53,81 Gb Free Space | 37,36% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 140,41 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: CLEXIS | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5F28EA-CA51-4420-8F64-A9789A52BC80}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2D631047-2668-4494-ADF4-0D69ABF28CF0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{342475A2-8E56-4B4B-91BF-51FE50991D86}" = rport=445 | protocol=6 | dir=out | app=system | 
"{617175F3-2080-4336-925F-D0E76C5F8EE6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A72484D8-AEAF-4970-BFE2-E360EE0FFA0D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AF0967D7-3D9D-4556-82D9-813560045DBF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B556373F-56AD-45CF-82A4-316F9CFEB566}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DFBC7E31-F055-487B-9963-776D6EC730DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{EB3AA148-763D-44A2-A0B9-F04F1DEB9B6D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F9EAA181-71B1-4B31-BABF-BAA85BFCAB6B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FA3F05BE-E148-459C-AA1E-74D789DAF8A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB8D2E6-EE80-4974-87A7-110B218C86A8}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{0FBDCDB9-F380-4520-A8CB-C034C7CA4A63}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{13DE1542-C1CE-4DFF-94F0-BD704E111E66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{15335817-FFDA-4A78-A18E-26C1C8E2BA43}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{24DC5CB8-203B-407E-B201-F1546FEC58DA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{2B98CA43-D1F0-4D52-93FA-0FD3C15B390F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{337736D6-3AF5-46C6-90C0-CCE402A7596B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5E29E9A5-06ED-4268-9FC0-0A8B23A2A08F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{648EF9E3-FBEA-4D19-B9E1-DBDDC547A23C}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{6DA5F8AD-7867-4872-B290-FADB9817E2F4}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{70776BD7-A543-477E-A80B-847500D0180D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{7C0563EA-CCB1-4826-8031-8FA37246558C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9A3E07C9-8A25-4B10-AD23-844C3EB2C84E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{AF57989F-AA5F-4AB1-BD57-FA20F6F87693}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CB2E9942-304A-47DA-81ED-BAD46CCB22BF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{CCB8019D-D73A-4719-9B8A-B1E19DBC07FA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CDAD18E6-4B41-4F1F-BBB4-3541054DB07B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D8947999-6D6E-4727-9235-D1C7A7EE01EA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E0A303B7-4CBC-4EF4-9BAA-50A2EDD00E82}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{E86566B3-EB60-453E-AD67-8FC029276E12}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F3888E73-8A73-4897-960A-FD88D65393F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FA4C8BBF-CBAA-4B87-B0B5-333995986BE4}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"TCP Query User{0EF1237F-AD04-4361-8AB7-796B73A7CF13}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{10BDC576-7C1E-45AE-AFEA-C5DE2B6FC2AE}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe | 
"TCP Query User{133042CA-6103-4270-B0ED-F5B2C53EDFDD}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{1F5470A9-6833-4934-89AE-C1E9CEEAFA95}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{20A14478-4F4E-4433-97EA-EC33507C4879}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{2AABB23C-4071-4F8E-A732-EB32C7DCCC1E}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{30F0BBE0-DA99-4C92-9DF0-8C00470E3261}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{401E9796-ACA4-4BBB-9FC0-42A6BD0DD47C}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{462778FB-29A1-45A1-B382-CD0F501FD5AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{496666EC-BB13-474A-9414-BC2E2C38F78B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4F39A030-4C87-45DA-AC42-17C87D5C9BF4}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{56EBE95D-3933-4CCA-8AA3-A265401A1383}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{6B98A6FE-1331-49C1-9EC5-7296A88C1C1D}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{7DF690F6-B504-4D7E-A563-FF81C9933753}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{7FD5DC79-DFFC-42C2-A3B8-7411FC9168F6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{8C0DA038-DD96-4E24-A1C0-E98A54158B24}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{8F096D13-B6FA-4828-9E09-AAF0429EC2DB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{993BEE95-615B-46E3-8BBA-2AEB479D9DA2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{B05B6A5E-9C1C-40AB-9272-E926C7BF598A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B6542251-9D5D-4216-800E-EE2F2299B820}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{B7BF547E-EB4E-4CA5-A01F-4B3FFB74BA5A}C:\program files\edonkey2000\edonkey2000.exe" = protocol=6 | dir=in | app=c:\program files\edonkey2000\edonkey2000.exe | 
"TCP Query User{C052213F-474A-45B5-A359-837476D3B6F9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{C394BCF2-3AF1-4894-9122-BB2E84C409A6}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{C9B9FC07-086A-496F-A5D8-59CD8373903C}C:\program files\spssinc\paswstatistics17\paswstat.exe" = protocol=6 | dir=in | app=c:\program files\spssinc\paswstatistics17\paswstat.exe | 
"TCP Query User{D2804E38-D197-492C-B5B7-8948CB2A06A8}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe | 
"TCP Query User{D55A143E-AB54-4337-B23C-0D4A3DA492D4}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{E6210AD6-83A1-484C-88B8-C3383FE114C7}C:\program files\google\google sketchup 7\layout\layout.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\layout\layout.exe | 
"TCP Query User{E9CC91AB-3C2D-4744-9265-200CAE55732F}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{F447CD8A-0F72-4C38-8D8E-EE48EB89EF66}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{049363A8-3A00-48B5-919D-E77EB8A652F2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{0C0E8EEF-F70E-4E00-9FBF-664CB28E14E9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{1EC7D355-D9D0-49FF-B205-2B3DAA608C1F}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{2231E2CF-9DE2-4DDF-A790-38B8E15471EE}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{2280FF96-5A7B-4C41-9831-734F198EFB58}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{28CC09BD-815B-4115-B133-CF4E8AD9C81D}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{346B608B-6CD2-4B60-86EB-3A455396ABC3}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe | 
"UDP Query User{48E3C064-825E-435D-A3DE-4AFB9443E5F1}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{5E2C6214-6A04-4951-8EE3-7452C64B0AF3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{60A314D4-88F5-42D9-90C2-48C8FA17B15F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6F70C5F0-CF7D-4CFB-9A36-DC939C2F21AF}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{740525DF-6244-4D05-9B30-3AA56DA9DAE5}C:\program files\edonkey2000\edonkey2000.exe" = protocol=17 | dir=in | app=c:\program files\edonkey2000\edonkey2000.exe | 
"UDP Query User{80AC7B4D-0C24-430D-9786-F4CE0C84178D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{8169B110-B7C7-4256-843D-85253C6D8CAC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{8A21E412-F4EE-4EB3-8936-ED6C384249F4}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{8B193912-224A-48B8-8FD6-424B35B80D8C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{945F84AD-8C82-40C0-9904-092B0D4BA7FD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{A2C66564-C7EC-4720-B782-99B0FF49B73C}C:\program files\google\google sketchup 7\layout\layout.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\layout\layout.exe | 
"UDP Query User{A3F68966-4523-4CA0-B37C-CB98D8E070A7}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{AE07081C-FF9C-4C94-A5FE-155253C09960}C:\program files\spssinc\paswstatistics17\paswstat.exe" = protocol=17 | dir=in | app=c:\program files\spssinc\paswstatistics17\paswstat.exe | 
"UDP Query User{AF2A2D6A-FCD6-471D-9B27-8B66CF6C52F8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{B0F5B647-3E4F-4135-A7B5-A66AE366A2B2}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe | 
"UDP Query User{BA92AE49-EA3F-48D1-9FCF-BC8686C758D4}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{CB31BC4D-3FA2-4A2D-80C0-BA3559E5EE4E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{D1263189-0EA7-4E51-B75E-222BB8197151}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"UDP Query User{ECBCE991-FFBA-47C9-8633-CE2A24F639FF}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{F0897D71-B838-430B-95B0-358B06311FEC}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{F47B5AF3-2328-4476-995D-5C7544372211}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{F75087EE-147A-402C-8641-E2A72ADF7231}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0087799A-6484-2297-16D1-314C8D51EB5C}" = CCC Help Turkish
"{008B104E-AD08-D176-D974-9E795A3B5930}" = CCC Help English
"{01D60497-9C75-DFB2-6702-73288FAAF569}" = CCC Help Finnish
"{07100081-E9B4-4DF6-A845-CAAFD093E477}" = Microsoft Encarta 2007 - Enzyklopädie
"{08E77A66-9566-2C8F-4924-87AF3EEC4C8D}" = Catalyst Control Center Localization Korean
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F685585-6664-3B0F-8FFF-824EF3EC808F}" = CCC Help Chinese Standard
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{11FA22E0-699F-57FB-2ED5-81518FD4D26B}" = Catalyst Control Center Localization Czech
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1ADA324F-E40F-1763-8A4C-C2B1C3221C8B}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21BC64BE-7760-932B-9070-BAE49E82E4C0}" = CCC Help Russian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{247EC1CE-C81F-298F-EDDE-666C02C58193}" = CCC Help Spanish
"{2503CD86-B4C1-2EB7-30F8-A06F1156EE44}" = CCC Help German
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{27F3E373-93BF-441E-826B-98C33DF309B5}" = AMD USB Audio Driver Filter
"{2A6F9CF1-E874-FAAE-ACBF-50DEAB6A2866}" = Catalyst Control Center Localization Chinese Traditional
"{2C3AD6F9-0DD7-E2A2-363F-749247AE9603}" = CCC Help Czech
"{2E484859-4C24-718C-C637-368B04F14142}" = Catalyst Control Center Localization Russian
"{2ECDE974-69D9-47A9-9EB0-10EC49F8468A}" = PASW Statistics 17.0
"{30C5CDC6-67DE-F761-507F-E156FB7CF098}" = Catalyst Control Center Localization Italian
"{3304A9B5-C51F-42D4-B827-C77D607AC87B}" = Catalyst Control Center Localization Chinese Standard
"{36E3F10E-E909-0B45-B58B-CAF9864B22FF}" = Catalyst Control Center Localization Danish
"{3CFD59CA-BC0C-0A69-C420-5F6E54565246}" = ccc-core-static
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{448D6CAA-B84F-148E-DF21-D9145CD70791}" = Catalyst Control Center Localization Thai
"{459E81F6-51BB-F78C-EB9A-619499B7E7B8}" = CCC Help Korean
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA50CE2-3549-5E6B-DB7F-EC1FB21C98EB}" = CCC Help Italian
"{5025C2C2-E2DA-54CA-6AA3-2B796ED5E371}" = CCC Help Dutch
"{5204292B-0CDB-B240-65CE-F4CF17919E2D}" = Catalyst Control Center Localization Hungarian
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{5776FA35-21C8-A6C6-3B32-C5528AE4054F}" = CCC Help Danish
"{5783F2D7-6009-0407-0002-0060B0CE6BBA}" = AutoCAD LT 2008 - Deutsch
"{58A8EF55-37A0-F2C2-A35B-CA97E8F3D5C3}" = CCC Help Hungarian
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59ED508E-4239-EAD2-8D50-8923AADCFD76}" = Catalyst Control Center Graphics Full New
"{5D751B45-0F9F-0B9E-F3EA-25821C9D7F49}" = CCC Help Thai
"{63B8997E-EB2D-41D3-984C-C44D6D67A571}" = ArcSoft PhotoStudio 5.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{672CFCDF-759F-5F3C-077D-8B1A172FE150}" = Catalyst Control Center Localization Swedish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A5A8BEE-5493-C8F3-978F-6DC2A612D070}" = Catalyst Control Center Localization Portuguese
"{6CB07378-C076-D335-7D38-37AC272D899A}" = Catalyst Control Center Localization Greek
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{70B7E2EA-6CF1-C7BC-5F0E-7467F114BD5E}" = Catalyst Control Center Core Implementation
"{70E392D0-9A63-CD3B-11E4-4B66B7C68DE9}" = Catalyst Control Center Localization Spanish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{796127AB-1065-1DE9-3F6B-B4A00455FD34}" = CCC Help Chinese Traditional
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{823D0051-9B7A-46C3-A29B-AA4D765960ED}" = Google SketchUp Pro 7
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{85D808E9-8D08-90FF-B0FB-2732EC386A58}" = Catalyst Control Center Localization Japanese
"{89AD7027-B6B2-47DF-21F2-D8A46A6DB13F}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C55354D-62FC-7BBD-91CB-199365A64331}" = CCC Help French
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{95C8E6D2-8D1A-1846-F8CF-FC5BF2682D3E}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9B28716A-CAB1-F0E0-A975-83F9C7294F64}" = Catalyst Control Center Graphics Light
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A176487F-227E-3F91-C7AF-679E0E34AC0C}" = ccc-utility
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}" = NHL® 08
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD0EF554-9674-3C40-914C-E728036D6B5B}" = CCC Help Polish
"{B1AAC909-15F7-74EC-5D4D-70E3240CD30A}" = Catalyst Control Center Localization Dutch
"{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}" = pdfforge Toolbar v4.1
"{B24380E2-B8C4-5FC5-F11D-27300AB9B3A3}" = Catalyst Control Center Localization Norwegian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8E11DD5-8FC7-6EFB-42A3-1D9C58CDFD84}" = CCC Help Portuguese
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BF23DA5D-6205-4BE2-36B4-B74D671FF0D1}" = CCC Help Greek
"{CC434C7B-54AF-7181-1F33-6BD4DF382FE2}" = CCC Help Japanese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D7C81D2F-9490-518E-893F-0E9AC41415DE}" = Catalyst Control Center Localization Finnish
"{DF39E385-C2E0-F044-022B-2A8A565B7182}" = Catalyst Control Center Localization Polish
"{E5FB0690-C5F4-DD4F-4360-D1F360582DCE}" = CCC Help Swedish
"{EE94CB5C-9DD8-0373-42C3-A4F9F4A775BA}" = Catalyst Control Center Localization Turkish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BCAAD1-95DF-DF91-4A06-471D97884038}" = CCC Help Norwegian
"{FA378A8C-5F03-519A-AE78-91E93B50FC6A}" = Catalyst Control Center Localization French
"{FA4DDF14-0227-47ED-9FB0-3290E84E8938}" = Catalyst Control Center - Branding
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"7-Zip" = 7-Zip 4.57
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AutoCAD LT 2008 - Deutsch" = AutoCAD LT 2008 - Deutsch
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"Dynamic-Photo HDR (Trial)_is1" = Dynamic-Photo HDR (Trial/Showcase 2.3)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"f4" = f4 3.1.0
"Free Video Dub_is1" = Free Video Dub version 1.5
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"ICQToolbar" = ICQ Toolbar
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAXQDA2007" = MAXQDA2007 (R190110)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Macromedia Flash Player 8
"SopCast" = SopCast 3.0.3
"TVAnts 1.0" = TVAnts 1.0
"UltraStar Deluxe" = UltraStar Deluxe
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WS·LANDCAD 2009 Einzelplatz-Installation" = WS·LANDCAD 2009 Einzelplatz-Installation
"XMedia Recode" = XMedia Recode 2.1.2.5
"Yahoo! Companion" = Yahoo! Toolbar
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2010 06:39:35 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.06.2010 10:32:26 | Computer Name = Clexis | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.06.2010 10:32:31 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.06.2010 10:32:31 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.06.2010 16:09:25 | Computer Name = Clexis | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.06.2010 16:09:31 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.06.2010 16:09:31 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.06.2010 03:38:56 | Computer Name = Clexis | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.06.2010 03:39:02 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.06.2010 03:39:02 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 23.01.2011 13:20:24 | Computer Name = Clexis | Source = DCOM | ID = 10016
Description = 
 
Error - 23.01.2011 16:44:35 | Computer Name = Clexis | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.01.2011 17:46:41 | Computer Name = Clexis | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.01.2011 18:06:18 | Computer Name = Clexis | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.01.2011 18:14:21 | Computer Name = Clexis | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.01.2011 05:05:12 | Computer Name = Clexis | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.01.2011 05:17:08 | Computer Name = Clexis | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.01.2011 05:18:24 | Computer Name = Clexis | Source = DCOM | ID = 10016
Description = 

 
< End of report >
         
Ich hoffe, mir kann hier weitergeholfen werden. Pc selbst lief die ganze Zeit über normal und bis auf oben beschriebenes gab es keine weiteren Probleme.

Alt 24.01.2011, 19:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 25.01.2011, 18:00   #3
Vasi23
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Hier die Ergebnisse des Vollscan:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5594

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

25.01.2011 16:12:50
mbam-log-2011-01-25 (16-12-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 322144
Laufzeit: 1 Stunde(n), 32 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\pdfforge toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.
         
Frühere Logs habe ich keine, da ich das Programm erst seit dem Download von Load.exe habe.

Vielleicht noch eine Ergänzung zu der Beschreibung oben.
Die Analyse von AntiVir nach dem Bemerken des "Offlinebetrieb"-Hinweis gab es keinen Hinweis auf portwexexe. Allerdings wurden 2 andere Dinge gefunden.
Code:
ATTFilter
Erstellungsdatum der Reportdatei: Samstag, 22. Januar 2011  13:43

C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISS9TV9O\az3[1].exe
  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
--> Object
  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\45adb5c-65e44662
[0] Archivtyp: ZIP
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI
--> bpac/purok.class
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI
         
Dateien kamen in Quarantäne und wurden gelöscht.

Ein weiterer Suchlauf am Sonntag führte dann zu keinen weiteren Funden.
Code:
ATTFilter
Erstellungsdatum der Reportdatei: Sonntag, 23. Januar 2011  19:06

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1654' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <ACER>
Beginne mit der Suche in 'D:\' <DATA>


Ende des Suchlaufs: Sonntag, 23. Januar 2011  20:56
Benötigte Zeit:  1:49:43 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  26576 Verzeichnisse wurden überprüft
 511025 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
         
__________________

Alt 25.01.2011, 19:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.backup.ftp: "137.99.11.86"
FF - prefs.js..network.proxy.backup.ftp_port: 3127
FF - prefs.js..network.proxy.backup.gopher: "137.99.11.86"
FF - prefs.js..network.proxy.backup.gopher_port: 3127
FF - prefs.js..network.proxy.backup.socks: "137.99.11.86"
FF - prefs.js..network.proxy.backup.socks_port: 3127
FF - prefs.js..network.proxy.backup.ssl: "137.99.11.86"
FF - prefs.js..network.proxy.backup.ssl_port: 3127
FF - prefs.js..network.proxy.ftp: "137.99.11.86"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "137.99.11.86"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "137.99.11.86"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "137.99.11.86"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "137.99.11.86"
FF - prefs.js..network.proxy.ssl_port: 3127
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
[2008.08.30 13:24:50 | 000,000,000 | -HSD | M] -- C:\Users\Christoph\AppData\Roaming\.#
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:131C0EE9
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.01.2011, 20:36   #5
Vasi23
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Wurde ohne Probleme erledigt.

Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
Prefs.js: "137.99.11.86" removed from network.proxy.backup.ftp
Prefs.js: 3127 removed from network.proxy.backup.ftp_port
Prefs.js: "137.99.11.86" removed from network.proxy.backup.gopher
Prefs.js: 3127 removed from network.proxy.backup.gopher_port
Prefs.js: "137.99.11.86" removed from network.proxy.backup.socks
Prefs.js: 3127 removed from network.proxy.backup.socks_port
Prefs.js: "137.99.11.86" removed from network.proxy.backup.ssl
Prefs.js: 3127 removed from network.proxy.backup.ssl_port
Prefs.js: "137.99.11.86" removed from network.proxy.ftp
Prefs.js: 3127 removed from network.proxy.ftp_port
Prefs.js: "137.99.11.86" removed from network.proxy.gopher
Prefs.js: 3127 removed from network.proxy.gopher_port
Prefs.js: "137.99.11.86" removed from network.proxy.http
Prefs.js: 3127 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "137.99.11.86" removed from network.proxy.socks
Prefs.js: 3127 removed from network.proxy.socks_port
Prefs.js: "137.99.11.86" removed from network.proxy.ssl
Prefs.js: 3127 removed from network.proxy.ssl_port
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
C:\Users\Christoph\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:131C0EE9 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Christoph
->Temp folder emptied: 396563 bytes
->Temporary Internet Files folder emptied: 2716446 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17281340 bytes
->Flash cache emptied: 586 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14899021 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 34,00 mb
 
 
OTL by OldTimer - Version 3.2.20.4 log created on 01252011_212904

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000049E9A2B0D1B0EF43A9 not found!

Registry entries deleted on Reboot...
         


Alt 25.01.2011, 20:43   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Verdacht auf Portwexexe

Alt 26.01.2011, 22:47   #7
Vasi23
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



So hier nun das Log von ComboFix:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-01-25.05 - Christoph 26.01.2011  23:12:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2525.1544 [GMT 1:00]
ausgeführt von:: c:\users\Christoph\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\windows\system32\UNWISE.EXE
 
.
(((((((((((((((((((((((   Dateien erstellt von 2010-12-26 bis 2011-01-26  ))))))))))))))))))))))))))))))
.
 
2011-01-26 22:25 . 2011-01-26 22:26    --------    d-----w-    c:\users\Christoph\AppData\Local\temp
2011-01-26 22:25 . 2011-01-26 22:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-01-23 21:55 . 2011-01-23 21:56    --------    d-----w-    c:\program files\ERUNT
2011-01-23 20:43 . 2011-01-23 20:43    --------    d-----w-    c:\users\Christoph\AppData\Roaming\Malwarebytes
2011-01-23 20:42 . 2010-12-20 17:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-23 20:42 . 2011-01-23 20:42    --------    d-----w-    c:\programdata\Malwarebytes
2011-01-23 20:42 . 2011-01-23 20:42    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-01-23 20:42 . 2010-12-20 17:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-01-23 11:18 . 2011-01-23 11:18    --------    d--h--w-    c:\windows\PIF
2011-01-21 16:33 . 2011-01-26 16:04    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2011-01-21 16:33 . 2011-01-21 16:33    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2011-01-12 10:10 . 2010-12-28 15:55    413696    ----a-w-    c:\windows\system32\odbc32.dll
2011-01-12 10:10 . 2010-12-28 15:53    253952    ----a-w-    c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 10:10 . 2010-12-28 15:53    241664    ----a-w-    c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 10:10 . 2010-12-28 15:53    708608    ----a-w-    c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 10:10 . 2010-12-28 15:53    180224    ----a-w-    c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 10:10 . 2010-12-28 15:53    57344    ----a-w-    c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 10:10 . 2010-12-14 14:49    1169408    ----a-w-    c:\windows\system32\sdclt.exe
 
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 17:04 . 2009-03-28 12:45    135096    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2010-11-25 18:46 . 2009-03-28 12:45    61960    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2010-11-04 18:56 . 2010-12-17 13:49    345600    ----a-w-    c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-17 13:49    352768    ----a-w-    c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-17 13:49    270336    ----a-w-    c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-17 13:49    601600    ----a-w-    c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-17 13:49    171520    ----a-w-    c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-17 13:49    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-17 13:49    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-17 13:49    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-17 13:49    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-17 13:49    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-17 13:49    385024    ----a-w-    c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-17 13:49    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-17 13:49    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
.
 
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38    121392    ----a-w-    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-27 850440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952]
 
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
 
R2 gupdate1c985ff92d662e1;Google Update Service (gupdate1c985ff92d662e1);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-09-02 717296]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-27 210432]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-03-19 22072]
 
.
Inhalt des "geplante Tasks" Ordners
 
2011-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-30 11:02]
 
2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 13:01]
 
2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 13:01]
 
2011-01-26 c:\windows\Tasks\User_Feed_Synchronization-{A8580F1B-7656-4EE0-A554-B5DFC59E8674}.job
- c:\windows\system32\msfeedssync.exe [2010-12-17 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.sportal.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\d78v3gwl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://portal.krefeld-pinguine.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADLTScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
 
HKU-Default-Run-portwexexe.exe - c:\portwexexe\portwexexe.exe
AddRemove-Hardlock Gerätetreiber - c:\windows\system32\UNWISE.EXE
 
 
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-01-26 23:26
Windows 6.0.6002 Service Pack 2 NTFS
 
Scanne versteckte Prozesse... 
 
Scanne versteckte Autostarteinträge... 
 
Scanne versteckte Dateien... 
 
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-01-26  23:37:51
ComboFix-quarantined-files.txt  2011-01-26 22:37
 
Vor Suchlauf: 16 Verzeichnis(se), 56.824.225.792 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 56.755.994.624 Bytes frei
 
- - End Of File - - 6680A7F79195B65DFD1298808695977A
         
--- --- ---

Alt 27.01.2011, 08:14   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.01.2011, 15:22   #9
Vasi23
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Hallo,

mit GMER gabs Probleme. Hab da keinen Scan mehr hinbekommen, da es sich aufgehangen hat.
Mit OSAM und MBRcheck ist alles ohne Probleme abgelaufen.
Hier die Logfiles:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:06:56 on 27.01.2011
 
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13
 
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
 
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
 
 
[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
 
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys
"AMD USB Filter Driver" (usbfilter) - "Advanced Micro Devices Inc." - C:\Windows\System32\DRIVERS\usbfilter.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"int15" (int15) - "Acer, Inc." - C:\Windows\system32\drivers\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
"PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys
"PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys
"Sentinel" (Sentinel) - "SafeNet, Inc." - C:\Windows\System32\Drivers\SENTINEL.SYS
"Service for HDMI" (RTHDMIAzAudService) - ? - C:\Windows\System32\drivers\RtHDMIV.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
 
[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{4A681BEC-7727-49BD-B695-79F8354CD2E5} "PMFColumns Class" - "ESRI " - C:\Program Files\Common Files\ESRI\esriShellExt.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{ADC46291-D8A1-4486-A24C-86FFB392AEFA} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll
{5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D821DC4A-0814-435E-9820-661C543A4679} "CRLDownloadWrapper Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\crlocx.ocx / hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
{79E0C1C0-316D-11D5-A72A-006097BFA1AC} "EPSON Web Printer-SelfTest Control Class" - ? - C:\Windows\system32\Epson\EST\ESTPTest\ESTPTest.ocx / hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? -   (File not found | COM-object registry key not found)
<binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
 
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
"eDataSecurity Loader" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
"WinampAgent" - ? - "C:\Program Files\Winamp\winampa.exe"  (File found, but it contains no detailed information)
 
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor MP160" - "CANON INC." - C:\Windows\system32\CNMLM83.DLL
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
 
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Autodesk Licensing Service" (Autodesk Licensing Service) - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Program Files\Canon\CAL\CALMAIN.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c985ff92d662e1)" (gupdate1c985ff92d662e1) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Sentinel Protection Server" (SentinelProtectionServer) - "SafeNet, Inc" - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
 
[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Users\CHRIST~1\DOWNLO~1\DESERT~1.SCR  (File not found)
 
===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD
 
Command-line:            
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Acer
System Manufacturer:        Acer
System Product Name:        Aspire 5530
Logical Drives Mask:        0x0000001c
 
Kernel Drivers (total 166):
  0x82610000 \SystemRoot\system32\ntkrnlpa.exe
  0x829C9000 \SystemRoot\system32\hal.dll
  0x80403000 \SystemRoot\system32\kdcom.dll
  0x8040A000 \SystemRoot\system32\PSHED.dll
  0x8041B000 \SystemRoot\system32\BOOTVID.dll
  0x80423000 \SystemRoot\system32\CLFS.SYS
  0x80464000 \SystemRoot\system32\CI.dll
  0x80544000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8060F000 \SystemRoot\system32\drivers\acpi.sys
  0x80655000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8065E000 \SystemRoot\system32\drivers\msisadrv.sys
  0x80666000 \SystemRoot\system32\drivers\pci.sys
  0x8068D000 \SystemRoot\System32\drivers\partmgr.sys
  0x8069C000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8069F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x806A9000 \SystemRoot\system32\drivers\volmgr.sys
  0x806B8000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80702000 \SystemRoot\System32\drivers\mountmgr.sys
  0x80712000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x8071A000 \SystemRoot\system32\drivers\atapi.sys
  0x80722000 \SystemRoot\system32\drivers\ataport.SYS
  0x80740000 \SystemRoot\system32\drivers\msahci.sys
  0x8074A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x80758000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8078A000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8079A000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x89203000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x89274000 \SystemRoot\system32\drivers\ndis.sys
  0x8937F000 \SystemRoot\system32\drivers\msrpc.sys
  0x893AA000 \SystemRoot\system32\drivers\NETIO.SYS
  0x89405000 \SystemRoot\System32\drivers\tcpip.sys
  0x894EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8960D000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8971D000 \SystemRoot\system32\drivers\volsnap.sys
  0x89756000 \SystemRoot\System32\Drivers\spldr.sys
  0x8975E000 \SystemRoot\System32\Drivers\mup.sys
  0x8976D000 \SystemRoot\System32\drivers\ecache.sys
  0x89794000 \SystemRoot\system32\drivers\disk.sys
  0x897A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x897C6000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x897CE000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8950A000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
  0x8954A000 \SystemRoot\system32\DRIVERS\storport.sys
  0x897EE000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x89600000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x895CB000 \SystemRoot\system32\DRIVERS\processr.sys
  0x895DA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8CE01000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x8D2D0000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8D36F000 \SystemRoot\System32\drivers\watchdog.sys
  0x8D60E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8D69B000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
  0x8D79D000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
  0x8D7D4000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8D7EC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8D7F4000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x8D37B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8D600000 \SystemRoot\system32\DRIVERS\usbfilter.sys
  0x8D609000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8D3B9000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8D3C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8D3DB000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8D3E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x807A3000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x8D3F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x895E3000 \SystemRoot\system32\DRIVERS\enecir.sys
  0x8D3FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x807D0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x893E5000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x805CD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x893F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8DA02000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8DA25000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8DA34000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8DA48000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8DA5D000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8DA6D000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8DA6F000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8DA99000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8DAA7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8DAB1000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8DABE000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8DAF3000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8DB04000 \SystemRoot\system32\drivers\HdAudio.sys
  0x8DB43000 \SystemRoot\system32\drivers\portcls.sys
  0x8DB70000 \SystemRoot\system32\drivers\drmk.sys
  0x8DE09000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8E118000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8D807000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8D909000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8D9BE000 \SystemRoot\system32\drivers\modem.sys
  0x8D9CB000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x8D9D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8D9E6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8D9ED000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8D9F6000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8E155000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8D800000 \SystemRoot\System32\Drivers\Null.SYS
  0x8E15E000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8E165000 \SystemRoot\System32\drivers\vga.sys
  0x8E171000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8E192000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8E19A000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8E1A2000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8E1AD000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8E1BB000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8E1C4000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8E1DA000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8DB95000 \SystemRoot\system32\drivers\afd.sys
  0x8E20B000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8E23D000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8E253000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8E261000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8E274000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8E27A000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8E2B6000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
  0x8E2BA000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8E2C4000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8E2DB000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8E301000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8E318000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8E31A000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8E33B000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8E348000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x8E352000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
  0x97A80000 \SystemRoot\System32\win32k.sys
  0x8E392000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8E39C000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x97CA0000 \SystemRoot\System32\TSDDD.dll
  0x97CC0000 \SystemRoot\System32\cdd.dll
  0x8E3AB000 \SystemRoot\system32\drivers\luafv.sys
  0x8E3C6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x98E00000 \??\C:\Windows\system32\drivers\ACEDRV07.sys
  0x98E62000 \SystemRoot\system32\drivers\spsys.sys
  0x98F12000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0x98F24000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x98F34000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x98F5E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x98F68000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x98F7B000 \SystemRoot\system32\drivers\HTTP.sys
  0x8E3DB000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x8DBDD000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x98FE8000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x8958B000 \SystemRoot\system32\drivers\mrxdav.sys
  0x895AC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9B805000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9B83E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9B856000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9B87E000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9B8E4000 \SystemRoot\System32\Drivers\SENTINEL.SYS
  0x9B8F9000 \SystemRoot\system32\drivers\hardlock.sys
  0x9B9A3000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x9B9CB000 \??\C:\Windows\system32\drivers\int15.sys
  0x9B9D2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0x9B9D6000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
  0x9DE0B000 \SystemRoot\system32\drivers\peauth.sys
  0x9DEE9000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0x9DEF2000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0x9DF04000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9DF0E000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9DF1A000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0x9DF22000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
  0x9DF43000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x9DF59000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x76E50000 \Windows\System32\ntdll.dll
 
Processes (total 71):
       0 System Idle Process
       4 System
     492 C:\Windows\System32\smss.exe
     560 csrss.exe
     632 csrss.exe
     640 C:\Windows\System32\wininit.exe
     676 C:\Windows\System32\services.exe
     688 C:\Windows\System32\lsass.exe
     696 C:\Windows\System32\lsm.exe
     848 C:\Windows\System32\svchost.exe
     860 C:\Windows\System32\winlogon.exe
     956 C:\Windows\System32\svchost.exe
     996 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\Ati2evxx.exe
    1076 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\svchost.exe
    1204 C:\Windows\System32\audiodg.exe
    1224 C:\Windows\System32\svchost.exe
    1240 C:\Windows\System32\SLsvc.exe
    1268 C:\Windows\System32\svchost.exe
    1420 C:\Windows\System32\svchost.exe
    1620 C:\Windows\System32\Ati2evxx.exe
    1696 C:\Windows\System32\wlanext.exe
    1764 C:\Windows\System32\spoolsv.exe
    1808 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1860 C:\Windows\System32\svchost.exe
     372 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
     528 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
     756 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    1092 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
     340 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2132 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
    2152 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2164 C:\ACER\Mobility Center\MobilityService.exe
    2232 C:\Windows\System32\svchost.exe
    2280 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    2328 C:\Windows\System32\svchost.exe
    2424 C:\Windows\System32\svchost.exe
    2516 C:\Windows\System32\SearchIndexer.exe
    2564 C:\Windows\System32\drivers\XAudio.exe
    2728 C:\Program Files\Canon\CAL\CALMAIN.exe
    2860 C:\Windows\System32\taskeng.exe
    3076 C:\Windows\System32\dwm.exe
    3120 C:\Windows\System32\taskeng.exe
    3144 C:\Windows\explorer.exe
    3400 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    3444 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    3468 C:\Windows\PLFSetI.exe
    3804 unsecapp.exe
    3824 WmiPrvSE.exe
    3880 C:\Windows\System32\wbem\unsecapp.exe
    2404 C:\Program Files\Launch Manager\LManager.exe
    2604 C:\Program Files\Apoint2K\Apoint.exe
    1580 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    2856 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    3096 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    3132 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
     772 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    3112 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3496 C:\Program Files\Java\jre6\bin\jusched.exe
     824 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    3016 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    3796 C:\Program Files\Apoint2K\ApMsgFwd.exe
    3668 C:\Program Files\Apoint2K\ApntEx.exe
    3268 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4124 C:\Users\CHRIST~1\AppData\Local\temp\RtkBtMnt.exe
    5988 C:\Program Files\Windows Media Player\wmpnscfg.exe
    6040 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2352 C:\Users\Christoph\Desktop\MBRCheck.exe
    4372 C:\Windows\System32\conime.exe
 
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`83200000  (NTFS)
 
PhysicalDrive0 Model Number: WDC WD3200BEVT-22ZCT0, Rev: 1.11
 
      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   RE: Unknown MBR code
            SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
 
 
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
 
Done!
         

Alt 27.01.2011, 18:18   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Hast Du noch andere Betriebssysteme außer Vista installiert?

Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.01.2011, 19:07   #11
Vasi23
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Hab nur Vista installiert.
Kann ich das genauso auch auf eine DVD brennen? DVD-Rohlinge hätte ich nämlich da. Oder muss das als Notfall/Recovery-CD vorliegen?

Alt 27.01.2011, 19:21   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Das ist ein CD- und kein DVD-Image. Es könnte klappen, wenn du es per Imagebrennfunktion auf nen DVD-Rohling brennst, aber es kann auch nicht klappen, sprich die Disc bootet nicht.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.01.2011, 09:01   #13
Vasi23
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Hallo,

habe mir dann doch lieber noch nen CD-Rohling besorgt und es dann auf CD gebrannt.
Das Problem ist..wenn ich hochfahre greift er zunächst auf das Laufwerk zu. Letztlich bootet er dann aber doch von der Festplatte normal wie immer. Also am Anfang liest er schon von der CD, es dauert ein wenig und im Endeffekt bin ich wieder ganz normal beim Bild, wo ich mein PW eingebe.
Habe auch keinen Auswahlbildschirm, wo ich irgendwas entscheiden könnte bezüglich von CD booten...
Muss ich im BIOS nachschauen bezüglich Bootreihenfolge??

Alt 28.01.2011, 09:39   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



Hast du das mit Imagebrennfunktion gebrannt? Einfach die ISO-Datei als Daten-CD zu brennen funktioniert nicht, die CD ist dann dann nicht bootfähig.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.01.2011, 10:16   #15
Vasi23
 
Verdacht auf Portwexexe - Standard

Verdacht auf Portwexexe



ja hab das schon mit Imagebrennfunktion gemacht.

Im Anhang ist mal ein Screenshot wie der Inhalt der CD bei mir aussieht.
Der CD-Name ist ein wenig komisch...aber das ist ja vermutlich wohl nicht entscheidend.
Miniaturansicht angehängter Grafiken
Verdacht auf Portwexexe-cd_inhalt.jpg  

Antwort

Themen zu Verdacht auf Portwexexe
7-zip, alternate, antivir, avgntflt.sys, avira, bho, browser, corp./icp, desktop, error, excel.exe, firefox, flash player, gerätetreiber, google, google earth, helper, home, home premium, iexplore.exe, infiziert., install.exe, internet, launch, load.exe, location, logfile, microsoft office word, mozilla, nvstor.sys, oldtimer, pdfforge toolbar, popup, portwexexe.exe, problem, programdata, realtek, registry, registry cleaner, required, safer networking, saver, searchplugins, security, security scan, server, shell32.dll, software, spigot, start menu, system, system restore, vista, vlc media player, windows



Ähnliche Themen: Verdacht auf Portwexexe


  1. portwexexe.exe eingefangen - gelöscht - was nun?
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (6)
  2. Verdacht Auf Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 09.05.2011 (27)
  3. verdacht auf virus
    Plagegeister aller Art und deren Bekämpfung - 05.05.2011 (21)
  4. Verdacht auf Infizierung
    Log-Analyse und Auswertung - 29.04.2011 (4)
  5. Verdacht auf Trojaner
    Antiviren-, Firewall- und andere Schutzprogramme - 14.04.2011 (16)
  6. Verdacht auf Malwaren
    Log-Analyse und Auswertung - 08.04.2011 (25)
  7. Verdacht auf Botnetz
    Antiviren-, Firewall- und andere Schutzprogramme - 07.04.2011 (19)
  8. Onlinebanking gesperrt wg. Trojaner - Hijackthis findet portwexexe.exe
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (30)
  9. Trojaner, wahrscheinlich portwexexe.exe
    Plagegeister aller Art und deren Bekämpfung - 05.02.2011 (24)
  10. habe portwexexe von spyeye auf dem pc
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (29)
  11. PC verseucht mit Portwexexe, Spyeye usw.
    Plagegeister aller Art und deren Bekämpfung - 30.01.2011 (6)
  12. system neu aufsetzen nach portwexexe
    Plagegeister aller Art und deren Bekämpfung - 28.01.2011 (1)
  13. portwexexe.exe (spyeye)
    Plagegeister aller Art und deren Bekämpfung - 28.01.2011 (27)
  14. Verdacht auf W32/Brontok-DP
    Plagegeister aller Art und deren Bekämpfung - 04.08.2008 (10)
  15. verdacht auf malwarebefall
    Log-Analyse und Auswertung - 19.07.2008 (2)
  16. Verdacht !
    Log-Analyse und Auswertung - 01.11.2005 (1)
  17. Verdacht !!!!
    Log-Analyse und Auswertung - 25.09.2005 (2)

Zum Thema Verdacht auf Portwexexe - Hallo, habe meinen Rechner vermutlich mit Portwexexe infiziert. Seit Freitag traten Meldungen von Windows auf bezüglich "Offlinebetrieb". Pc war nicht mit dem Internet verbunden, aber eine Anwendung wollte wohl ständig - Verdacht auf Portwexexe...
Archiv
Du betrachtest: Verdacht auf Portwexexe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.