| |
| |||||||
Log-Analyse und Auswertung: svchost.exe lastet meinen Speicher ausWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
20.02.2011, 18:20
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  svchost.exe lastet meinen Speicher aus Dann poste bitte nach der Entfernung jetzt frische OTL-Logs: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.02.2011, 19:10
| #17 |
 | svchost.exe lastet meinen Speicher aus Hi,
__________________Danke nochmal, hab OTL nochmal durchlaufen lassen: Code:
ATTFilter OTL Extras logfile created on: 20.02.2011 18:53:02 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Timo\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 75,20 Gb Free Space | 67,48% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 105,10 Gb Free Space | 45,13% Space Free | Partition Type: NTFS
Drive E: | 107,90 Gb Total Space | 107,81 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC861C4-2DE7-438B-8139-E55D0A9973E6}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{0F5B51A3-AA75-48DA-97BC-D93221495D1A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{151993F2-D413-4048-96BF-0FB33DB96FC0}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{15451ADB-CF75-46DA-AB59-CC7BAB6CC75D}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3673E242-38DB-415C-81CD-F767E62534FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5CFB6649-7C2A-4B43-A099-4D04B764E4BE}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8717AF46-97FC-465B-9558-1FBF757D97AA}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9FC17329-1503-4DC0-A571-2D69A8E1D5C5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{D249C927-F055-46B1-8AD0-46F9409A8C91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9277855-0A29-4403-87C3-88B0F208C0D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection
AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineCodex" = OnlineCodex
"QIP 2005" = QIP 2005 8092
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.02.2011 15:11:20 | Computer Name = Timo-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.02.2011 15:28:13 | Computer Name = Timo-PC | Source = VSS | ID = 8194
Description =
Error - 13.02.2011 15:34:29 | Computer Name = Timo-PC | Source = VSS | ID = 8194
Description =
Error - 13.02.2011 15:36:07 | Computer Name = Timo-PC | Source = VSS | ID = 8194
Description =
Error - 13.02.2011 15:37:27 | Computer Name = Timo-PC | Source = VSS | ID = 8194
Description =
Error - 13.02.2011 15:49:19 | Computer Name = Timo-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 13.02.2011 16:04:17 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 13.02.2011 16:08:41 | Computer Name = Timo-PC | Source = HTTP | ID = 15016
Description =
Error - 14.02.2011 09:18:13 | Computer Name = Timo-PC | Source = HTTP | ID = 15016
Description =
Error - 14.02.2011 10:56:33 | Computer Name = Timo-PC | Source = HTTP | ID = 15016
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 20.02.2011 18:53:02 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Timo\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 75,20 Gb Free Space | 67,48% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 105,10 Gb Free Space | 45,13% Space Free | Partition Type: NTFS Drive E: | 107,90 Gb Total Space | 107,81 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Timo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Timo\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe () PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe () PRC - C:\Programme\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (acer) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.) PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\ACER\Mobility Center\MobilityService.exe () PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Timo\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) ========== Win32 Services (SafeList) ========== SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.) SRV - (McAfee SiteAdvisor Service) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) ========== Driver Services (SafeList) ========== DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.02.14 20:31:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.17 19:38:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.19 21:26:31 | 000,000,000 | ---D | M] [2011.02.13 21:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions [2011.02.20 15:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\q7zjq99g.default\extensions [2011.02.16 14:08:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\q7zjq99g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.19 21:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.02.19 21:26:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.19 21:26:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.19 21:26:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.02.17 19:38:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.02.17 19:38:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.02.17 19:38:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.02.17 19:38:35 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.02.17 19:38:35 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll () O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.10.18 17:00:19 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.20 18:51:10 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2011.02.19 21:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.02.19 21:26:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.02.19 21:26:31 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.02.19 21:26:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.02.19 21:26:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.02.19 21:26:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.02.19 21:26:06 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.02.17 17:18:32 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\Neuer Ordner [2011.02.17 16:35:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.02.17 16:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.02.17 16:34:44 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.02.17 15:17:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.02.17 15:17:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.02.17 15:17:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.02.16 16:06:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2011.02.16 16:06:33 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2011.02.16 13:59:21 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Malwarebytes [2011.02.16 13:59:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.16 13:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.16 13:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.16 13:59:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.16 13:59:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.16 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\MFTools [2011.02.16 13:52:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2011.02.15 17:27:01 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2011.02.15 17:03:42 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2011.02.15 17:03:41 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2011.02.15 17:03:40 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2011.02.15 17:03:40 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2011.02.15 17:03:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2011.02.15 17:03:38 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2011.02.15 16:58:55 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2011.02.15 16:58:50 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2011.02.15 16:57:23 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2011.02.15 16:57:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2011.02.15 16:56:36 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2011.02.14 16:31:32 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Adobe [2011.02.14 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\skypePM [2011.02.14 15:19:20 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.02.14 15:19:16 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.14 15:19:16 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.14 15:19:14 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.02.14 15:19:13 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.14 15:19:11 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.14 15:19:11 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.02.14 15:19:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.14 15:19:11 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.14 15:19:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.02.14 15:19:08 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.14 15:19:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.14 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Adobe [2011.02.14 14:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QIP 2005 [2011.02.14 14:48:46 | 000,000,000 | ---D | C] -- C:\Programme\QIP [2011.02.14 14:46:14 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll [2011.02.14 14:46:11 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll [2011.02.14 14:45:58 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll [2011.02.14 14:45:07 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.14 14:45:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.14 14:45:04 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2011.02.14 14:45:04 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2011.02.14 14:45:04 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2011.02.14 14:45:04 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2011.02.14 14:45:03 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe [2011.02.14 14:43:51 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2011.02.14 14:43:50 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2011.02.14 14:43:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.02.14 14:43:46 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.02.14 14:43:45 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.02.14 14:43:38 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.02.14 14:43:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.02.14 14:43:22 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2011.02.14 14:42:01 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2011.02.14 14:42:01 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2011.02.14 14:41:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2011.02.14 14:41:46 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2011.02.14 14:41:45 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2011.02.14 14:41:20 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2011.02.14 14:40:49 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2011.02.14 14:40:38 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2011.02.14 14:40:36 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2011.02.14 14:40:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2011.02.14 14:40:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2011.02.14 14:40:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2011.02.14 14:40:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2011.02.14 14:39:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll [2011.02.14 14:38:21 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.02.14 14:37:55 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.02.14 14:36:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2011.02.14 14:36:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2011.02.14 14:36:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2011.02.14 14:36:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2011.02.14 14:36:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2011.02.14 14:36:11 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.02.14 14:35:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.02.14 14:34:33 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.14 14:34:32 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.14 14:34:30 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.02.14 14:34:26 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2011.02.14 14:34:24 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2011.02.14 14:34:23 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.14 14:34:13 | 002,038,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.14 14:34:11 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll [2011.02.14 14:34:09 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2011.02.14 14:34:09 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2011.02.14 14:34:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.02.14 14:34:02 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.02.14 14:33:55 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.02.14 14:33:47 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.02.14 14:33:44 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.02.14 14:33:41 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2011.02.14 14:33:36 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx [2011.02.14 14:33:35 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll [2011.02.14 14:33:35 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2011.02.14 14:33:33 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2011.02.14 14:33:27 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2011.02.14 14:33:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.02.14 14:33:23 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2011.02.14 14:33:17 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.02.14 14:33:15 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2011.02.14 14:33:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2011.02.14 14:30:39 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\ICQ [2011.02.14 14:30:38 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\AOL [2011.02.14 14:30:30 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2011.02.14 14:29:52 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Skype [2011.02.14 14:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.02.14 14:29:16 | 000,000,000 | ---D | C] -- C:\Programme\Skype [2011.02.14 14:29:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011.02.14 14:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011.02.14 14:27:23 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.14 14:27:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.02.14 14:27:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.14 14:27:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2011.02.14 14:26:25 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2011.02.14 14:26:25 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.02.14 14:26:23 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2011.02.14 14:26:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2011.02.14 14:23:40 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll [2011.02.14 14:23:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.14 14:23:12 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2011.02.14 14:22:39 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2011.02.14 14:22:38 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2011.02.13 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Mozilla [2011.02.13 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Mozilla [2011.02.13 21:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011.02.13 21:20:59 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.02.13 21:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Desktop [2011.02.13 21:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011.02.13 21:05:09 | 014,033,923 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System32\acer.exe [2011.02.13 21:05:08 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Macromedia [2011.02.13 21:05:06 | 000,000,000 | ---D | C] -- C:\Programme\Acer Incorporated [2011.02.13 21:05:03 | 000,000,000 | ---D | C] -- C:\Windows\ACER [2011.02.13 21:04:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Acer [2011.02.13 21:04:14 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector [2011.02.13 20:54:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll [2011.02.13 20:51:56 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\PowerCinema [2011.02.13 20:51:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe [2011.02.13 20:49:32 | 000,000,000 | ---D | C] -- C:\Programme\Acer Arcade Deluxe [2011.02.13 20:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2011.02.13 20:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2011.02.13 20:48:35 | 000,114,688 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll [2011.02.13 20:48:24 | 000,023,040 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe [2011.02.13 20:48:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biologon.dll [2011.02.13 20:48:11 | 000,042,608 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys [2011.02.13 20:48:11 | 000,024,048 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\AlfaFF.dll [2011.02.13 20:48:10 | 000,338,416 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll [2011.02.13 20:48:06 | 001,468,928 | ---- | C] (UPEK, Inc.) -- C:\Windows\System32\bsapi.dll [2011.02.13 20:47:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SPBA [2011.02.13 20:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\UIB [2011.02.13 20:47:08 | 000,000,000 | ---D | C] -- C:\CLSetup [2011.02.13 20:37:55 | 000,061,440 | ---- | C] (Acer Inc.) -- C:\Windows\System32\MCEPlugin.dll [2011.02.13 20:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista [2011.02.13 20:33:59 | 000,000,000 | ---D | C] -- C:\Programme\Acer Inc [2011.02.13 20:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager [2011.02.13 20:32:50 | 000,000,000 | ---D | C] -- C:\Programme\Launch Manager [2011.02.13 20:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager [2011.02.13 20:28:27 | 000,262,144 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE [2011.02.13 20:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye [2011.02.13 20:28:11 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\InstallShield [2011.02.13 20:26:30 | 000,233,472 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\BtwRSupport.dll [2011.02.13 20:26:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX [2011.02.13 20:26:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR [2011.02.13 20:26:21 | 000,000,000 | ---D | C] -- C:\Programme\WIDCOMM [2011.02.13 20:24:20 | 001,079,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll [2011.02.13 20:24:20 | 000,768,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe [2011.02.13 20:24:20 | 000,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl [2011.02.13 20:24:20 | 000,313,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll [2011.02.13 20:21:21 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE [2011.02.13 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Timo\Documents\Eigene Google Gadgets [2011.02.13 20:20:54 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Google [2011.02.13 20:20:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.02.13 20:20:28 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.02.13 20:20:28 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.02.13 20:20:27 | 000,000,000 | R--D | C] -- C:\Users\Timo\Searches [2011.02.13 20:20:20 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Identities [2011.02.13 20:20:18 | 000,000,000 | R--D | C] -- C:\Users\Timo\Contacts [2011.02.13 20:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.02.13 20:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner [2011.02.13 20:15:46 | 000,000,000 | ---D | C] -- C:\Programme\Google [2011.02.13 20:15:14 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\VirtualStore [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Vorlagen [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\AppData\Local\Verlauf [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\AppData\Local\Temporary Internet Files [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Startmenü [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\SendTo [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Recent [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Netzwerkumgebung [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Lokale Einstellungen [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Documents\Eigene Videos [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Documents\Eigene Musik [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Eigene Dateien [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Documents\Eigene Bilder [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Druckumgebung [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Cookies [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\AppData\Local\Anwendungsdaten [2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Anwendungsdaten [2011.02.13 20:14:47 | 000,000,000 | --SD | C] -- C:\Users\Timo\AppData\Roaming\Microsoft [2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\Documents [2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\Desktop [2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.02.13 20:14:47 | 000,000,000 | -H-D | C] -- C:\Users\Timo\AppData [2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Temp [2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Microsoft [2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Media Center Programs [2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Acer GameZone Console [2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Videos [2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Saved Games [2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Pictures [2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Music [2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Links [2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Favorites [2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Downloads [2011.02.13 20:13:49 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2011.02.13 20:13:49 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2011.02.13 20:13:36 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2011.02.13 20:13:36 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2011.02.13 20:13:36 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2011.02.13 20:13:31 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2011.02.13 20:13:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Programme [2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.02.13 20:05:26 | 000,324,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys [2011.02.13 19:04:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2008.07.22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.02.20 18:51:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2011.02.20 18:50:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.20 18:50:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.20 18:47:20 | 000,012,883 | ---- | M] () -- C:\Windows\System32\Config.MPF [2011.02.20 14:54:42 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.20 14:54:42 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.20 14:54:42 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.20 14:54:42 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.20 14:50:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.02.20 14:50:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.20 14:50:03 | 3213,774,848 | -HS- | M] () -- C:\hiberfil.sys [2011.02.19 21:26:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.02.19 21:26:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.02.19 21:26:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.02.19 21:26:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.02.19 17:07:58 | 000,512,028 | ---- | M] () -- C:\Users\Timo\Desktop\Minas_Sirion_-_Rulespack_V1.1.3.pdf [2011.02.17 16:47:03 | 000,000,000 | ---- | M] () -- C:\Users\Timo\defogger_reenable [2011.02.17 16:36:22 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.17 16:34:45 | 000,000,737 | ---- | M] () -- C:\Users\Timo\Desktop\NTREGOPT.lnk [2011.02.17 16:34:45 | 000,000,718 | ---- | M] () -- C:\Users\Timo\Desktop\ERUNT.lnk [2011.02.16 16:07:05 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.02.16 13:58:42 | 000,010,837 | ---- | M] () -- C:\Users\Timo\Desktop\Microsoft Office Word-Dokument (neu).docx [2011.02.16 13:55:49 | 000,029,920 | ---- | M] () -- C:\Users\Timo\Desktop\fehler.jpg [2011.02.16 13:54:50 | 000,296,448 | ---- | M] () -- C:\Users\Timo\Desktop\g2m3e4r.exe [2011.02.16 13:54:41 | 000,050,477 | ---- | M] () -- C:\Users\Timo\Desktop\defogger.exe [2011.02.16 13:51:16 | 000,503,478 | ---- | M] () -- C:\Users\Timo\Desktop\fehler.bmp [2011.02.15 22:53:08 | 000,008,079 | ---- | M] () -- C:\Users\Timo\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx [2011.02.15 19:31:35 | 000,298,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.14 16:31:05 | 000,003,584 | ---- | M] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.14 16:17:23 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2011.02.14 14:48:48 | 000,000,694 | ---- | M] () -- C:\Users\Timo\Desktop\QIP 2005.lnk [2011.02.14 14:29:19 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.02.13 21:21:14 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011.02.13 21:21:04 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.02.13 21:19:47 | 000,000,104 | ---- | M] () -- C:\Users\Timo\Desktop\Computer - Verknüpfung.lnk [2011.02.13 21:04:39 | 000,000,627 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk [2011.02.13 20:53:06 | 000,000,680 | ---- | M] () -- C:\Users\Timo\AppData\Local\d3d9caps.dat [2011.02.13 20:48:36 | 000,118,784 | ---- | M] () -- C:\Windows\System32\VMC3KAPI.dll [2011.02.13 20:48:35 | 000,114,688 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll [2011.02.13 20:48:24 | 000,023,040 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe [2011.02.13 20:48:23 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\biologon.dll [2011.02.13 20:48:11 | 000,042,608 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys [2011.02.13 20:48:11 | 000,024,048 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\AlfaFF.dll [2011.02.13 20:48:10 | 000,338,416 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll [2011.02.13 20:48:06 | 001,468,928 | ---- | M] (UPEK, Inc.) -- C:\Windows\System32\bsapi.dll [2011.02.13 20:47:08 | 000,000,020 | ---- | M] () -- C:\Medion.ini [2011.02.13 20:34:01 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI [2011.02.13 20:32:52 | 000,000,083 | ---- | M] () -- C:\Windows\QtZgAcer.UNI [2011.02.13 20:26:26 | 000,000,807 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk [2011.02.13 20:10:20 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2011.02.19 17:07:49 | 000,512,028 | ---- | C] () -- C:\Users\Timo\Desktop\Minas_Sirion_-_Rulespack_V1.1.3.pdf [2011.02.17 16:47:03 | 000,000,000 | ---- | C] () -- C:\Users\Timo\defogger_reenable [2011.02.17 16:34:45 | 000,000,737 | ---- | C] () -- C:\Users\Timo\Desktop\NTREGOPT.lnk [2011.02.17 16:34:45 | 000,000,718 | ---- | C] () -- C:\Users\Timo\Desktop\ERUNT.lnk [2011.02.16 16:07:05 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.02.16 16:07:05 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.02.16 13:59:11 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.16 13:58:23 | 000,010,837 | ---- | C] () -- C:\Users\Timo\Desktop\Microsoft Office Word-Dokument (neu).docx [2011.02.16 13:55:49 | 000,029,920 | ---- | C] () -- C:\Users\Timo\Desktop\fehler.jpg [2011.02.16 13:54:43 | 000,296,448 | ---- | C] () -- C:\Users\Timo\Desktop\g2m3e4r.exe [2011.02.16 13:54:40 | 000,050,477 | ---- | C] () -- C:\Users\Timo\Desktop\defogger.exe [2011.02.16 13:33:26 | 000,503,478 | ---- | C] () -- C:\Users\Timo\Desktop\fehler.bmp [2011.02.15 22:53:08 | 000,008,079 | ---- | C] () -- C:\Users\Timo\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx [2011.02.14 16:31:05 | 000,003,584 | ---- | C] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.14 16:17:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.14 14:48:48 | 000,000,694 | ---- | C] () -- C:\Users\Timo\Desktop\QIP 2005.lnk [2011.02.14 14:41:56 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2011.02.14 14:29:19 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.02.13 21:21:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.13 21:21:04 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.02.13 21:19:47 | 000,000,104 | ---- | C] () -- C:\Users\Timo\Desktop\Computer - Verknüpfung.lnk [2011.02.13 21:05:08 | 036,909,056 | ---- | C] () -- C:\Windows\System32\acer.scr [2011.02.13 21:04:39 | 000,000,627 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk [2011.02.13 20:49:29 | 000,006,048 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2011.02.13 20:48:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2011.02.13 20:47:08 | 000,000,020 | ---- | C] () -- C:\Medion.ini [2011.02.13 20:36:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\LogConfigTemp.xml [2011.02.13 20:34:01 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI [2011.02.13 20:32:52 | 000,000,083 | ---- | C] () -- C:\Windows\QtZgAcer.UNI [2011.02.13 20:28:27 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2011.02.13 20:28:27 | 000,222,382 | ---- | C] () -- C:\Windows\Acer Crystal Eye webcam.ico [2011.02.13 20:28:27 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.02.13 20:28:27 | 000,004,838 | ---- | C] () -- C:\Windows\Suyin.reg [2011.02.13 20:28:27 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2011.02.13 20:26:26 | 000,000,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk [2011.02.13 20:20:30 | 000,000,953 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.02.13 20:20:26 | 000,000,948 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011.02.13 20:20:18 | 000,000,919 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2011.02.13 20:14:58 | 000,000,680 | ---- | C] () -- C:\Users\Timo\AppData\Local\d3d9caps.dat [2011.02.13 20:09:23 | 3213,774,848 | -HS- | C] () -- C:\hiberfil.sys [2008.07.30 11:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.07.30 02:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.07.30 02:42:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.07.30 02:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll < End of report > |
|
20.02.2011, 19:29
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe lastet meinen Speicher aus Recht unauffällig. Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ |
|
20.02.2011, 23:15
| #19 |
| | svchost.exe lastet meinen Speicher aus Hi, Danke nochmal für deine Hilfe. Der CCleaner hat ein bisschen Müll entsorgt, aber sicher nichts wichtiges gefunden, denke mal, das das nur dazu diente, dass Cofi etwas schneller lief. Hier die Logdatei: Code:
ATTFilter ComboFix 11-02-20.01 - Timo 20.02.2011 22:49:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3066.1522 [GMT 1:00]
ausgeführt von:: c:\users\Timo\Desktop\cofi.exe.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Im Speicher befindliches AV aktiv.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-20 bis 2011-02-20 ))))))))))))))))))))))))))))))
.
2011-02-20 21:59 . 2011-02-20 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-20 21:45 . 2011-02-20 21:45 -------- d-----w- c:\program files\CCleaner
2011-02-20 21:42 . 2011-02-20 21:47 -------- d-----w- C:\cofi.exe
2011-02-19 20:26 . 2011-02-19 20:26 -------- d-----w- c:\program files\Common Files\Java
2011-02-19 20:26 . 2011-02-19 20:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 20:26 . 2011-02-19 20:26 -------- d-----w- c:\program files\Java
2011-02-17 15:34 . 2011-02-17 15:34 -------- d-----w- c:\program files\ERUNT
2011-02-17 14:17 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-17 14:17 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-17 14:17 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-17 14:17 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-17 14:17 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-16 15:06 . 2011-02-16 15:06 -------- d-----w- c:\program files\Common Files\Adobe
2011-02-16 12:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-16 12:59 . 2011-02-16 12:59 -------- d-----w- c:\programdata\Malwarebytes
2011-02-16 12:59 . 2011-02-17 15:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-16 12:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-16 12:52 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-16 12:52 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-16 12:52 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-16 12:52 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-16 12:52 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-02-16 12:52 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-02-16 12:48 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-15 17:38 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-02-15 16:27 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-02-15 16:03 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-02-15 16:03 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-02-15 16:03 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-02-15 16:03 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-02-15 16:03 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-02-15 16:03 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-02-15 15:58 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-02-15 15:58 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-02-15 15:57 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-02-15 15:57 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-15 15:57 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-02-15 15:56 . 2011-02-15 15:56 -------- d-----w- c:\program files\MSXML 4.0
2011-02-14 13:48 . 2011-02-14 13:48 -------- d-----w- c:\program files\QIP
2011-02-14 13:46 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-02-14 13:46 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-02-14 13:43 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-02-14 13:42 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2011-02-14 13:42 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2011-02-14 13:42 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2011-02-14 13:42 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2011-02-14 13:41 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-02-14 13:41 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-02-14 13:41 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-02-14 13:41 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2011-02-14 13:41 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2011-02-14 13:41 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2011-02-14 13:40 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-02-14 13:40 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-02-14 13:40 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-02-14 13:40 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-02-14 13:40 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2011-02-14 13:40 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-02-14 13:40 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-02-14 13:40 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-02-14 13:39 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2011-02-14 13:39 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2011-02-14 13:38 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\system32\ole32.dll
2011-02-14 13:38 . 2010-06-28 14:31 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-02-14 13:38 . 2010-08-26 16:07 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-02-14 13:38 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-02-14 13:38 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-02-14 13:38 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-02-14 13:38 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-02-14 13:37 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2011-02-14 13:37 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-02-14 13:37 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-02-14 13:37 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-02-14 13:37 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-02-14 13:37 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-02-14 13:37 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-02-14 13:36 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-02-14 13:36 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-02-14 13:36 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-02-14 13:36 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-02-14 13:36 . 2009-07-14 10:59 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2011-02-14 13:36 . 2009-07-14 10:58 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2011-02-14 13:36 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-02-14 13:36 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-02-14 13:36 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-02-14 13:36 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-02-14 13:35 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-02-14 13:35 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-14 13:33 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-14 13:30 . 2011-02-14 13:30 -------- d-----w- c:\program files\ICQ7.2
2011-02-14 13:29 . 2011-02-14 13:29 -------- d-----w- c:\program files\Skype
2011-02-14 13:29 . 2011-02-14 13:29 -------- d-----w- c:\program files\Common Files\Skype
2011-02-14 13:28 . 2011-02-14 13:29 -------- d-----w- c:\programdata\Skype
2011-02-14 13:27 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-02-14 13:27 . 2011-01-08 05:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-14 13:27 . 2011-01-08 07:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-14 13:27 . 2010-06-16 15:12 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-02-14 13:27 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-02-14 13:26 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-02-14 13:26 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-02-14 13:26 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-02-14 13:26 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-02-14 13:26 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-02-14 13:26 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-02-14 13:26 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-02-14 13:26 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-02-14 13:26 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-02-14 13:26 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-02-14 13:23 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-14 13:23 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2011-02-14 13:23 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2011-02-14 13:23 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2011-02-14 13:23 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2011-02-14 13:23 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-02-14 13:22 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2011-02-14 13:22 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2011-02-13 20:09 . 2011-02-13 20:10 -------- d-----w- c:\programdata\NVIDIA
2011-02-13 20:05 . 2008-06-30 15:59 14033923 ----a-w- c:\windows\system32\acer.exe
2011-02-13 20:05 . 2007-04-18 21:02 36909056 ----a-w- c:\windows\system32\acer.scr
2011-02-13 20:05 . 2011-02-13 20:05 -------- d-----w- c:\windows\ACER
2011-02-13 19:54 . 2008-01-16 17:35 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-02-13 19:49 . 2011-02-13 19:54 -------- d-----w- c:\program files\Acer Arcade Deluxe
2011-02-13 19:49 . 2011-02-13 19:51 -------- d-----w- c:\programdata\CyberLink
2011-02-13 19:48 . 2011-02-13 19:48 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
2011-02-13 19:48 . 2011-02-13 19:48 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-02-13 19:16 157168 ----a-w- c:\programdata\Partner\partner.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-02-14 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-13 30192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2011-02-13 3676160]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-2-13 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2011-02-13 19:48 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-13 30192]
R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2011-02-13 110576]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2011-02-13 42608]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2011-02-13 3602432]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2009-12-08 93320]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
Inhalt des "geplante Tasks" Ordners
2008-07-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-30 13:10]
2008-07-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-30 13:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\q7zjq99g.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-eRecoveryService - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-20 23:03
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(1952)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\system32\rundll32.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\conime.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-20 23:06:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-02-20 22:06
Vor Suchlauf: 9 Verzeichnis(se), 80.410.566.656 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 80.285.765.632 Bytes frei
- - End Of File - - BE8175D737A40EC3BF4C868E252C1F9A
|
|
21.02.2011, 11:27
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe lastet meinen Speicher aus Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2011, 15:18
| #21 |
| | svchost.exe lastet meinen Speicher aus Hi, GMER hat funktioniert. Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit quick scan 2011-02-21 14:47:50
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
Running: ldx1qhgb.exe; Driver: C:\Users\Timo\AppData\Local\Temp\kgtdipog.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x805B998E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x805B9928]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x805B993C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x805B99CC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x805B9A0F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x805B9900]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x805B9914]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x805B99A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x805B9A37]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x805B9A23]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x805B997A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x805B9966]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x805B99FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x805B99E2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x805B99B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x805B9952]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:13:10 on 21.02.2011 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.0.19 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys "catchme" (catchme) - ? - C:\cofi.exe25383c\catchme.sys (File not found) "int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys "PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys "PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Inc." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Google" - "Google Germany GmbH" - c:\program files\google\googletoolbar1.dll <binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\program files\google\googletoolbar1.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} "Partner BHO Class" - "Google Inc." - C:\ProgramData\Partner\partner.dll {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "Egis" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "BkupTray" - ? - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" "CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" "eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" "eDataSecurity Loader" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe "ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE "PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "PLFSetI" - ? - C:\Windows\PLFSetI.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe "ZPdtWzdVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe "CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe "Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "iGroupTec Service" (IGBASVC) - ? - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe (File found, but it contains no detailed information) "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe "NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Partner Service" (Partner Service) - "Google Inc." - C:\ProgramData\Partner\partner.exe "Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\System32\acer.scr (File found, but it contains no detailed information) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll "spba" - "UPEK Inc." - C:\Program Files\Common Files\SPBA\homefus2.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 6930G
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 156):
0x81E11000 \SystemRoot\system32\ntkrnlpa.exe
0x821CA000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80472000 \SystemRoot\system32\PSHED.dll
0x80483000 \SystemRoot\system32\BOOTVID.dll
0x8048B000 \SystemRoot\system32\CLFS.SYS
0x804CC000 \SystemRoot\system32\CI.dll
0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068A000 \SystemRoot\system32\drivers\acpi.sys
0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E1000 \SystemRoot\system32\drivers\pci.sys
0x80708000 \SystemRoot\System32\drivers\partmgr.sys
0x80717000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80724000 \SystemRoot\system32\drivers\volmgr.sys
0x80733000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8078D000 \SystemRoot\System32\Drivers\UBHelper.sys
0x89C03000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x89CDC000 \SystemRoot\system32\drivers\atapi.sys
0x89CE4000 \SystemRoot\system32\drivers\ataport.SYS
0x89D02000 \SystemRoot\system32\drivers\fltmgr.sys
0x89D34000 \SystemRoot\system32\drivers\fileinfo.sys
0x89D44000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x89D4D000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x89D56000 \SystemRoot\system32\Drivers\ksecdd.sys
0x89E0B000 \SystemRoot\system32\drivers\ndis.sys
0x89F16000 \SystemRoot\system32\drivers\msrpc.sys
0x89F41000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A00B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A11A000 \SystemRoot\system32\drivers\volsnap.sys
0x8A153000 \SystemRoot\System32\Drivers\spldr.sys
0x8A15B000 \SystemRoot\System32\Drivers\mup.sys
0x8A16A000 \SystemRoot\System32\drivers\ecache.sys
0x8A191000 \SystemRoot\system32\drivers\disk.sys
0x8A1A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A1C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8DAE7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8DAF2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8DAFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DAFF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8DC03000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8E336000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E3D5000 \SystemRoot\System32\drivers\watchdog.sys
0x8E3E2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8DB08000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E3ED000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DB46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E40F000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8E796000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
0x8E7A6000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8E7BB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E7CE000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8E7D8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DB58000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E7E3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E7E5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DB88000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E7F0000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8E400000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DBA0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x89F7B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8DBCE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DBD9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DBF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A1D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x89FBC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89FCB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89FDF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x89DC7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E7F8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x80795000 \SystemRoot\system32\DRIVERS\ks.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8A000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89DD7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807BF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x89DE4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E80B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EA13000 \SystemRoot\system32\drivers\portcls.sys
0x8EA40000 \SystemRoot\system32\drivers\drmk.sys
0x8EA65000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8EAA2000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8EC0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8ECC4000 \SystemRoot\system32\drivers\modem.sys
0x8ECD1000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8ECDF000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8ECEA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8ECFA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ED01000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8ED0A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8ED12000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8ED25000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8ED2E000 \SystemRoot\System32\Drivers\Null.SYS
0x8ED35000 \SystemRoot\System32\Drivers\Beep.SYS
0x8ED3C000 \SystemRoot\System32\drivers\vga.sys
0x8ED48000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8ED69000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8ED72000 \SystemRoot\System32\Drivers\tcusb.sys
0x8ED7D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ED85000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ED8D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8ED98000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EDA6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9080C000 \SystemRoot\System32\drivers\tcpip.sys
0x908F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90910000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90927000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9093D000 \SystemRoot\system32\DRIVERS\smb.sys
0x90951000 \SystemRoot\system32\drivers\afd.sys
0x90999000 \SystemRoot\System32\Drivers\usbvideo.sys
0x909BA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EDAF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x909EC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EDC5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EBA4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90800000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8EDD8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DA0E000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8EDEF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x95820000 \SystemRoot\System32\win32k.sys
0x924D9000 \SystemRoot\System32\drivers\Dxapi.sys
0x924E3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95A40000 \SystemRoot\System32\TSDDD.dll
0x924F2000 \SystemRoot\system32\drivers\luafv.sys
0x95A60000 \SystemRoot\System32\cdd.dll
0x9250D000 \SystemRoot\system32\drivers\spsys.sys
0x925BC000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x925CE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8DA49000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x925DE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x925E8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8DA73000 \SystemRoot\system32\drivers\HTTP.sys
0x8EBE0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x805AC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x805C5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x805DA000 \SystemRoot\system32\drivers\mrxdav.sys
0x9DA00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9DA1F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9DA58000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9DA70000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9DA98000 \SystemRoot\System32\DRIVERS\srv.sys
0x9DAE6000 \??\C:\Windows\system32\drivers\int15.sys
0x9DAF7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9DAFB000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0x9DB19000 \SystemRoot\system32\drivers\peauth.sys
0x9DBF7000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xA3C03000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xA3C15000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3C1F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3C2B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA3C33000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0x77C50000 \Windows\System32\ntdll.dll
Processes (total 85):
0 System Idle Process
4 System
532 C:\Windows\System32\smss.exe
600 csrss.exe
652 C:\Windows\System32\wininit.exe
664 csrss.exe
696 C:\Windows\System32\services.exe
708 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
880 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\nvvsvc.exe
956 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\audiodg.exe
1192 C:\Windows\System32\SLsvc.exe
1224 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\winlogon.exe
1432 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\spoolsv.exe
1660 C:\Windows\System32\svchost.exe
1904 C:\Windows\System32\rundll32.exe
1980 C:\Program Files\Common Files\SPBA\upeksvr.exe
560 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
2036 C:\Windows\System32\taskeng.exe
480 C:\Windows\System32\dwm.exe
2020 C:\Windows\explorer.exe
2128 C:\Windows\System32\taskeng.exe
2244 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2252 C:\Windows\RtHDVCpl.exe
2260 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2292 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
2328 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
2372 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2416 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2476 C:\Windows\System32\rundll32.exe
2484 C:\Windows\PLFSetI.exe
2632 C:\Users\Timo\AppData\Local\temp\RtkBtMnt.exe
2832 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2844 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
2856 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2876 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2892 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
3096 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3120 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
3204 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3216 C:\ACER\Mobility Center\MobilityService.exe
3276 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
3348 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
3376 C:\Windows\System32\svchost.exe
3428 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
3456 C:\Program Files\Acer\Acer VCM\RS_Service.exe
3504 C:\Windows\System32\svchost.exe
3552 C:\Windows\System32\svchost.exe
3580 C:\Windows\System32\SearchIndexer.exe
3652 C:\Windows\System32\drivers\XAudio.exe
4028 WmiPrvSE.exe
1824 C:\Program Files\Launch Manager\QtZgAcer.EXE
2524 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
1480 WmiPrvSE.exe
2716 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
2780 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
2188 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
2200 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
2672 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1464 C:\Program Files\Skype\Phone\Skype.exe
2032 C:\Windows\System32\wbem\unsecapp.exe
2392 C:\Program Files\ICQ7.2\ICQ.exe
3568 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
3688 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2696 C:\Program Files\Skype\Plugin Manager\skypePM.exe
3888 C:\Program Files\Acer\Acer VCM\acp2HID.exe
4912 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5776 C:\Program Files\Mozilla Firefox\firefox.exe
5796 C:\Program Files\WinRAR\WinRAR.exe
4436 C:\Windows\servicing\TrustedInstaller.exe
4884 C:\Windows\System32\wuauclt.exe
4176 C:\Windows\System32\SearchProtocolHost.exe
5852 C:\Windows\System32\SearchFilterHost.exe
3868 dllhost.exe
888 dllhost.exe
3988 C:\Users\Timo\Downloads\MBRCheck.exe
5848 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001e`5c500000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C
PhysicalDrive1 Model Number: ST9250827AS, Rev: 3.AAA
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
232 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
|
|
21.02.2011, 15:38
| #22 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe lastet meinen Speicher ausZitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2011, 15:58
| #23 |
| | svchost.exe lastet meinen Speicher aus Oh, das Service Pack hab ich noch nicht neu draufgeladen... mach ich jetzt aber erstmal. Hier das vom TDSS, nach Beenden des Scans hat er "no found" angezeigt. Code:
ATTFilter 2011/02/21 15:48:07.0544 5700 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/21 15:48:08.0049 5700 ================================================================================
2011/02/21 15:48:08.0049 5700 SystemInfo:
2011/02/21 15:48:08.0049 5700
2011/02/21 15:48:08.0049 5700 OS Version: 6.0.6001 ServicePack: 1.0
2011/02/21 15:48:08.0049 5700 Product type: Workstation
2011/02/21 15:48:08.0049 5700 ComputerName: TIMO-PC
2011/02/21 15:48:08.0050 5700 UserName: Timo
2011/02/21 15:48:08.0050 5700 Windows directory: C:\Windows
2011/02/21 15:48:08.0050 5700 System windows directory: C:\Windows
2011/02/21 15:48:08.0050 5700 Processor architecture: Intel x86
2011/02/21 15:48:08.0050 5700 Number of processors: 2
2011/02/21 15:48:08.0050 5700 Page size: 0x1000
2011/02/21 15:48:08.0050 5700 Boot type: Normal boot
2011/02/21 15:48:08.0050 5700 ================================================================================
2011/02/21 15:48:08.0676 5700 Initialize success
2011/02/21 15:48:11.0938 5768 ================================================================================
2011/02/21 15:48:11.0938 5768 Scan started
2011/02/21 15:48:11.0938 5768 Mode: Manual;
2011/02/21 15:48:11.0938 5768 ================================================================================
2011/02/21 15:48:13.0307 5768 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/02/21 15:48:14.0249 5768 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/02/21 15:48:15.0096 5768 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/02/21 15:48:15.0890 5768 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/02/21 15:48:16.0623 5768 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/02/21 15:48:17.0447 5768 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/02/21 15:48:18.0126 5768 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/02/21 15:48:18.0898 5768 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/21 15:48:19.0522 5768 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\Drivers\AlfaFF.sys
2011/02/21 15:48:20.0171 5768 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/02/21 15:48:20.0684 5768 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/02/21 15:48:21.0294 5768 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/02/21 15:48:21.0717 5768 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/02/21 15:48:22.0106 5768 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/02/21 15:48:22.0541 5768 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/02/21 15:48:22.0975 5768 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/02/21 15:48:23.0397 5768 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/21 15:48:23.0809 5768 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/02/21 15:48:24.0277 5768 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/21 15:48:24.0722 5768 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/02/21 15:48:25.0147 5768 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/21 15:48:25.0592 5768 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/21 15:48:26.0314 5768 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/21 15:48:26.0961 5768 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/21 15:48:27.0551 5768 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/21 15:48:28.0150 5768 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/21 15:48:29.0084 5768 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/21 15:48:29.0662 5768 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/21 15:48:30.0463 5768 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/21 15:48:31.0197 5768 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/21 15:48:31.0831 5768 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/21 15:48:32.0241 5768 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/02/21 15:48:32.0888 5768 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/21 15:48:33.0328 5768 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/02/21 15:48:33.0900 5768 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/21 15:48:34.0371 5768 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/02/21 15:48:35.0235 5768 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/02/21 15:48:36.0006 5768 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/02/21 15:48:36.0896 5768 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/02/21 15:48:37.0677 5768 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/02/21 15:48:38.0298 5768 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/21 15:48:39.0075 5768 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/21 15:48:40.0011 5768 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/21 15:48:40.0714 5768 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/02/21 15:48:41.0586 5768 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/02/21 15:48:42.0495 5768 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/02/21 15:48:43.0065 5768 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/02/21 15:48:43.0568 5768 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/02/21 15:48:44.0012 5768 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/21 15:48:44.0469 5768 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/21 15:48:45.0002 5768 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/21 15:48:45.0458 5768 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/21 15:48:45.0983 5768 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/02/21 15:48:46.0516 5768 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/21 15:48:47.0140 5768 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/21 15:48:48.0028 5768 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/02/21 15:48:48.0936 5768 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/21 15:48:49.0617 5768 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/21 15:48:50.0565 5768 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/21 15:48:51.0764 5768 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/21 15:48:52.0655 5768 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/02/21 15:48:53.0355 5768 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/02/21 15:48:54.0015 5768 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/02/21 15:48:54.0683 5768 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/02/21 15:48:55.0292 5768 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/02/21 15:48:56.0126 5768 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/02/21 15:48:56.0660 5768 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/21 15:48:57.0426 5768 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/21 15:48:58.0225 5768 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/02/21 15:48:58.0936 5768 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/21 15:48:59.0628 5768 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
2011/02/21 15:49:00.0567 5768 IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/21 15:49:01.0302 5768 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/02/21 15:49:01.0981 5768 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/21 15:49:02.0616 5768 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/21 15:49:04.0095 5768 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/21 15:49:04.0697 5768 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/21 15:49:05.0309 5768 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/21 15:49:06.0208 5768 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/02/21 15:49:07.0130 5768 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/21 15:49:08.0158 5768 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/21 15:49:09.0077 5768 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/21 15:49:10.0012 5768 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/21 15:49:10.0640 5768 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/21 15:49:11.0424 5768 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/21 15:49:11.0933 5768 L1E (86d7f66ac2c0123ed81b2f3e835845c2) C:\Windows\system32\DRIVERS\L1E60x86.sys
2011/02/21 15:49:12.0433 5768 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/21 15:49:12.0979 5768 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/21 15:49:13.0414 5768 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/21 15:49:13.0971 5768 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/21 15:49:14.0585 5768 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/21 15:49:15.0072 5768 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/02/21 15:49:15.0754 5768 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/02/21 15:49:16.0650 5768 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/02/21 15:49:17.0585 5768 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/21 15:49:18.0319 5768 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/21 15:49:19.0286 5768 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/21 15:49:20.0121 5768 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/21 15:49:20.0645 5768 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/21 15:49:21.0448 5768 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/02/21 15:49:22.0060 5768 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/21 15:49:22.0771 5768 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/21 15:49:23.0485 5768 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/02/21 15:49:24.0099 5768 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/21 15:49:25.0179 5768 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/21 15:49:26.0042 5768 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/21 15:49:27.0013 5768 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/02/21 15:49:27.0937 5768 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/02/21 15:49:28.0726 5768 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/21 15:49:29.0538 5768 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/21 15:49:30.0351 5768 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/21 15:49:31.0040 5768 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/21 15:49:31.0773 5768 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/21 15:49:32.0587 5768 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/02/21 15:49:33.0330 5768 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/21 15:49:34.0231 5768 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/21 15:49:34.0874 5768 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/02/21 15:49:35.0599 5768 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/21 15:49:36.0255 5768 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/02/21 15:49:37.0052 5768 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/21 15:49:37.0664 5768 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/21 15:49:38.0332 5768 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/21 15:49:38.0988 5768 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/21 15:49:39.0678 5768 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/21 15:49:40.0371 5768 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/21 15:49:41.0305 5768 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/02/21 15:49:42.0174 5768 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/21 15:49:43.0009 5768 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/02/21 15:49:43.0830 5768 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/21 15:49:44.0396 5768 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/02/21 15:49:44.0949 5768 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/02/21 15:49:45.0263 5768 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
2011/02/21 15:49:46.0138 5768 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/21 15:49:46.0582 5768 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/21 15:49:47.0102 5768 NVHDA (2c7ac27710e8d41c1eb7d1599187d237) C:\Windows\system32\drivers\nvhda32v.sys
2011/02/21 15:49:47.0740 5768 nvlddmkm (cb0d6f8f65b8766ff2aaaa78881fd9f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/21 15:49:48.0195 5768 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/02/21 15:49:48.0641 5768 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/02/21 15:49:49.0175 5768 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/02/21 15:49:50.0578 5768 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/02/21 15:49:51.0325 5768 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/21 15:49:52.0147 5768 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/02/21 15:49:52.0847 5768 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/21 15:49:53.0556 5768 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/02/21 15:49:54.0241 5768 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/02/21 15:49:55.0044 5768 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/21 15:49:55.0727 5768 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/21 15:49:56.0484 5768 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/21 15:49:57.0137 5768 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/02/21 15:49:57.0962 5768 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/21 15:49:58.0461 5768 PSDFilter (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/02/21 15:49:59.0167 5768 PSDNServ (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/02/21 15:49:59.0828 5768 psdvdisk (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/02/21 15:50:00.0618 5768 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/02/21 15:50:01.0436 5768 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/21 15:50:02.0170 5768 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/21 15:50:02.0803 5768 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/21 15:50:03.0583 5768 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/21 15:50:04.0282 5768 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/21 15:50:05.0173 5768 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/21 15:50:05.0766 5768 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/21 15:50:06.0420 5768 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/21 15:50:06.0949 5768 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/02/21 15:50:07.0748 5768 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/21 15:50:08.0374 5768 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/02/21 15:50:09.0298 5768 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/21 15:50:09.0766 5768 RTSTOR (7a4f79df3793160b280cde152b61fe33) C:\Windows\system32\drivers\RTSTOR.SYS
2011/02/21 15:50:10.0200 5768 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/21 15:50:10.0680 5768 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/21 15:50:11.0147 5768 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/21 15:50:11.0648 5768 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/21 15:50:12.0092 5768 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/21 15:50:12.0648 5768 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/02/21 15:50:13.0348 5768 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/21 15:50:14.0071 5768 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/21 15:50:14.0682 5768 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/21 15:50:15.0638 5768 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/02/21 15:50:16.0217 5768 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/02/21 15:50:16.0853 5768 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/02/21 15:50:17.0554 5768 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/02/21 15:50:18.0262 5768 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/21 15:50:19.0013 5768 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/02/21 15:50:19.0667 5768 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/21 15:50:20.0574 5768 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/21 15:50:21.0197 5768 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/21 15:50:21.0842 5768 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/21 15:50:22.0520 5768 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/21 15:50:23.0321 5768 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/21 15:50:23.0982 5768 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/21 15:50:24.0665 5768 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/02/21 15:50:25.0565 5768 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/21 15:50:26.0406 5768 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/21 15:50:27.0216 5768 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
2011/02/21 15:50:27.0962 5768 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/21 15:50:28.0851 5768 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/21 15:50:29.0575 5768 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/21 15:50:30.0164 5768 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/21 15:50:30.0853 5768 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/21 15:50:31.0498 5768 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/21 15:50:32.0309 5768 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/21 15:50:32.0999 5768 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/02/21 15:50:33.0866 5768 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/02/21 15:50:34.0570 5768 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/21 15:50:35.0316 5768 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/21 15:50:36.0000 5768 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/02/21 15:50:36.0565 5768 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/21 15:50:37.0212 5768 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/21 15:50:37.0989 5768 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/21 15:50:38.0508 5768 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/21 15:50:39.0031 5768 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/21 15:50:39.0476 5768 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/21 15:50:40.0046 5768 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/21 15:50:40.0478 5768 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/21 15:50:40.0926 5768 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/02/21 15:50:41.0416 5768 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/21 15:50:41.0894 5768 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/21 15:50:42.0525 5768 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/21 15:50:43.0254 5768 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/21 15:50:44.0020 5768 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/21 15:50:44.0588 5768 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/02/21 15:50:45.0366 5768 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/02/21 15:50:46.0089 5768 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/21 15:50:47.0069 5768 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/21 15:50:47.0729 5768 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/02/21 15:50:48.0378 5768 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/02/21 15:50:49.0046 5768 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/02/21 15:50:49.0650 5768 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/21 15:50:50.0462 5768 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/21 15:50:50.0485 5768 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/21 15:50:51.0096 5768 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/02/21 15:50:51.0771 5768 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/21 15:50:52.0439 5768 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/02/21 15:50:53.0137 5768 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
2011/02/21 15:50:53.0626 5768 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/21 15:50:54.0337 5768 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/21 15:50:55.0053 5768 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/21 15:50:55.0813 5768 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/02/21 15:50:56.0067 5768 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
2011/02/21 15:50:56.0373 5768 ================================================================================
2011/02/21 15:50:56.0373 5768 Scan finished
2011/02/21 15:50:56.0373 5768 ================================================================================
2011/02/21 15:55:25.0913 5124 Deinitialize success
|
|
21.02.2011, 16:19
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe lastet meinen Speicher aus mach das mit dem SP2 bitte später!! Mach erst zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2011, 22:30
| #25 |
| | svchost.exe lastet meinen Speicher aus Hi, SP2 hab ich runtergeladen, aber noch nicht installiert. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5830
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
21.02.2011 19:42:34
mbam-log-2011-02-21 (19-42-34).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 406520
Laufzeit: 1 Stunde(n), 46 Minute(n), 35 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/21/2011 at 10:22 PM
Application Version : 4.49.1000
Core Rules Database Version : 6442
Trace Rules Database Version: 4254
Scan type : Complete Scan
Total Scan Time : 02:28:58
Memory items scanned : 795
Memory threats detected : 0
Registry items scanned : 8736
Registry threats detected : 0
File items scanned : 269191
File threats detected : 417
Adware.Tracking Cookie
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@atwola[1].txt
[ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
ds.serving-sys.com [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
media.scanscout.com [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
media01.kyte.tv [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
media1.break.com [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
objects.tremormedia.com [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
static. [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
track.webgains.com [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
[ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
----------------------------------------------
VON MIR EDITIERT
----------------------------------------------
D:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@zbox.zanox[2].txt
.apmebf.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.mediaplex.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.mediaplex.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
ad.yieldmanager.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
ad.yieldmanager.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.statcounter.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.adfarm1.adition.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.atdmt.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.atdmt.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.doubleclick.net [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.tradedoubler.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.tradedoubler.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.webmasterplan.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.traffictrack.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.traffictrack.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.tto2.traffictrack.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.zanox-affiliate.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.tracking.mindshare.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
tracking.mindshare.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.komtrack.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.komtrack.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
ipcounter.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.adfarm1.adition.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.partypoker.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.partypoker.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.atwola.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.webmasterplan.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
.webmasterplan.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
ad.yieldmanager.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
ad.yieldmanager.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
de.sitestat.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
Danke nochmal, mfG Timo Geändert von Timo7760 (21.02.2011 um 22:44 Uhr) |
|
22.02.2011, 08:46
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe lastet meinen Speicher aus Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2011, 17:10
| #27 |
| | svchost.exe lastet meinen Speicher aus SP2 ist jetzt drauf. Bis jetzt hab ich nichts besonderes gefunden, allerdings ist mein PC immer noch lahm- mein freier physikalischer Speicher beträgt nur 20 MB. |
|
22.02.2011, 19:25
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe lastet meinen Speicher aus Vista belegt den Speicher sehr stark, um andere Vorgänge zu beschleunigen. Beachte mal => http://www.trojaner-board.de/71631-p...samer-tun.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2011, 11:58
| #29 | |
| | svchost.exe lastet meinen Speicher aus Hi, hab die Liste einmal abgearbeitet, geändert hat sich aber noch nichts. Ein Schritt hat nämlich nicht funktioniert, das was man direkt nach Auschalten des Windows Defenders unter Dienste machen muss: Zitat:
Hier nochmal 3 Bilder aus meinem Taskmanager, markiert sind die Dienste, die zu dem größten svchost Prozess gehören (der mit 100.000k).  |
|
23.02.2011, 12:15
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe lastet meinen Speicher aus Vllt hillft das hier noch => Windows Vista - Optimierung der Speicherverwaltung Anwendung auf EIGENE GEFAHR!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu svchost.exe lastet meinen Speicher aus |
| antivir, bios, einstellungen, firewall, foren, forum, gelöscht, harddisk, lahm, laptop, load.exe, problem, programme, prozess, scan, service pack 1, svchost, svchost.ece, svchost.exe, system, system32, taskmanager, tcp, temp, udp, virus, virus gefunden, vista, zurücksetzen |
Linear-Darstellung
