Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   svchost.exe lastet meinen Speicher aus (https://www.trojaner-board.de/95743-svchost-exe-lastet-meinen-speicher.html)

Timo7760 16.02.2011 14:23
svchost.exe lastet meinen Speicher aus
 
Hi,
Das ist mein erster Post im Forum, ich hoffe mal, dass ich nichts falsch mache.
Erstmal zum Problem: Ich habe beim Taskmanager elf mal den Prozess svchost.exe stehen, und der verbraucht jeweils bis zu 175.00k.
Da ist es irgendwie klar, das mein PC sehr lahm ist und beim physikalischem Speicher habe ich etwa 3000 MB gesamt (eigendlich laut Hersteller 4GB?), davon 2000 MB im Catche und frei meist nur 3 oder 4.

Naja, ich habe mich jetzt in den letzten Wochen schon sehr oft damit rumgeärgert und viel recherchiert, aber bisher habe ich nicht herausgefunden, woran es liegen kann. Die automatischen Windows-Updates habe ich deaktiviert und meinen PC sogar 3x in den Lieferzustand zurückgesetzt. In den Foren, auf die ich gestoßen bin, war das so ziemlich immer das Problem.
Ich habe bisher mit CCleaner, AntiVir, Spybot und Tuneup mein System durchsucht, aber keines der Programme hat einen Virus gefunden, bei Tuneup bin ich so ziemlich allen Empfehlungen nachgegangen.

Ich habe vorhin ein Hijack-Log erstellt, da ich erst später gelesen habe, dass ihr hier professionellere Programme bevorzugt. Posten will ich es daher auch nicht, aber dabei kam eine Meldung, die auf den Dateipfad hinweist, in dem sich die svchost.exe normalerweise befinden sollte. Daher mal ein Screen, für die Leute, die mit mehr technischem Verständnis gesegnet sind als ich:
http://s13.directupload.net/images/110216/2eol95xd.jpg
Habs danach als Admin gemacht, ging dann, aber es kam mir komisch vor, dass gerade dieser Dateipfad noch mehr Ärger verbreitet.

Hier der Scan mit Load.exe:

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit quick scan 2011-02-16 14:11:18
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
Running: g2m3e4r.exe; Driver: C:\Users\Timo\AppData\Local\Temp\kgtdipog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x805C898E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x805C8928]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x805C893C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x805C89CC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x805C8A0F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x805C8900]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x805C8914]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x805C89A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x805C8A37]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x805C8A23]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x805C897A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x805C8966]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x805C89FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x805C89E2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x805C89B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x805C8952]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Habe die Standarteinstellungen übernommen und nur Partition C durchsucht.

Dass ich zurzeit noch McAfee und kein Antivir drauf habe und den IE nicht gelöscht habe, liegt daran, dass ich noch nicht wieder alles drauf habe, was ich seit dem letzten Zurücksetzen auf Werkseinstellung losgeworden bin. Vista neu aufspielen würde ich nur ungerne machen, da ich die CD selber nicht habe (vorinstalliert). Wenn das eurer Meinung nach die beste Möglichkeit wäre, müsste ich mal sehen, wo ich eine herbekomme.


Ich habe auch gelesen, dass das an meinen BIOs Einstellungen liegen kann. Habe aber einen Laptop und traue mich nicht so recht, die CMS Batterie da rauszudoktern. Ein Freund von mir meinte, man könnte die einfach zurücksetzen, indem man beim Start F2 drückt und in dem Menü dann die Standarteinstellungen wählt. Jemand anderes hat mir aber gesagt, dass der Bios-Reset eine haarsträubende Angelegenheit wäre und er nur wenige kennt, die das richtig hinkriegen.

So, das wars erstmal von meinem bisherigen Feldzug gegen die Tücken der Technik. Wäre wirklich dankbar, wenn mir jemand helfen könnte, den wieder ans laufen zu kriegen. Wenn ihr mir andere Programme empfehlen wollt, nur her damit, wenn ich beim PC irgendwoanders was nachgucken kann, auch gut.

Hoffe auf Hilfe und Danke im Vorraus

lg
Timo

cosinus 16.02.2011 20:29
Bitte beachten =>http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

Timo7760 16.02.2011 21:56
Hi,
Hm, ich habe weder ein Hijack Logfile gepostet, noch wissentlich gegen eine Regel verstoßen.
Wäre nett, wenn jemand mich aufklären könnte, was genau ich verbrochen habe.
lg
Timo

cosinus 16.02.2011 22:06
Einfach mal komplett durchlesen, dann weißt du was zu tun ist :kloppen:

Timo7760 16.02.2011 22:44
Hm, das mit dem Hijack-Hinweis habe ich befolgt.
Die goldenen Regeln habe ich nach bestem Wissen angewand, mit Load.exe habe ich einen Scan gemacht und mein Vorname der in dem Scan vorkommt wird wohl nicht groß meine Anonymität beeinflussen.
Sofern möglich, berufe ich mich mal auf die Goldene Regel §6 :kloppen: und frage höflich nach, was ich nicht verstanden habe:

Cosinus, könntest du mir bitte mitteilen, was ich falsch gemacht habe?

lg
Timo

cosinus 16.02.2011 23:37
Och Mensch, lies es doch bitte VOLLSTÄNDIG!! :(

Timo7760 17.02.2011 15:33
Soll ich den Scan nochmal mit Malwarebytes machen?
Könnte sich bitte bitte jemand erbarmen und mir mitteilen, was ich falsch gemacht habe?

cosinus 17.02.2011 16:18
Hast du schon mal gehört, dass man bei vielen Websites RUNTERSCOLLEN muss?! :balla:

Wenn du das mal auf unsere Seite für die Anelotung machst was siehst du da?!

Da ist ein Abschnitt http://saved.im/mtyzmjm5bnvw/2.png

Kann doch echt nicht zuviel verlangt sein :stirn:

Timo7760 17.02.2011 17:28
Oh, danke, ich dachte Load.exe wäre ein eigenständiges Programm und das eine Alternative zu Malwarebytes, sodass ich dieses nicht brauche.

Hochladen lassen sich von den 5 Dateien nur 2:

Anhang 13703
Anhang 13704

Die anderen 3 also hier, einen Spoiler BB-Code hab ich nicht gefunden:


Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:47 on 17/02/2011 (Timo)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit quick scan 2011-02-17 16:49:25
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
Running: g2m3e4r.exe; Driver: C:\Users\Timo\AppData\Local\Temp\kgtdipog.sys

---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateFile [0x805C898E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateProcess [0x805C8928]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateProcessEx [0x805C893C]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwMapViewOfSection [0x805C89CC]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwNotifyChangeKey [0x805C8A0F]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenProcess [0x805C8900]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenThread [0x805C8914]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwProtectVirtualMemory [0x805C89A2]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwReplaceKey [0x805C8A37]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwRestoreKey [0x805C8A23]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetContextThread [0x805C897A]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetInformationProcess [0x805C8966]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwTerminateProcess [0x805C89FB]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwUnmapViewOfSection [0x805C89E2]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwYieldExecution [0x805C89B8]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateUserProcess [0x805C8952]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtCreateFile
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtMapViewOfSection
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtOpenProcess
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtOpenThread
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                        mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Ip                                                                        Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                      Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                      Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                    Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
OTL logfile created on: 17.02.2011 16:50:28 - Run 1
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Users\Timo\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 78,60 Gb Free Space | 70,53% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 105,10 Gb Free Space | 45,13% Space Free | Partition Type: NTFS
Drive E: | 107,90 Gb Total Space | 107,81 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.02.16 14:06:35 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Timo\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.02.16 13:54:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\MFTools\OTL.exe
PRC - [2011.02.14 14:30:35 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe
PRC - [2011.02.13 20:48:23 | 003,520,512 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2011.02.13 20:48:15 | 003,602,432 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe
PRC - [2011.02.13 20:48:07 | 003,676,160 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2011.02.13 20:23:59 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2011.01.30 16:45:14 | 001,306,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2009.12.08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008.12.02 21:58:08 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.07.24 15:54:18 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.07.24 15:54:10 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.07.20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.07.20 10:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.07.18 16:04:36 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.06.04 13:03:36 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2008.06.02 09:26:08 | 000,376,832 | ---- | M] (acer) -- C:\Programme\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.05.30 11:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.05.14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.14 16:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.05.07 09:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.25 20:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008.04.25 20:36:20 | 000,028,672 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008.04.25 20:36:02 | 000,131,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008.04.23 11:22:38 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.03.25 15:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe
PRC - [2008.03.20 07:03:48 | 002,376,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008.03.05 11:56:30 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe
PRC - [2008.03.03 12:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.08.24 03:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSK\msksrver.exe
PRC - [2007.08.15 11:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007.08.04 02:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2007.08.03 21:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2007.07.25 00:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe
PRC - [2007.07.24 11:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe
PRC - [2007.07.18 14:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
PRC - [2007.03.27 12:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Acer VCM\acp2HID.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.02.16 13:54:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\MFTools\OTL.exe
MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2010.05.04 19:39:54 | 000,248,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009.12.08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\sahook.dll
MOD - [2008.05.14 16:05:12 | 000,240,176 | ---- | M] (Egis Incorporated.) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
MOD - [2008.05.14 16:05:06 | 000,121,392 | ---- | M] (Egis Inc.) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
MOD - [2008.01.21 03:25:29 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.21 03:25:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2008.01.21 03:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008.01.21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2008.01.21 03:24:37 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2008.01.21 03:23:54 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2008.01.21 03:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.02.13 20:48:15 | 003,602,432 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2011.02.13 20:23:59 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2011.02.13 20:16:29 | 000,110,576 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2009.12.08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008.07.20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.05.14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.04.25 20:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008.04.25 20:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008.03.20 07:03:48 | 002,376,992 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.03.03 12:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.08.24 03:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007.08.15 11:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.08.04 02:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.07.25 01:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007.07.25 00:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007.07.24 11:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007.07.18 14:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.02.13 20:48:11 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.07.18 17:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.18 16:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.06.25 06:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.05.19 17:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.05.14 16:05:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008.05.14 16:05:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008.05.14 16:05:42 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008.05.07 12:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.05 02:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.28 12:56:16 | 000,050,576 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008.04.25 03:08:42 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.03.26 09:59:12 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008.03.25 23:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008.03.25 23:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008.03.25 23:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008.01.30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008.01.30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.10.18 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.24 11:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007.07.24 06:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007.07.21 08:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.07.21 08:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007.07.21 08:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007.07.13 08:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007.03.28 06:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.11.02 14:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.02.14 20:31:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.13 21:21:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.16 16:07:05 | 000,000,000 | ---D | M]
 
[2011.02.13 21:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions
[2011.02.16 21:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\q7zjq99g.default\extensions
[2011.02.16 14:08:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\q7zjq99g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.14 14:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.02.14 20:31:42 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2008.03.15 14:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 19:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 15:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 16:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 12:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.10.18 17:00:19 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.17 16:35:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.17 16:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.02.17 16:34:44 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.02.16 16:06:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2011.02.16 16:06:33 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2011.02.16 16:06:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.02.16 13:59:21 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Malwarebytes
[2011.02.16 13:59:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.16 13:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.16 13:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.16 13:59:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.16 13:59:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.16 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\MFTools
[2011.02.15 16:56:36 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2011.02.14 16:31:32 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Adobe
[2011.02.14 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\skypePM
[2011.02.14 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Adobe
[2011.02.14 14:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QIP 2005
[2011.02.14 14:48:46 | 000,000,000 | ---D | C] -- C:\Programme\QIP
[2011.02.14 14:30:39 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\ICQ
[2011.02.14 14:30:38 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\AOL
[2011.02.14 14:30:30 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2011.02.14 14:29:52 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Skype
[2011.02.14 14:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.02.14 14:29:16 | 000,000,000 | ---D | C] -- C:\Programme\Skype
[2011.02.14 14:29:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.02.14 14:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.02.13 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Mozilla
[2011.02.13 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Mozilla
[2011.02.13 21:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011.02.13 21:20:59 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.02.13 21:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Desktop
[2011.02.13 21:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.02.13 21:05:08 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Macromedia
[2011.02.13 21:05:06 | 000,000,000 | ---D | C] -- C:\Programme\Acer Incorporated
[2011.02.13 21:05:03 | 000,000,000 | ---D | C] -- C:\Windows\ACER
[2011.02.13 21:04:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Acer
[2011.02.13 21:04:14 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
[2011.02.13 20:51:56 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\PowerCinema
[2011.02.13 20:51:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe
[2011.02.13 20:49:32 | 000,000,000 | ---D | C] -- C:\Programme\Acer Arcade Deluxe
[2011.02.13 20:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011.02.13 20:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011.02.13 20:48:35 | 000,114,688 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll
[2011.02.13 20:48:24 | 000,023,040 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe
[2011.02.13 20:48:11 | 000,042,608 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys
[2011.02.13 20:48:11 | 000,024,048 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\AlfaFF.dll
[2011.02.13 20:48:10 | 000,338,416 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll
[2011.02.13 20:48:06 | 001,468,928 | ---- | C] (UPEK, Inc.) -- C:\Windows\System32\bsapi.dll
[2011.02.13 20:47:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SPBA
[2011.02.13 20:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\UIB
[2011.02.13 20:47:08 | 000,000,000 | ---D | C] -- C:\CLSetup
[2011.02.13 20:37:55 | 000,061,440 | ---- | C] (Acer Inc.) -- C:\Windows\System32\MCEPlugin.dll
[2011.02.13 20:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista
[2011.02.13 20:33:59 | 000,000,000 | ---D | C] -- C:\Programme\Acer Inc
[2011.02.13 20:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2011.02.13 20:32:50 | 000,000,000 | ---D | C] -- C:\Programme\Launch Manager
[2011.02.13 20:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011.02.13 20:28:27 | 000,262,144 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE
[2011.02.13 20:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye
[2011.02.13 20:28:11 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\InstallShield
[2011.02.13 20:26:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX
[2011.02.13 20:26:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR
[2011.02.13 20:26:21 | 000,000,000 | ---D | C] -- C:\Programme\WIDCOMM
[2011.02.13 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Timo\Documents\Eigene Google Gadgets
[2011.02.13 20:20:54 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Google
[2011.02.13 20:20:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.02.13 20:20:28 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.02.13 20:20:28 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.02.13 20:20:27 | 000,000,000 | R--D | C] -- C:\Users\Timo\Searches
[2011.02.13 20:20:20 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Identities
[2011.02.13 20:20:18 | 000,000,000 | R--D | C] -- C:\Users\Timo\Contacts
[2011.02.13 20:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.02.13 20:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2011.02.13 20:15:46 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2011.02.13 20:15:14 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\VirtualStore
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Vorlagen
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\AppData\Local\Verlauf
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\AppData\Local\Temporary Internet Files
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Startmenü
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\SendTo
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Recent
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Netzwerkumgebung
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Lokale Einstellungen
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Documents\Eigene Videos
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Documents\Eigene Musik
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Eigene Dateien
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Documents\Eigene Bilder
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Druckumgebung
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Cookies
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\AppData\Local\Anwendungsdaten
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Anwendungsdaten
[2011.02.13 20:14:47 | 000,000,000 | --SD | C] -- C:\Users\Timo\AppData\Roaming\Microsoft
[2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\Documents
[2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\Desktop
[2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.02.13 20:14:47 | 000,000,000 | -H-D | C] -- C:\Users\Timo\AppData
[2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Temp
[2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Microsoft
[2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Media Center Programs
[2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Acer GameZone Console
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Videos
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Saved Games
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Pictures
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Music
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Links
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Favorites
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Downloads
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.02.13 19:04:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2008.07.22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.17 16:47:03 | 000,000,000 | ---- | M] () -- C:\Users\Timo\defogger_reenable
[2011.02.17 16:36:22 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.17 16:34:45 | 000,000,737 | ---- | M] () -- C:\Users\Timo\Desktop\NTREGOPT.lnk
[2011.02.17 16:34:45 | 000,000,718 | ---- | M] () -- C:\Users\Timo\Desktop\ERUNT.lnk
[2011.02.17 15:17:52 | 000,011,877 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011.02.17 15:17:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.16 22:06:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.16 22:06:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.16 16:07:05 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.02.16 14:11:02 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.16 14:11:02 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.16 14:11:02 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.16 14:11:02 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.16 14:06:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.02.16 14:05:37 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.16 13:58:42 | 000,010,837 | ---- | M] () -- C:\Users\Timo\Desktop\Microsoft Office Word-Dokument (neu).docx
[2011.02.16 13:55:49 | 000,029,920 | ---- | M] () -- C:\Users\Timo\Desktop\fehler.jpg
[2011.02.16 13:54:50 | 000,296,448 | ---- | M] () -- C:\Users\Timo\Desktop\g2m3e4r.exe
[2011.02.16 13:54:41 | 000,050,477 | ---- | M] () -- C:\Users\Timo\Desktop\defogger.exe
[2011.02.16 13:51:16 | 000,503,478 | ---- | M] () -- C:\Users\Timo\Desktop\fehler.bmp
[2011.02.15 22:53:08 | 000,008,079 | ---- | M] () -- C:\Users\Timo\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
[2011.02.15 19:31:35 | 000,298,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.14 16:31:05 | 000,003,584 | ---- | M] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.14 16:17:23 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011.02.14 14:48:48 | 000,000,694 | ---- | M] () -- C:\Users\Timo\Desktop\QIP 2005.lnk
[2011.02.14 14:29:19 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.02.13 21:21:14 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011.02.13 21:21:04 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.02.13 21:19:47 | 000,000,104 | ---- | M] () -- C:\Users\Timo\Desktop\Computer - Verknüpfung.lnk
[2011.02.13 21:04:39 | 000,000,627 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2011.02.13 20:53:06 | 000,000,680 | ---- | M] () -- C:\Users\Timo\AppData\Local\d3d9caps.dat
[2011.02.13 20:48:36 | 000,118,784 | ---- | M] () -- C:\Windows\System32\VMC3KAPI.dll
[2011.02.13 20:48:35 | 000,114,688 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll
[2011.02.13 20:48:24 | 000,023,040 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe
[2011.02.13 20:48:11 | 000,042,608 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys
[2011.02.13 20:48:11 | 000,024,048 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\AlfaFF.dll
[2011.02.13 20:48:10 | 000,338,416 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll
[2011.02.13 20:48:06 | 001,468,928 | ---- | M] (UPEK, Inc.) -- C:\Windows\System32\bsapi.dll
[2011.02.13 20:47:08 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2011.02.13 20:34:01 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI
[2011.02.13 20:32:52 | 000,000,083 | ---- | M] () -- C:\Windows\QtZgAcer.UNI
[2011.02.13 20:26:26 | 000,000,807 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
[2011.02.13 20:10:20 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
 
========== Files Created - No Company Name ==========
 
[2011.02.17 16:47:03 | 000,000,000 | ---- | C] () -- C:\Users\Timo\defogger_reenable
[2011.02.17 16:34:45 | 000,000,737 | ---- | C] () -- C:\Users\Timo\Desktop\NTREGOPT.lnk
[2011.02.17 16:34:45 | 000,000,718 | ---- | C] () -- C:\Users\Timo\Desktop\ERUNT.lnk
[2011.02.16 16:07:05 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.02.16 16:07:05 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.02.16 13:59:11 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.16 13:58:23 | 000,010,837 | ---- | C] () -- C:\Users\Timo\Desktop\Microsoft Office Word-Dokument (neu).docx
[2011.02.16 13:55:49 | 000,029,920 | ---- | C] () -- C:\Users\Timo\Desktop\fehler.jpg
[2011.02.16 13:54:43 | 000,296,448 | ---- | C] () -- C:\Users\Timo\Desktop\g2m3e4r.exe
[2011.02.16 13:54:40 | 000,050,477 | ---- | C] () -- C:\Users\Timo\Desktop\defogger.exe
[2011.02.16 13:33:26 | 000,503,478 | ---- | C] () -- C:\Users\Timo\Desktop\fehler.bmp
[2011.02.15 22:53:08 | 000,008,079 | ---- | C] () -- C:\Users\Timo\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
[2011.02.14 16:31:05 | 000,003,584 | ---- | C] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.14 16:17:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.14 14:48:48 | 000,000,694 | ---- | C] () -- C:\Users\Timo\Desktop\QIP 2005.lnk
[2011.02.14 14:41:56 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011.02.14 14:29:19 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.02.13 21:21:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.13 21:21:04 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.02.13 21:19:47 | 000,000,104 | ---- | C] () -- C:\Users\Timo\Desktop\Computer - Verknüpfung.lnk
[2011.02.13 21:05:08 | 036,909,056 | ---- | C] () -- C:\Windows\System32\acer.scr
[2011.02.13 21:04:39 | 000,000,627 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2011.02.13 20:49:29 | 000,006,048 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2011.02.13 20:48:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2011.02.13 20:47:08 | 000,000,020 | ---- | C] () -- C:\Medion.ini
[2011.02.13 20:36:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.02.13 20:34:01 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI
[2011.02.13 20:32:52 | 000,000,083 | ---- | C] () -- C:\Windows\QtZgAcer.UNI
[2011.02.13 20:28:27 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011.02.13 20:28:27 | 000,222,382 | ---- | C] () -- C:\Windows\Acer Crystal Eye webcam.ico
[2011.02.13 20:28:27 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.02.13 20:28:27 | 000,004,838 | ---- | C] () -- C:\Windows\Suyin.reg
[2011.02.13 20:28:27 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2011.02.13 20:26:26 | 000,000,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
[2011.02.13 20:20:30 | 000,000,953 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.02.13 20:20:26 | 000,000,948 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.02.13 20:20:18 | 000,000,919 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.02.13 20:14:58 | 000,000,680 | ---- | C] () -- C:\Users\Timo\AppData\Local\d3d9caps.dat
[2011.02.13 20:09:23 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2008.07.30 11:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.07.30 02:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.07.30 02:42:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.07.30 02:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2011.02.13 21:04:47 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Acer
[2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Acer GameZone Console
[2011.02.16 13:28:05 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ICQ
[2008.07.30 02:50:51 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2008.07.30 02:50:51 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011.02.16 14:04:29 | 000,011,052 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.02.13 20:20:44 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.02.13 21:13:02 | 000,000,000 | ---D | M] -- C:\ACER
[2008.07.30 03:41:04 | 000,000,000 | ---D | M] -- C:\book
[2008.07.30 11:23:10 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.02.13 20:47:08 | 000,000,000 | ---D | M] -- C:\CLSetup
[2011.02.16 16:07:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.02.13 20:11:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.07.30 02:15:59 | 000,000,000 | ---D | M] -- C:\Intel
[2008.07.30 03:16:19 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.02.17 16:34:44 | 000,000,000 | R--D | M] -- C:\Programme
[2011.02.16 13:59:10 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.02.13 20:11:58 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.17 16:51:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.02.13 20:14:25 | 000,000,000 | R--D | M] -- C:\Users
[2011.02.17 16:35:27 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-17 14:20:12

< End of report >

Puh, ich hoffe jetzt stimmt alles. Danke nochmal, dass du mir weitergeholfen hast, wäre super wenn irgendjemand was mit dem obigen anfangen könnte, ich würde es ja in den ersten Post editen, aber das geht hier ja scheinbar nur eine Stunde.

cosinus 17.02.2011 19:29
Wo ist denn das Log von Malwarebytes?

Timo7760 17.02.2011 22:07
Da hat der nix gefunden, außer mein veraltetes SP1 verursacht das ganze- unwahrscheinlich, weil ich vorher alles geupdatet hatte und svchost trotzdem zugeschlagen hat.
Irgenwo in dem Scan muss etwas versteckt sein, was durch eine Rücksetzung in Werkszustand nicht behoben werden kann.

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5784

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

17.02.2011 16:45:31
mbam-log-2011-02-17 (16-45-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 139898
Laufzeit: 5 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 17.02.2011 23:23
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Timo7760 19.02.2011 07:34
Hi,
Es sieht so aus, als ob Malwarebytes so einiges gefunden hat: Anhang 13752

Jetzt die Frage: Ich weiß zwar, wo die Trojaner stecken, aber wenn ich sie mit meinen anderen Programmen nicht finde, wie werde ich sie dann los?
lg
Timo

cosinus 19.02.2011 23:08
Zitat:
Datenbank Version: 5784
hast du Malwarebytes vorher aktualisiert? Ich hab extra nochmal drauf hingewiesen...
Und entfern bitte auch alle Funde.

Timo7760 20.02.2011 14:46
Hi,
Hab die entfernt und nochmal durchlaufen lassen:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5817

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

20.02.2011 14:33:36
mbam-log-2011-02-20 (14-33-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 409639
Laufzeit: 3 Stunde(n), 48 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
An dem svchost-Problem hat sich aber leuider nichts geändert, ich glaub auch nicht, dass der Virus wirklich weg ist.

cosinus 20.02.2011 18:20
Dann poste bitte nach der Entfernung jetzt frische OTL-Logs:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Timo7760 20.02.2011 19:10
Hi,
Danke nochmal, hab OTL nochmal durchlaufen lassen:
Code:
OTL Extras logfile created on: 20.02.2011 18:53:02 - Run 2
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Users\Timo\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 75,20 Gb Free Space | 67,48% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 105,10 Gb Free Space | 45,13% Space Free | Partition Type: NTFS
Drive E: | 107,90 Gb Total Space | 107,81 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC861C4-2DE7-438B-8139-E55D0A9973E6}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{0F5B51A3-AA75-48DA-97BC-D93221495D1A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{151993F2-D413-4048-96BF-0FB33DB96FC0}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{15451ADB-CF75-46DA-AB59-CC7BAB6CC75D}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3673E242-38DB-415C-81CD-F767E62534FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5CFB6649-7C2A-4B43-A099-4D04B764E4BE}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8717AF46-97FC-465B-9558-1FBF757D97AA}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9FC17329-1503-4DC0-A571-2D69A8E1D5C5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{D249C927-F055-46B1-8AD0-46F9409A8C91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9277855-0A29-4403-87C3-88B0F208C0D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection

AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineCodex" = OnlineCodex
"QIP 2005" = QIP 2005 8092
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2011 15:11:20 | Computer Name = Timo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.02.2011 15:28:13 | Computer Name = Timo-PC | Source = VSS | ID = 8194
Description =
 
Error - 13.02.2011 15:34:29 | Computer Name = Timo-PC | Source = VSS | ID = 8194
Description =
 
Error - 13.02.2011 15:36:07 | Computer Name = Timo-PC | Source = VSS | ID = 8194
Description =
 
Error - 13.02.2011 15:37:27 | Computer Name = Timo-PC | Source = VSS | ID = 8194
Description =
 
Error - 13.02.2011 15:49:19 | Computer Name = Timo-PC | Source = VSS | ID = 8194
Description =
 
[ System Events ]
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 13.02.2011 15:14:47 | Computer Name = Timo-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 13.02.2011 16:04:17 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 13.02.2011 16:08:41 | Computer Name = Timo-PC | Source = HTTP | ID = 15016
Description =
 
Error - 14.02.2011 09:18:13 | Computer Name = Timo-PC | Source = HTTP | ID = 15016
Description =
 
Error - 14.02.2011 10:56:33 | Computer Name = Timo-PC | Source = HTTP | ID = 15016
Description =
 
 
< End of report >
Code:
OTL logfile created on: 20.02.2011 18:53:02 - Run 2
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Users\Timo\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 75,20 Gb Free Space | 67,48% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 105,10 Gb Free Space | 45,13% Space Free | Partition Type: NTFS
Drive E: | 107,90 Gb Total Space | 107,81 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Timo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Timo\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe ()
PRC - C:\Programme\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (acer)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Timo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (McAfee SiteAdvisor Service) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.02.14 20:31:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.17 19:38:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.19 21:26:31 | 000,000,000 | ---D | M]
 
[2011.02.13 21:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions
[2011.02.20 15:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\q7zjq99g.default\extensions
[2011.02.16 14:08:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\q7zjq99g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.19 21:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.02.19 21:26:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.19 21:26:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.19 21:26:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.02.17 19:38:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.02.17 19:38:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.02.17 19:38:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.02.17 19:38:35 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.02.17 19:38:35 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.10.18 17:00:19 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.20 18:51:10 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2011.02.19 21:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.02.19 21:26:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.02.19 21:26:31 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.02.19 21:26:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.02.19 21:26:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.02.19 21:26:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.02.19 21:26:06 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.02.17 17:18:32 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\Neuer Ordner
[2011.02.17 16:35:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.17 16:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.02.17 16:34:44 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.02.17 15:17:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.02.17 15:17:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.02.17 15:17:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.02.16 16:06:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2011.02.16 16:06:33 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2011.02.16 13:59:21 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Malwarebytes
[2011.02.16 13:59:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.16 13:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.16 13:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.16 13:59:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.16 13:59:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.16 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\MFTools
[2011.02.16 13:52:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011.02.15 17:27:01 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011.02.15 17:03:42 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011.02.15 17:03:41 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011.02.15 17:03:40 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011.02.15 17:03:40 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011.02.15 17:03:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011.02.15 17:03:38 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011.02.15 16:58:55 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011.02.15 16:58:50 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011.02.15 16:57:23 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011.02.15 16:57:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011.02.15 16:56:36 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2011.02.14 16:31:32 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Adobe
[2011.02.14 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\skypePM
[2011.02.14 15:19:20 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.02.14 15:19:16 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.14 15:19:16 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.14 15:19:14 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.02.14 15:19:13 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.14 15:19:11 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.14 15:19:11 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.02.14 15:19:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.14 15:19:11 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.14 15:19:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.02.14 15:19:08 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.14 15:19:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.14 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Adobe
[2011.02.14 14:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QIP 2005
[2011.02.14 14:48:46 | 000,000,000 | ---D | C] -- C:\Programme\QIP
[2011.02.14 14:46:14 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011.02.14 14:46:11 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011.02.14 14:45:58 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011.02.14 14:45:07 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.02.14 14:45:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.02.14 14:45:04 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011.02.14 14:45:04 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011.02.14 14:45:04 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011.02.14 14:45:04 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011.02.14 14:45:03 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011.02.14 14:43:51 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011.02.14 14:43:50 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011.02.14 14:43:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.02.14 14:43:46 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.02.14 14:43:45 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.02.14 14:43:38 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011.02.14 14:43:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011.02.14 14:43:22 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011.02.14 14:42:01 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2011.02.14 14:42:01 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2011.02.14 14:41:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011.02.14 14:41:46 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011.02.14 14:41:45 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011.02.14 14:41:20 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011.02.14 14:40:49 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011.02.14 14:40:38 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011.02.14 14:40:36 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011.02.14 14:40:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011.02.14 14:40:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011.02.14 14:40:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011.02.14 14:40:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011.02.14 14:39:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2011.02.14 14:38:21 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011.02.14 14:37:55 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.02.14 14:36:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011.02.14 14:36:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011.02.14 14:36:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011.02.14 14:36:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011.02.14 14:36:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011.02.14 14:36:11 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.02.14 14:35:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.02.14 14:34:33 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.14 14:34:32 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.14 14:34:30 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.02.14 14:34:26 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011.02.14 14:34:24 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011.02.14 14:34:23 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.14 14:34:13 | 002,038,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.14 14:34:11 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011.02.14 14:34:09 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011.02.14 14:34:09 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011.02.14 14:34:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.14 14:34:02 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.02.14 14:33:55 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.14 14:33:47 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.02.14 14:33:44 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011.02.14 14:33:41 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011.02.14 14:33:36 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011.02.14 14:33:35 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011.02.14 14:33:35 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011.02.14 14:33:33 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011.02.14 14:33:27 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011.02.14 14:33:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.02.14 14:33:23 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011.02.14 14:33:17 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011.02.14 14:33:15 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011.02.14 14:33:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011.02.14 14:30:39 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\ICQ
[2011.02.14 14:30:38 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\AOL
[2011.02.14 14:30:30 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2011.02.14 14:29:52 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Skype
[2011.02.14 14:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.02.14 14:29:16 | 000,000,000 | ---D | C] -- C:\Programme\Skype
[2011.02.14 14:29:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.02.14 14:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.02.14 14:27:23 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.14 14:27:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011.02.14 14:27:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.14 14:27:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011.02.14 14:26:25 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.02.14 14:26:25 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.02.14 14:26:23 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011.02.14 14:26:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011.02.14 14:23:40 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011.02.14 14:23:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.14 14:23:12 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011.02.14 14:22:39 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011.02.14 14:22:38 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011.02.13 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Mozilla
[2011.02.13 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Mozilla
[2011.02.13 21:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011.02.13 21:20:59 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.02.13 21:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Desktop
[2011.02.13 21:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.02.13 21:05:09 | 014,033,923 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System32\acer.exe
[2011.02.13 21:05:08 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Macromedia
[2011.02.13 21:05:06 | 000,000,000 | ---D | C] -- C:\Programme\Acer Incorporated
[2011.02.13 21:05:03 | 000,000,000 | ---D | C] -- C:\Windows\ACER
[2011.02.13 21:04:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Acer
[2011.02.13 21:04:14 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
[2011.02.13 20:54:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2011.02.13 20:51:56 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\PowerCinema
[2011.02.13 20:51:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe
[2011.02.13 20:49:32 | 000,000,000 | ---D | C] -- C:\Programme\Acer Arcade Deluxe
[2011.02.13 20:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011.02.13 20:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011.02.13 20:48:35 | 000,114,688 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll
[2011.02.13 20:48:24 | 000,023,040 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe
[2011.02.13 20:48:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biologon.dll
[2011.02.13 20:48:11 | 000,042,608 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys
[2011.02.13 20:48:11 | 000,024,048 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\AlfaFF.dll
[2011.02.13 20:48:10 | 000,338,416 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll
[2011.02.13 20:48:06 | 001,468,928 | ---- | C] (UPEK, Inc.) -- C:\Windows\System32\bsapi.dll
[2011.02.13 20:47:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SPBA
[2011.02.13 20:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\UIB
[2011.02.13 20:47:08 | 000,000,000 | ---D | C] -- C:\CLSetup
[2011.02.13 20:37:55 | 000,061,440 | ---- | C] (Acer Inc.) -- C:\Windows\System32\MCEPlugin.dll
[2011.02.13 20:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista
[2011.02.13 20:33:59 | 000,000,000 | ---D | C] -- C:\Programme\Acer Inc
[2011.02.13 20:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2011.02.13 20:32:50 | 000,000,000 | ---D | C] -- C:\Programme\Launch Manager
[2011.02.13 20:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011.02.13 20:28:27 | 000,262,144 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE
[2011.02.13 20:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye
[2011.02.13 20:28:11 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\InstallShield
[2011.02.13 20:26:30 | 000,233,472 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\BtwRSupport.dll
[2011.02.13 20:26:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX
[2011.02.13 20:26:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR
[2011.02.13 20:26:21 | 000,000,000 | ---D | C] -- C:\Programme\WIDCOMM
[2011.02.13 20:24:20 | 001,079,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2011.02.13 20:24:20 | 000,768,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2011.02.13 20:24:20 | 000,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2011.02.13 20:24:20 | 000,313,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2011.02.13 20:21:21 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2011.02.13 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Timo\Documents\Eigene Google Gadgets
[2011.02.13 20:20:54 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Google
[2011.02.13 20:20:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.02.13 20:20:28 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.02.13 20:20:28 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.02.13 20:20:27 | 000,000,000 | R--D | C] -- C:\Users\Timo\Searches
[2011.02.13 20:20:20 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Identities
[2011.02.13 20:20:18 | 000,000,000 | R--D | C] -- C:\Users\Timo\Contacts
[2011.02.13 20:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.02.13 20:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2011.02.13 20:15:46 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2011.02.13 20:15:14 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\VirtualStore
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Vorlagen
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\AppData\Local\Verlauf
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\AppData\Local\Temporary Internet Files
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Startmenü
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\SendTo
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Recent
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Netzwerkumgebung
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Lokale Einstellungen
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Documents\Eigene Videos
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Documents\Eigene Musik
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Eigene Dateien
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Documents\Eigene Bilder
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Druckumgebung
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Cookies
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\AppData\Local\Anwendungsdaten
[2011.02.13 20:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timo\Anwendungsdaten
[2011.02.13 20:14:47 | 000,000,000 | --SD | C] -- C:\Users\Timo\AppData\Roaming\Microsoft
[2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\Documents
[2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\Desktop
[2011.02.13 20:14:47 | 000,000,000 | R--D | C] -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.02.13 20:14:47 | 000,000,000 | -H-D | C] -- C:\Users\Timo\AppData
[2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Temp
[2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Microsoft
[2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Media Center Programs
[2011.02.13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Acer GameZone Console
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Videos
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Saved Games
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Pictures
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Music
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Links
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Favorites
[2011.02.13 20:14:46 | 000,000,000 | R--D | C] -- C:\Users\Timo\Downloads
[2011.02.13 20:13:49 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011.02.13 20:13:49 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011.02.13 20:13:36 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011.02.13 20:13:36 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011.02.13 20:13:36 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011.02.13 20:13:31 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011.02.13 20:13:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.02.13 20:11:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.02.13 20:05:26 | 000,324,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2011.02.13 19:04:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2008.07.22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.20 18:51:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2011.02.20 18:50:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 18:50:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 18:47:20 | 000,012,883 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011.02.20 14:54:42 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.20 14:54:42 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.20 14:54:42 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.20 14:54:42 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.20 14:50:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.02.20 14:50:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.20 14:50:03 | 3213,774,848 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.19 21:26:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.02.19 21:26:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.02.19 21:26:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.02.19 21:26:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.02.19 17:07:58 | 000,512,028 | ---- | M] () -- C:\Users\Timo\Desktop\Minas_Sirion_-_Rulespack_V1.1.3.pdf
[2011.02.17 16:47:03 | 000,000,000 | ---- | M] () -- C:\Users\Timo\defogger_reenable
[2011.02.17 16:36:22 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.17 16:34:45 | 000,000,737 | ---- | M] () -- C:\Users\Timo\Desktop\NTREGOPT.lnk
[2011.02.17 16:34:45 | 000,000,718 | ---- | M] () -- C:\Users\Timo\Desktop\ERUNT.lnk
[2011.02.16 16:07:05 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.02.16 13:58:42 | 000,010,837 | ---- | M] () -- C:\Users\Timo\Desktop\Microsoft Office Word-Dokument (neu).docx
[2011.02.16 13:55:49 | 000,029,920 | ---- | M] () -- C:\Users\Timo\Desktop\fehler.jpg
[2011.02.16 13:54:50 | 000,296,448 | ---- | M] () -- C:\Users\Timo\Desktop\g2m3e4r.exe
[2011.02.16 13:54:41 | 000,050,477 | ---- | M] () -- C:\Users\Timo\Desktop\defogger.exe
[2011.02.16 13:51:16 | 000,503,478 | ---- | M] () -- C:\Users\Timo\Desktop\fehler.bmp
[2011.02.15 22:53:08 | 000,008,079 | ---- | M] () -- C:\Users\Timo\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
[2011.02.15 19:31:35 | 000,298,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.14 16:31:05 | 000,003,584 | ---- | M] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.14 16:17:23 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011.02.14 14:48:48 | 000,000,694 | ---- | M] () -- C:\Users\Timo\Desktop\QIP 2005.lnk
[2011.02.14 14:29:19 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.02.13 21:21:14 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011.02.13 21:21:04 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.02.13 21:19:47 | 000,000,104 | ---- | M] () -- C:\Users\Timo\Desktop\Computer - Verknüpfung.lnk
[2011.02.13 21:04:39 | 000,000,627 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2011.02.13 20:53:06 | 000,000,680 | ---- | M] () -- C:\Users\Timo\AppData\Local\d3d9caps.dat
[2011.02.13 20:48:36 | 000,118,784 | ---- | M] () -- C:\Windows\System32\VMC3KAPI.dll
[2011.02.13 20:48:35 | 000,114,688 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll
[2011.02.13 20:48:24 | 000,023,040 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe
[2011.02.13 20:48:23 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\biologon.dll
[2011.02.13 20:48:11 | 000,042,608 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys
[2011.02.13 20:48:11 | 000,024,048 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\AlfaFF.dll
[2011.02.13 20:48:10 | 000,338,416 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll
[2011.02.13 20:48:06 | 001,468,928 | ---- | M] (UPEK, Inc.) -- C:\Windows\System32\bsapi.dll
[2011.02.13 20:47:08 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2011.02.13 20:34:01 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI
[2011.02.13 20:32:52 | 000,000,083 | ---- | M] () -- C:\Windows\QtZgAcer.UNI
[2011.02.13 20:26:26 | 000,000,807 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
[2011.02.13 20:10:20 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
 
========== Files Created - No Company Name ==========
 
[2011.02.19 17:07:49 | 000,512,028 | ---- | C] () -- C:\Users\Timo\Desktop\Minas_Sirion_-_Rulespack_V1.1.3.pdf
[2011.02.17 16:47:03 | 000,000,000 | ---- | C] () -- C:\Users\Timo\defogger_reenable
[2011.02.17 16:34:45 | 000,000,737 | ---- | C] () -- C:\Users\Timo\Desktop\NTREGOPT.lnk
[2011.02.17 16:34:45 | 000,000,718 | ---- | C] () -- C:\Users\Timo\Desktop\ERUNT.lnk
[2011.02.16 16:07:05 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.02.16 16:07:05 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.02.16 13:59:11 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.16 13:58:23 | 000,010,837 | ---- | C] () -- C:\Users\Timo\Desktop\Microsoft Office Word-Dokument (neu).docx
[2011.02.16 13:55:49 | 000,029,920 | ---- | C] () -- C:\Users\Timo\Desktop\fehler.jpg
[2011.02.16 13:54:43 | 000,296,448 | ---- | C] () -- C:\Users\Timo\Desktop\g2m3e4r.exe
[2011.02.16 13:54:40 | 000,050,477 | ---- | C] () -- C:\Users\Timo\Desktop\defogger.exe
[2011.02.16 13:33:26 | 000,503,478 | ---- | C] () -- C:\Users\Timo\Desktop\fehler.bmp
[2011.02.15 22:53:08 | 000,008,079 | ---- | C] () -- C:\Users\Timo\Desktop\Microsoft Office Excel-Arbeitsblatt (neu).xlsx
[2011.02.14 16:31:05 | 000,003,584 | ---- | C] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.14 16:17:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.14 14:48:48 | 000,000,694 | ---- | C] () -- C:\Users\Timo\Desktop\QIP 2005.lnk
[2011.02.14 14:41:56 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011.02.14 14:29:19 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.02.13 21:21:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.13 21:21:04 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.02.13 21:19:47 | 000,000,104 | ---- | C] () -- C:\Users\Timo\Desktop\Computer - Verknüpfung.lnk
[2011.02.13 21:05:08 | 036,909,056 | ---- | C] () -- C:\Windows\System32\acer.scr
[2011.02.13 21:04:39 | 000,000,627 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2011.02.13 20:49:29 | 000,006,048 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2011.02.13 20:48:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2011.02.13 20:47:08 | 000,000,020 | ---- | C] () -- C:\Medion.ini
[2011.02.13 20:36:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.02.13 20:34:01 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI
[2011.02.13 20:32:52 | 000,000,083 | ---- | C] () -- C:\Windows\QtZgAcer.UNI
[2011.02.13 20:28:27 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011.02.13 20:28:27 | 000,222,382 | ---- | C] () -- C:\Windows\Acer Crystal Eye webcam.ico
[2011.02.13 20:28:27 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.02.13 20:28:27 | 000,004,838 | ---- | C] () -- C:\Windows\Suyin.reg
[2011.02.13 20:28:27 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2011.02.13 20:26:26 | 000,000,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
[2011.02.13 20:20:30 | 000,000,953 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.02.13 20:20:26 | 000,000,948 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.02.13 20:20:18 | 000,000,919 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.02.13 20:14:58 | 000,000,680 | ---- | C] () -- C:\Users\Timo\AppData\Local\d3d9caps.dat
[2011.02.13 20:09:23 | 3213,774,848 | -HS- | C] () -- C:\hiberfil.sys
[2008.07.30 11:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.07.30 02:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.07.30 02:42:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.07.30 02:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >

cosinus 20.02.2011 19:29
Recht unauffällig. Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Timo7760 20.02.2011 23:15
Hi,
Danke nochmal für deine Hilfe. Der CCleaner hat ein bisschen Müll entsorgt, aber sicher nichts wichtiges gefunden, denke mal, das das nur dazu diente, dass Cofi etwas schneller lief.
Hier die Logdatei:
Code:
ComboFix 11-02-20.01 - Timo 20.02.2011  22:49:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.3066.1522 [GMT 1:00]
ausgeführt von:: c:\users\Timo\Desktop\cofi.exe.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.

.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2011-01-20 bis 2011-02-20  ))))))))))))))))))))))))))))))
.

2011-02-20 21:59 . 2011-02-20 21:59        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-02-20 21:45 . 2011-02-20 21:45        --------        d-----w-        c:\program files\CCleaner
2011-02-20 21:42 . 2011-02-20 21:47        --------        d-----w-        C:\cofi.exe
2011-02-19 20:26 . 2011-02-19 20:26        --------        d-----w-        c:\program files\Common Files\Java
2011-02-19 20:26 . 2011-02-19 20:26        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-02-19 20:26 . 2011-02-19 20:26        --------        d-----w-        c:\program files\Java
2011-02-17 15:34 . 2011-02-17 15:34        --------        d-----w-        c:\program files\ERUNT
2011-02-17 14:17 . 2009-11-08 09:55        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2011-02-17 14:17 . 2009-11-08 09:55        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2011-02-17 14:17 . 2009-11-08 09:55        297808        ----a-w-        c:\windows\system32\mscoree.dll
2011-02-17 14:17 . 2009-11-08 09:55        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2011-02-17 14:17 . 2009-11-08 09:55        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2011-02-16 15:06 . 2011-02-16 15:06        --------        d-----w-        c:\program files\Common Files\Adobe
2011-02-16 12:59 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-16 12:59 . 2011-02-16 12:59        --------        d-----w-        c:\programdata\Malwarebytes
2011-02-16 12:59 . 2011-02-17 15:36        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-02-16 12:59 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-02-16 12:52 . 2010-09-06 16:24        125952        ----a-w-        c:\windows\system32\srvsvc.dll
2011-02-16 12:52 . 2010-09-06 14:13        303616        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-02-16 12:52 . 2010-09-06 14:12        145408        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-02-16 12:52 . 2010-09-06 14:12        101888        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-02-16 12:52 . 2010-09-06 16:23        17920        ----a-w-        c:\windows\system32\netevent.dll
2011-02-16 12:52 . 2009-08-24 12:16        378368        ----a-w-        c:\windows\system32\winhttp.dll
2011-02-16 12:48 . 2010-05-27 19:16        738816        ----a-w-        c:\windows\system32\inetcomm.dll
2011-02-15 17:38 . 2008-04-30 05:36        454656        ----a-w-        c:\program files\Common Files\System\msadc\msadce.dll
2011-02-15 16:27 . 2010-02-12 10:48        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2011-02-15 16:03 . 2008-06-20 01:14        97800        ----a-w-        c:\windows\system32\infocardapi.dll
2011-02-15 16:03 . 2008-06-20 01:14        105016        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-02-15 16:03 . 2008-06-20 01:14        37384        ----a-w-        c:\windows\system32\infocardcpl.cpl
2011-02-15 16:03 . 2008-06-20 01:14        11264        ----a-w-        c:\windows\system32\icardres.dll
2011-02-15 16:03 . 2008-06-20 01:14        622080        ----a-w-        c:\windows\system32\icardagt.exe
2011-02-15 16:03 . 2008-06-20 01:14        781344        ----a-w-        c:\windows\system32\PresentationNative_v0300.dll
2011-02-15 15:58 . 2008-07-27 18:03        158720        ----a-w-        c:\windows\system32\mscorier.dll
2011-02-15 15:58 . 2008-07-27 18:03        83968        ----a-w-        c:\windows\system32\mscories.dll
2011-02-15 15:57 . 2010-02-20 23:39        24064        ----a-w-        c:\windows\system32\nshhttp.dll
2011-02-15 15:57 . 2010-02-20 21:18        411136        ----a-w-        c:\windows\system32\drivers\http.sys
2011-02-15 15:57 . 2010-02-20 23:37        31232        ----a-w-        c:\windows\system32\httpapi.dll
2011-02-15 15:56 . 2011-02-15 15:56        --------        d-----w-        c:\program files\MSXML 4.0
2011-02-14 13:48 . 2011-02-14 13:48        --------        d-----w-        c:\program files\QIP
2011-02-14 13:46 . 2008-06-26 01:45        12240896        ----a-w-        c:\windows\system32\NlsLexicons0007.dll
2011-02-14 13:46 . 2008-06-26 01:45        2644480        ----a-w-        c:\windows\system32\NlsLexicons0009.dll
2011-02-14 13:43 . 2008-06-23 01:59        996352        ----a-w-        c:\windows\system32\WMNetMgr.dll
2011-02-14 13:42 . 2009-08-10 11:01        1399296        ----a-w-        c:\windows\system32\msxml6.dll
2011-02-14 13:42 . 2009-09-10 17:30        213504        ----a-w-        c:\windows\system32\msv1_0.dll
2011-02-14 13:42 . 2009-03-17 03:38        13824        ----a-w-        c:\windows\system32\apilogen.dll
2011-02-14 13:42 . 2009-03-17 03:38        24064        ----a-w-        c:\windows\system32\amxread.dll
2011-02-14 13:41 . 2009-07-11 19:32        293376        ----a-w-        c:\windows\system32\wlanmsm.dll
2011-02-14 13:41 . 2009-07-11 19:29        127488        ----a-w-        c:\windows\system32\L2SecHC.dll
2011-02-14 13:41 . 2009-07-11 19:32        302592        ----a-w-        c:\windows\system32\wlansec.dll
2011-02-14 13:41 . 2009-07-11 19:32        513024        ----a-w-        c:\windows\system32\wlansvc.dll
2011-02-14 13:41 . 2009-06-04 12:34        2066432        ----a-w-        c:\windows\system32\mstscax.dll
2011-02-14 13:41 . 2009-04-23 12:42        636928        ----a-w-        c:\windows\system32\localspl.dll
2011-02-14 13:40 . 2009-08-14 16:29        104960        ----a-w-        c:\windows\system32\netiohlp.dll
2011-02-14 13:40 . 2009-08-14 14:16        27136        ----a-w-        c:\windows\system32\NETSTAT.EXE
2011-02-14 13:40 . 2009-08-14 14:16        19968        ----a-w-        c:\windows\system32\ARP.EXE
2011-02-14 13:40 . 2009-08-14 14:16        9728        ----a-w-        c:\windows\system32\TCPSVCS.EXE
2011-02-14 13:40 . 2009-08-14 14:16        10240        ----a-w-        c:\windows\system32\finger.exe
2011-02-14 13:40 . 2009-08-14 14:16        8704        ----a-w-        c:\windows\system32\HOSTNAME.EXE
2011-02-14 13:40 . 2009-08-14 14:16        11264        ----a-w-        c:\windows\system32\MRINFO.EXE
2011-02-14 13:40 . 2009-08-14 14:16        17920        ----a-w-        c:\windows\system32\ROUTE.EXE
2011-02-14 13:39 . 2008-04-05 01:21        72192        ----a-w-        c:\windows\system32\drivers\pacer.sys
2011-02-14 13:39 . 2008-04-05 03:34        15360        ----a-w-        c:\windows\system32\pacerprf.dll
2011-02-14 13:38 . 2010-06-28 16:15        1315840        ----a-w-        c:\windows\system32\ole32.dll
2011-02-14 13:38 . 2010-06-28 14:31        339968        ----a-w-        c:\program files\Windows NT\Accessories\wordpad.exe
2011-02-14 13:38 . 2010-08-26 16:07        157184        ----a-w-        c:\windows\system32\t2embed.dll
2011-02-14 13:38 . 2010-01-29 16:22        1616384        ----a-w-        c:\program files\Windows Mail\msoe.dll
2011-02-14 13:38 . 2010-10-12 15:48        33280        ----a-w-        c:\program files\Windows Mail\wabfind.dll
2011-02-14 13:38 . 2010-10-12 13:52        66048        ----a-w-        c:\program files\Windows Mail\wabmig.exe
2011-02-14 13:38 . 2010-10-12 13:52        515584        ----a-w-        c:\program files\Windows Mail\wab.exe
2011-02-14 13:37 . 2010-08-10 15:02        274432        ----a-w-        c:\windows\system32\schannel.dll
2011-02-14 13:37 . 2010-12-28 14:57        409600        ----a-w-        c:\windows\system32\odbc32.dll
2011-02-14 13:37 . 2010-12-28 14:56        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2011-02-14 13:37 . 2010-12-28 14:56        57344        ----a-w-        c:\program files\Common Files\System\msadc\msadcs.dll
2011-02-14 13:37 . 2010-12-28 14:56        253952        ----a-w-        c:\program files\Common Files\System\ado\msadox.dll
2011-02-14 13:37 . 2010-12-28 14:56        241664        ----a-w-        c:\program files\Common Files\System\ado\msadomd.dll
2011-02-14 13:37 . 2010-12-28 14:56        180224        ----a-w-        c:\program files\Common Files\System\msadc\msadco.dll
2011-02-14 13:36 . 2009-07-14 13:00        313344        ----a-w-        c:\windows\system32\wmpdxm.dll
2011-02-14 13:36 . 2009-07-14 12:58        7680        ----a-w-        c:\windows\system32\spwmp.dll
2011-02-14 13:36 . 2009-07-14 12:59        4096        ----a-w-        c:\windows\system32\msdxm.ocx
2011-02-14 13:36 . 2009-07-14 12:59        4096        ----a-w-        c:\windows\system32\dxmasf.dll
2011-02-14 13:36 . 2009-07-14 10:59        107520        ----a-w-        c:\program files\Windows Media Player\wmpconfig.exe
2011-02-14 13:36 . 2009-07-14 10:58        107520        ----a-w-        c:\program files\Windows Media Player\wmpshare.exe
2011-02-14 13:36 . 2009-07-14 08:30        43520        ----a-w-        c:\windows\system32\msdxm.tlb
2011-02-14 13:36 . 2009-07-14 08:30        18432        ----a-w-        c:\windows\system32\amcompat.tlb
2011-02-14 13:36 . 2010-09-10 16:35        168960        ----a-w-        c:\program files\Windows Media Player\wmplayer.exe
2011-02-14 13:36 . 2010-09-10 16:37        8147456        ----a-w-        c:\windows\system32\wmploc.DLL
2011-02-14 13:35 . 2009-04-23 12:43        784896        ----a-w-        c:\windows\system32\rpcrt4.dll
2011-02-14 13:35 . 2010-10-28 12:56        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-02-14 13:33 . 2010-02-23 11:32        212992        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-02-14 13:30 . 2011-02-14 13:30        --------        d-----w-        c:\program files\ICQ7.2
2011-02-14 13:29 . 2011-02-14 13:29        --------        d-----w-        c:\program files\Skype
2011-02-14 13:29 . 2011-02-14 13:29        --------        d-----w-        c:\program files\Common Files\Skype
2011-02-14 13:28 . 2011-02-14 13:29        --------        d-----w-        c:\programdata\Skype
2011-02-14 13:27 . 2010-08-31 15:40        531968        ----a-w-        c:\windows\system32\comctl32.dll
2011-02-14 13:27 . 2011-01-08 05:57        292352        ----a-w-        c:\windows\system32\atmfd.dll
2011-02-14 13:27 . 2011-01-08 07:50        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-02-14 13:27 . 2010-06-16 15:12        72704        ----a-w-        c:\windows\system32\fontsub.dll
2011-02-14 13:27 . 2009-06-15 15:20        10240        ----a-w-        c:\windows\system32\dciman32.dll
2011-02-14 13:26 . 2010-06-16 15:59        898952        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-02-14 13:26 . 2009-12-28 12:32        31744        ----a-w-        c:\windows\system32\msvidc32.dll
2011-02-14 13:26 . 2009-12-28 12:32        22528        ----a-w-        c:\windows\system32\msyuv.dll
2011-02-14 13:26 . 2009-12-28 12:32        13312        ----a-w-        c:\windows\system32\msrle32.dll
2011-02-14 13:26 . 2009-12-28 12:31        50176        ----a-w-        c:\windows\system32\iyuv_32.dll
2011-02-14 13:26 . 2009-12-28 12:35        11776        ----a-w-        c:\windows\system32\tsbyuv.dll
2011-02-14 13:26 . 2009-12-28 12:31        82944        ----a-w-        c:\windows\system32\mciavi32.dll
2011-02-14 13:26 . 2009-12-28 12:28        91136        ----a-w-        c:\windows\system32\avifil32.dll
2011-02-14 13:26 . 2009-12-28 12:32        123904        ----a-w-        c:\windows\system32\msvfw32.dll
2011-02-14 13:26 . 2009-12-28 12:28        65024        ----a-w-        c:\windows\system32\avicap32.dll
2011-02-14 13:23 . 2008-08-02 01:01        625152        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-02-14 13:23 . 2008-06-26 03:29        565248        ----a-w-        c:\windows\system32\emdmgmt.dll
2011-02-14 13:23 . 2008-06-26 03:29        45056        ----a-w-        c:\windows\system32\dataclen.dll
2011-02-14 13:23 . 2008-05-20 02:07        148480        ----a-w-        c:\windows\system32\drivers\nwifi.sys
2011-02-14 13:23 . 2008-08-02 03:26        36864        ----a-w-        c:\windows\system32\cdd.dll
2011-02-14 13:23 . 2009-04-02 12:37        604672        ----a-w-        c:\windows\system32\WMSPDMOD.DLL
2011-02-14 13:22 . 2009-10-07 12:41        244224        ----a-w-        c:\windows\system32\rastls.dll
2011-02-14 13:22 . 2009-10-07 12:41        281600        ----a-w-        c:\windows\system32\raschap.dll
2011-02-13 20:09 . 2011-02-13 20:10        --------        d-----w-        c:\programdata\NVIDIA
2011-02-13 20:05 . 2008-06-30 15:59        14033923        ----a-w-        c:\windows\system32\acer.exe
2011-02-13 20:05 . 2007-04-18 21:02        36909056        ----a-w-        c:\windows\system32\acer.scr
2011-02-13 20:05 . 2011-02-13 20:05        --------        d-----w-        c:\windows\ACER
2011-02-13 19:54 . 2008-01-16 17:35        44544        ----a-w-        c:\windows\system32\msxml4a.dll
2011-02-13 19:49 . 2011-02-13 19:54        --------        d-----w-        c:\program files\Acer Arcade Deluxe
2011-02-13 19:49 . 2011-02-13 19:51        --------        d-----w-        c:\programdata\CyberLink
2011-02-13 19:48 . 2011-02-13 19:48        118784        ----a-w-        c:\windows\system32\VMC3KAPI.dll
2011-02-13 19:48 . 2011-02-13 19:48        114688        ----a-w-        c:\windows\system32\VCryptAPI.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-02-13 19:16        157168        ----a-w-        c:\programdata\Partner\partner.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-02-14 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-13 30192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2011-02-13 3676160]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-2-13 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2011-02-13 19:48        3197952        ----a-w-        c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24        567560        ----a-w-        c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-13 30192]
R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2011-02-13 110576]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2011-02-13 42608]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2011-02-13 3602432]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2009-12-08 93320]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

.
Inhalt des "geplante Tasks" Ordners

2008-07-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-30 13:10]

2008-07-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-30 13:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0211&m=aspire_6930g
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\q7zjq99g.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-20 23:03
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(1952)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\system32\rundll32.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\conime.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-20  23:06:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-20 22:06

Vor Suchlauf: 9 Verzeichnis(se), 80.410.566.656 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 80.285.765.632 Bytes frei

- - End Of File - - BE8175D737A40EC3BF4C868E252C1F9A
Da werden einige Programme angezeigt, die ich wohl ausschalten werde, z.B. brauche ich weder Bluetooth noch diese bescheuerte Empowering Technology von Acer.

cosinus 21.02.2011 11:27
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Timo7760 21.02.2011 15:18
Hi,
GMER hat funktioniert.
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit quick scan 2011-02-21 14:47:50
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
Running: ldx1qhgb.exe; Driver: C:\Users\Timo\AppData\Local\Temp\kgtdipog.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateFile [0x805B998E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateProcess [0x805B9928]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateProcessEx [0x805B993C]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwMapViewOfSection [0x805B99CC]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwNotifyChangeKey [0x805B9A0F]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenProcess [0x805B9900]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenThread [0x805B9914]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwProtectVirtualMemory [0x805B99A2]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwReplaceKey [0x805B9A37]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwRestoreKey [0x805B9A23]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetContextThread [0x805B997A]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetInformationProcess [0x805B9966]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwTerminateProcess [0x805B99FB]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwUnmapViewOfSection [0x805B99E2]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwYieldExecution [0x805B99B8]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateUserProcess [0x805B9952]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtCreateFile
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtMapViewOfSection
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtOpenProcess
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtOpenThread
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                        mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Ip                                                                        Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                      Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                      Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                    Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:13:10 on 21.02.2011

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.0.19

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys
"catchme" (catchme) - ? - C:\cofi.exe25383c\catchme.sys  (File not found)
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
"PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys
"PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Inc." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\program files\google\googletoolbar1.dll
<binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\program files\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} "Partner BHO Class" - "Google Inc." - C:\ProgramData\Partner\partner.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "Egis" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"BkupTray" - ? - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
"eDataSecurity Loader" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
"PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
"ZPdtWzdVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
"eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"iGroupTec Service" (IGBASVC) - ? - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe  (File found, but it contains no detailed information)
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Partner Service" (Partner Service) - "Google Inc." - C:\ProgramData\Partner\partner.exe
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\System32\acer.scr  (File found, but it contains no detailed information)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
"spba" - "UPEK Inc." - C:\Program Files\Common Files\SPBA\homefus2.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:        Acer, Inc.
BIOS Manufacturer:                Acer
System Manufacturer:                Acer, inc.
System Product Name:                Aspire 6930G
Logical Drives Mask:                0x0000003c

Kernel Drivers (total 156):
  0x81E11000 \SystemRoot\system32\ntkrnlpa.exe
  0x821CA000 \SystemRoot\system32\hal.dll
  0x8040A000 \SystemRoot\system32\kdcom.dll
  0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80472000 \SystemRoot\system32\PSHED.dll
  0x80483000 \SystemRoot\system32\BOOTVID.dll
  0x8048B000 \SystemRoot\system32\CLFS.SYS
  0x804CC000 \SystemRoot\system32\CI.dll
  0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8067D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068A000 \SystemRoot\system32\drivers\acpi.sys
  0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E1000 \SystemRoot\system32\drivers\pci.sys
  0x80708000 \SystemRoot\System32\drivers\partmgr.sys
  0x80717000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8071A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x80724000 \SystemRoot\system32\drivers\volmgr.sys
  0x80733000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8077D000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8078D000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x89C03000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x89CDC000 \SystemRoot\system32\drivers\atapi.sys
  0x89CE4000 \SystemRoot\system32\drivers\ataport.SYS
  0x89D02000 \SystemRoot\system32\drivers\fltmgr.sys
  0x89D34000 \SystemRoot\system32\drivers\fileinfo.sys
  0x89D44000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x89D4D000 \SystemRoot\system32\Drivers\AlfaFF.sys
  0x89D56000 \SystemRoot\system32\Drivers\ksecdd.sys
  0x89E0B000 \SystemRoot\system32\drivers\ndis.sys
  0x89F16000 \SystemRoot\system32\drivers\msrpc.sys
  0x89F41000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A00B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A11A000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A153000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A15B000 \SystemRoot\System32\Drivers\mup.sys
  0x8A16A000 \SystemRoot\System32\drivers\ecache.sys
  0x8A191000 \SystemRoot\system32\drivers\disk.sys
  0x8A1A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A1C3000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8DAE7000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8DAF2000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8DAFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8DAFF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8DC03000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8E336000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8E3D5000 \SystemRoot\System32\drivers\watchdog.sys
  0x8E3E2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8DB08000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8E3ED000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8DB46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8E40F000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x8E796000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
  0x8E7A6000 \SystemRoot\system32\DRIVERS\winbondcir.sys
  0x8E7BB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8E7CE000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8E7D8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8DB58000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8E7E3000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8E7E5000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8DB88000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8E7F0000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8E400000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8DBA0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x89F7B000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8DBCE000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8DBD9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8DBF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8A1D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x89FBC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x89FCB000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x89FDF000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x89DC7000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8E7F8000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x80795000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8DA00000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8A000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x89DD7000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x807BF000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x89DE4000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8E80B000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8EA13000 \SystemRoot\system32\drivers\portcls.sys
  0x8EA40000 \SystemRoot\system32\drivers\drmk.sys
  0x8EA65000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8EAA2000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8EC0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8ECC4000 \SystemRoot\system32\drivers\modem.sys
  0x8ECD1000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x8ECDF000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x8ECEA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8ECFA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8ED01000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8ED0A000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8ED12000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x8ED25000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8ED2E000 \SystemRoot\System32\Drivers\Null.SYS
  0x8ED35000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8ED3C000 \SystemRoot\System32\drivers\vga.sys
  0x8ED48000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8ED69000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8ED72000 \SystemRoot\System32\Drivers\tcusb.sys
  0x8ED7D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8ED85000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8ED8D000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8ED98000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8EDA6000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9080C000 \SystemRoot\System32\drivers\tcpip.sys
  0x908F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x90910000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x90927000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x9093D000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90951000 \SystemRoot\system32\drivers\afd.sys
  0x90999000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x909BA000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8EDAF000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x909EC000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8EDC5000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8EBA4000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90800000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8EDD8000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8DA0E000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x8EDEF000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x92400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x95820000 \SystemRoot\System32\win32k.sys
  0x924D9000 \SystemRoot\System32\drivers\Dxapi.sys
  0x924E3000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x95A40000 \SystemRoot\System32\TSDDD.dll
  0x924F2000 \SystemRoot\system32\drivers\luafv.sys
  0x95A60000 \SystemRoot\System32\cdd.dll
  0x9250D000 \SystemRoot\system32\drivers\spsys.sys
  0x925BC000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0x925CE000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8DA49000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x925DE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x925E8000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x8DA73000 \SystemRoot\system32\drivers\HTTP.sys
  0x8EBE0000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x805AC000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x805C5000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x805DA000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9DA00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9DA1F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9DA58000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9DA70000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9DA98000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9DAE6000 \??\C:\Windows\system32\drivers\int15.sys
  0x9DAF7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0x9DAFB000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
  0x9DB19000 \SystemRoot\system32\drivers\peauth.sys
  0x9DBF7000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0xA3C03000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0xA3C15000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA3C1F000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA3C2B000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA3C33000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
  0x77C50000 \Windows\System32\ntdll.dll

Processes (total 85):
      0 System Idle Process
      4 System
    532 C:\Windows\System32\smss.exe
    600 csrss.exe
    652 C:\Windows\System32\wininit.exe
    664 csrss.exe
    696 C:\Windows\System32\services.exe
    708 C:\Windows\System32\lsass.exe
    716 C:\Windows\System32\lsm.exe
    880 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\nvvsvc.exe
    956 C:\Windows\System32\svchost.exe
    988 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1092 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\audiodg.exe
    1192 C:\Windows\System32\SLsvc.exe
    1224 C:\Windows\System32\svchost.exe
    1368 C:\Windows\System32\winlogon.exe
    1432 C:\Windows\System32\svchost.exe
    1636 C:\Windows\System32\spoolsv.exe
    1660 C:\Windows\System32\svchost.exe
    1904 C:\Windows\System32\rundll32.exe
    1980 C:\Program Files\Common Files\SPBA\upeksvr.exe
    560 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    2036 C:\Windows\System32\taskeng.exe
    480 C:\Windows\System32\dwm.exe
    2020 C:\Windows\explorer.exe
    2128 C:\Windows\System32\taskeng.exe
    2244 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2252 C:\Windows\RtHDVCpl.exe
    2260 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2292 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    2328 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    2372 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    2416 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    2476 C:\Windows\System32\rundll32.exe
    2484 C:\Windows\PLFSetI.exe
    2632 C:\Users\Timo\AppData\Local\temp\RtkBtMnt.exe
    2832 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    2844 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    2856 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    2876 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    2892 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    3096 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    3120 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    3204 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    3216 C:\ACER\Mobility Center\MobilityService.exe
    3276 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    3348 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    3376 C:\Windows\System32\svchost.exe
    3428 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    3456 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    3504 C:\Windows\System32\svchost.exe
    3552 C:\Windows\System32\svchost.exe
    3580 C:\Windows\System32\SearchIndexer.exe
    3652 C:\Windows\System32\drivers\XAudio.exe
    4028 WmiPrvSE.exe
    1824 C:\Program Files\Launch Manager\QtZgAcer.EXE
    2524 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    1480 WmiPrvSE.exe
    2716 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    2780 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    2188 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    2200 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    2672 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1464 C:\Program Files\Skype\Phone\Skype.exe
    2032 C:\Windows\System32\wbem\unsecapp.exe
    2392 C:\Program Files\ICQ7.2\ICQ.exe
    3568 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    3688 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    2696 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    3888 C:\Program Files\Acer\Acer VCM\acp2HID.exe
    4912 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5776 C:\Program Files\Mozilla Firefox\firefox.exe
    5796 C:\Program Files\WinRAR\WinRAR.exe
    4436 C:\Windows\servicing\TrustedInstaller.exe
    4884 C:\Windows\System32\wuauclt.exe
    4176 C:\Windows\System32\SearchProtocolHost.exe
    5852 C:\Windows\System32\SearchFilterHost.exe
    3868 dllhost.exe
    888 dllhost.exe
    3988 C:\Users\Timo\Downloads\MBRCheck.exe
    5848 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001e`5c500000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C
PhysicalDrive1 Model Number: ST9250827AS, Rev: 3.AAA 

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
    232 GB  \\.\PhysicalDrive1  Unknown MBR code
            SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus 21.02.2011 15:38
Zitat:
Service Pack 1 (build 6001), 32-bit
Wieso ist eigentlich nur das SP1 drauf? Das SP2 gibt es schon so lange...

Zitat:
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
232 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5
Wegen der unbekannten MBRs mal bitte dieses Tool von Kaspersky ausführen => http://www.trojaner-board.de/82358-t...entfernen.html

Timo7760 21.02.2011 15:58
Oh, das Service Pack hab ich noch nicht neu draufgeladen... mach ich jetzt aber erstmal.
Hier das vom TDSS, nach Beenden des Scans hat er "no found" angezeigt.
Code:
2011/02/21 15:48:07.0544 5700        TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/21 15:48:08.0049 5700        ================================================================================
2011/02/21 15:48:08.0049 5700        SystemInfo:
2011/02/21 15:48:08.0049 5700       
2011/02/21 15:48:08.0049 5700        OS Version: 6.0.6001 ServicePack: 1.0
2011/02/21 15:48:08.0049 5700        Product type: Workstation
2011/02/21 15:48:08.0049 5700        ComputerName: TIMO-PC
2011/02/21 15:48:08.0050 5700        UserName: Timo
2011/02/21 15:48:08.0050 5700        Windows directory: C:\Windows
2011/02/21 15:48:08.0050 5700        System windows directory: C:\Windows
2011/02/21 15:48:08.0050 5700        Processor architecture: Intel x86
2011/02/21 15:48:08.0050 5700        Number of processors: 2
2011/02/21 15:48:08.0050 5700        Page size: 0x1000
2011/02/21 15:48:08.0050 5700        Boot type: Normal boot
2011/02/21 15:48:08.0050 5700        ================================================================================
2011/02/21 15:48:08.0676 5700        Initialize success
2011/02/21 15:48:11.0938 5768        ================================================================================
2011/02/21 15:48:11.0938 5768        Scan started
2011/02/21 15:48:11.0938 5768        Mode: Manual;
2011/02/21 15:48:11.0938 5768        ================================================================================
2011/02/21 15:48:13.0307 5768        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/02/21 15:48:14.0249 5768        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/02/21 15:48:15.0096 5768        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/02/21 15:48:15.0890 5768        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/02/21 15:48:16.0623 5768        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/02/21 15:48:17.0447 5768        AFD            (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/02/21 15:48:18.0126 5768        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/02/21 15:48:18.0898 5768        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/21 15:48:19.0522 5768        AlfaFF          (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\Drivers\AlfaFF.sys
2011/02/21 15:48:20.0171 5768        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/02/21 15:48:20.0684 5768        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/02/21 15:48:21.0294 5768        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/02/21 15:48:21.0717 5768        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/02/21 15:48:22.0106 5768        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/02/21 15:48:22.0541 5768        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/02/21 15:48:22.0975 5768        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/02/21 15:48:23.0397 5768        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/21 15:48:23.0809 5768        atapi          (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/02/21 15:48:24.0277 5768        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/21 15:48:24.0722 5768        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/02/21 15:48:25.0147 5768        bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/21 15:48:25.0592 5768        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/21 15:48:26.0314 5768        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/21 15:48:26.0961 5768        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/21 15:48:27.0551 5768        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/21 15:48:28.0150 5768        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/21 15:48:29.0084 5768        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/21 15:48:29.0662 5768        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/21 15:48:30.0463 5768        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/21 15:48:31.0197 5768        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/21 15:48:31.0831 5768        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/21 15:48:32.0241 5768        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/02/21 15:48:32.0888 5768        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/21 15:48:33.0328 5768        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/02/21 15:48:33.0900 5768        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/21 15:48:34.0371 5768        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/02/21 15:48:35.0235 5768        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/02/21 15:48:36.0006 5768        DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/02/21 15:48:36.0896 5768        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/02/21 15:48:37.0677 5768        DKbFltr        (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/02/21 15:48:38.0298 5768        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/21 15:48:39.0075 5768        DXGKrnl        (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/21 15:48:40.0011 5768        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/21 15:48:40.0714 5768        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/02/21 15:48:41.0586 5768        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/02/21 15:48:42.0495 5768        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/02/21 15:48:43.0065 5768        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/02/21 15:48:43.0568 5768        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/02/21 15:48:44.0012 5768        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/21 15:48:44.0469 5768        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/21 15:48:45.0002 5768        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/21 15:48:45.0458 5768        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/21 15:48:45.0983 5768        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/02/21 15:48:46.0516 5768        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/21 15:48:47.0140 5768        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/21 15:48:48.0028 5768        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/02/21 15:48:48.0936 5768        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/21 15:48:49.0617 5768        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/21 15:48:50.0565 5768        HidIr          (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/21 15:48:51.0764 5768        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/21 15:48:52.0655 5768        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/02/21 15:48:53.0355 5768        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/02/21 15:48:54.0015 5768        HSF_DPV        (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/02/21 15:48:54.0683 5768        HSXHWAZL        (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/02/21 15:48:55.0292 5768        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/02/21 15:48:56.0126 5768        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/02/21 15:48:56.0660 5768        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/21 15:48:57.0426 5768        iaStor          (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/21 15:48:58.0225 5768        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/02/21 15:48:58.0936 5768        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/21 15:48:59.0628 5768        int15          (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
2011/02/21 15:49:00.0567 5768        IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/21 15:49:01.0302 5768        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/02/21 15:49:01.0981 5768        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/21 15:49:02.0616 5768        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/21 15:49:04.0095 5768        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/21 15:49:04.0697 5768        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/21 15:49:05.0309 5768        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/21 15:49:06.0208 5768        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/02/21 15:49:07.0130 5768        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/21 15:49:08.0158 5768        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/21 15:49:09.0077 5768        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/21 15:49:10.0012 5768        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/21 15:49:10.0640 5768        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/21 15:49:11.0424 5768        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/21 15:49:11.0933 5768        L1E            (86d7f66ac2c0123ed81b2f3e835845c2) C:\Windows\system32\DRIVERS\L1E60x86.sys
2011/02/21 15:49:12.0433 5768        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/21 15:49:12.0979 5768        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/21 15:49:13.0414 5768        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/21 15:49:13.0971 5768        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/21 15:49:14.0585 5768        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/21 15:49:15.0072 5768        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/02/21 15:49:15.0754 5768        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/02/21 15:49:16.0650 5768        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/02/21 15:49:17.0585 5768        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/21 15:49:18.0319 5768        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/21 15:49:19.0286 5768        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/21 15:49:20.0121 5768        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/21 15:49:20.0645 5768        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/21 15:49:21.0448 5768        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/02/21 15:49:22.0060 5768        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/21 15:49:22.0771 5768        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/21 15:49:23.0485 5768        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/02/21 15:49:24.0099 5768        mrxsmb          (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/21 15:49:25.0179 5768        mrxsmb10        (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/21 15:49:26.0042 5768        mrxsmb20        (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/21 15:49:27.0013 5768        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/02/21 15:49:27.0937 5768        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/02/21 15:49:28.0726 5768        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/21 15:49:29.0538 5768        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/21 15:49:30.0351 5768        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/21 15:49:31.0040 5768        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/21 15:49:31.0773 5768        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/21 15:49:32.0587 5768        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/02/21 15:49:33.0330 5768        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/21 15:49:34.0231 5768        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/21 15:49:34.0874 5768        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/02/21 15:49:35.0599 5768        NativeWifiP    (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/21 15:49:36.0255 5768        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/02/21 15:49:37.0052 5768        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/21 15:49:37.0664 5768        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/21 15:49:38.0332 5768        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/21 15:49:38.0988 5768        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/21 15:49:39.0678 5768        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/21 15:49:40.0371 5768        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/21 15:49:41.0305 5768        NETw5v32        (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/02/21 15:49:42.0174 5768        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/21 15:49:43.0009 5768        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/02/21 15:49:43.0830 5768        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/21 15:49:44.0396 5768        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/02/21 15:49:44.0949 5768        NTIDrvr        (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/02/21 15:49:45.0263 5768        NTIPPKernel    (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
2011/02/21 15:49:46.0138 5768        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/21 15:49:46.0582 5768        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/21 15:49:47.0102 5768        NVHDA          (2c7ac27710e8d41c1eb7d1599187d237) C:\Windows\system32\drivers\nvhda32v.sys
2011/02/21 15:49:47.0740 5768        nvlddmkm        (cb0d6f8f65b8766ff2aaaa78881fd9f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/21 15:49:48.0195 5768        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/02/21 15:49:48.0641 5768        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/02/21 15:49:49.0175 5768        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/02/21 15:49:50.0578 5768        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/02/21 15:49:51.0325 5768        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/21 15:49:52.0147 5768        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/02/21 15:49:52.0847 5768        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/21 15:49:53.0556 5768        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/02/21 15:49:54.0241 5768        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/02/21 15:49:55.0044 5768        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/21 15:49:55.0727 5768        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/21 15:49:56.0484 5768        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/21 15:49:57.0137 5768        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/02/21 15:49:57.0962 5768        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/21 15:49:58.0461 5768        PSDFilter      (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/02/21 15:49:59.0167 5768        PSDNServ        (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/02/21 15:49:59.0828 5768        psdvdisk        (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/02/21 15:50:00.0618 5768        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/02/21 15:50:01.0436 5768        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/21 15:50:02.0170 5768        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/21 15:50:02.0803 5768        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/21 15:50:03.0583 5768        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/21 15:50:04.0282 5768        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/21 15:50:05.0173 5768        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/21 15:50:05.0766 5768        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/21 15:50:06.0420 5768        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/21 15:50:06.0949 5768        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/02/21 15:50:07.0748 5768        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/21 15:50:08.0374 5768        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/02/21 15:50:09.0298 5768        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/21 15:50:09.0766 5768        RTSTOR          (7a4f79df3793160b280cde152b61fe33) C:\Windows\system32\drivers\RTSTOR.SYS
2011/02/21 15:50:10.0200 5768        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/21 15:50:10.0680 5768        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/21 15:50:11.0147 5768        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/21 15:50:11.0648 5768        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/21 15:50:12.0092 5768        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/21 15:50:12.0648 5768        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/02/21 15:50:13.0348 5768        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/21 15:50:14.0071 5768        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/21 15:50:14.0682 5768        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/21 15:50:15.0638 5768        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/02/21 15:50:16.0217 5768        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/02/21 15:50:16.0853 5768        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/02/21 15:50:17.0554 5768        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/02/21 15:50:18.0262 5768        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/21 15:50:19.0013 5768        srv            (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/02/21 15:50:19.0667 5768        srv2            (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/21 15:50:20.0574 5768        srvnet          (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/21 15:50:21.0197 5768        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/21 15:50:21.0842 5768        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/21 15:50:22.0520 5768        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/21 15:50:23.0321 5768        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/21 15:50:23.0982 5768        SynTP          (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/21 15:50:24.0665 5768        Tcpip          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/02/21 15:50:25.0565 5768        Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/21 15:50:26.0406 5768        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/21 15:50:27.0216 5768        TcUsb          (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
2011/02/21 15:50:27.0962 5768        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/21 15:50:28.0851 5768        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/21 15:50:29.0575 5768        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/21 15:50:30.0164 5768        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/21 15:50:30.0853 5768        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/21 15:50:31.0498 5768        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/21 15:50:32.0309 5768        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/21 15:50:32.0999 5768        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/02/21 15:50:33.0866 5768        UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/02/21 15:50:34.0570 5768        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/21 15:50:35.0316 5768        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/21 15:50:36.0000 5768        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/02/21 15:50:36.0565 5768        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/21 15:50:37.0212 5768        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/21 15:50:37.0989 5768        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/21 15:50:38.0508 5768        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/21 15:50:39.0031 5768        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/21 15:50:39.0476 5768        usbehci        (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/21 15:50:40.0046 5768        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/21 15:50:40.0478 5768        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/21 15:50:40.0926 5768        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/02/21 15:50:41.0416 5768        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/21 15:50:41.0894 5768        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/21 15:50:42.0525 5768        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/21 15:50:43.0254 5768        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/21 15:50:44.0020 5768        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/21 15:50:44.0588 5768        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/02/21 15:50:45.0366 5768        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/02/21 15:50:46.0089 5768        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/21 15:50:47.0069 5768        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/21 15:50:47.0729 5768        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/02/21 15:50:48.0378 5768        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/02/21 15:50:49.0046 5768        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/02/21 15:50:49.0650 5768        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/21 15:50:50.0462 5768        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/21 15:50:50.0485 5768        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/21 15:50:51.0096 5768        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/02/21 15:50:51.0771 5768        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/21 15:50:52.0439 5768        winachsf        (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/02/21 15:50:53.0137 5768        winbondcir      (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
2011/02/21 15:50:53.0626 5768        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/21 15:50:54.0337 5768        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/21 15:50:55.0053 5768        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/21 15:50:55.0813 5768        XAudio          (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/02/21 15:50:56.0067 5768        {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
2011/02/21 15:50:56.0373 5768        ================================================================================
2011/02/21 15:50:56.0373 5768        Scan finished
2011/02/21 15:50:56.0373 5768        ================================================================================
2011/02/21 15:55:25.0913 5124        Deinitialize success

cosinus 21.02.2011 16:19
mach das mit dem SP2 bitte später!!

Mach erst zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Timo7760 21.02.2011 22:30
Hi,
SP2 hab ich runtergeladen, aber noch nicht installiert.
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5830

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.02.2011 19:42:34
mbam-log-2011-02-21 (19-42-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 406520
Laufzeit: 1 Stunde(n), 46 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Das zweite von dir empfohlene Programm hat zuerst nur eine einzelne Bedrohung erkannt, und dann irgendwo auf Partition D 416 auf einmal. Hoffe du kannst mit dem Log mehr anfangen als ich, ich habs aus Gründen der Privatsphäre etwas gekürzt. Sollte es wirklich wichtig sein, hab ich die notfalls auch noch.

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/21/2011 at 10:22 PM

Application Version : 4.49.1000

Core Rules Database Version : 6442
Trace Rules Database Version: 4254

Scan type      : Complete Scan
Total Scan Time : 02:28:58

Memory items scanned      : 795
Memory threats detected  : 0
Registry items scanned    : 8736
Registry threats detected : 0
File items scanned        : 269191
File threats detected    : 417

Adware.Tracking Cookie
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@atwola[1].txt
        [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
        ds.serving-sys.com [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
        media.scanscout.com [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
        media01.kyte.tv [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
        media1.break.com [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
        objects.tremormedia.com [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
        static. [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
        track.webgains.com [ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
[ D:\Users\Timo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LC3F5RBP ]
----------------------------------------------
VON MIR EDITIERT
----------------------------------------------
        D:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@zbox.zanox[2].txt
        .apmebf.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .mediaplex.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .mediaplex.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        ad.yieldmanager.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        ad.yieldmanager.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .statcounter.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .adfarm1.adition.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .atdmt.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .atdmt.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .doubleclick.net [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .tradedoubler.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .tradedoubler.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .webmasterplan.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .traffictrack.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .traffictrack.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .tto2.traffictrack.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .zanox-affiliate.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .tracking.mindshare.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        tracking.mindshare.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .komtrack.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .komtrack.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        ipcounter.de [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .adfarm1.adition.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .partypoker.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .partypoker.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .atwola.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .webmasterplan.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        .webmasterplan.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        ad.yieldmanager.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        ad.yieldmanager.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
        de.sitestat.com [ D:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\zpb2jizb.default\cookies.sqlite ]
Hab jetzt mit der Funktion des Programms alle Bedrohungen entfernt, ich lasse jetzt erstmal SP2 laufen und dann seh ich weiter.
Danke nochmal,
mfG
Timo

cosinus 22.02.2011 08:46
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Timo7760 22.02.2011 17:10
SP2 ist jetzt drauf.
Bis jetzt hab ich nichts besonderes gefunden, allerdings ist mein PC immer noch lahm- mein freier physikalischer Speicher beträgt nur 20 MB.

cosinus 22.02.2011 19:25
Vista belegt den Speicher sehr stark, um andere Vorgänge zu beschleunigen. Beachte mal => http://www.trojaner-board.de/71631-p...samer-tun.html

Timo7760 23.02.2011 11:58
Hi,
hab die Liste einmal abgearbeitet, geändert hat sich aber noch nichts.
Ein Schritt hat nämlich nicht funktioniert, das was man direkt nach Auschalten des Windows Defenders unter Dienste machen muss:

Zitat:
* Nachdem der Dienst deaktiviert und gestoppt wurde:

Start -> Ausführen -> gpedit.msc : Verwaltung der Gruppenrichtlinien

* Weiternavigieren wir zu

Administrative Vorlagen / Windows-Komponenten / Windows Defender


und dort im rechten Teilfenster die standardmäßige Vorgabe der Richtlinie von "Windows Defender deaktivieren" von "deaktiviert" auf "Aktiviert" stellen.
Mein PC verkündet mir dann, dass gpedit.msc nicht gefunden werden konnte und ich nachsehen soll, ob das richtig geschrieben wurde. Hab schon gpedit und ähnliche Schreibweisen versucht, klappt aber nicht.

Hier nochmal 3 Bilder aus meinem Taskmanager, markiert sind die Dienste, die zu dem größten svchost Prozess gehören (der mit 100.000k).
http://s3.directupload.net/images/110223/gckyqtqb.jpg

cosinus 23.02.2011 12:15
Vllt hillft das hier noch => Windows Vista - Optimierung der Speicherverwaltung

Anwendung auf EIGENE GEFAHR!!

Timo7760 23.02.2011 13:00
Hm, ich glaube fast nicht, dass es an diesen Einstellungen liegt- das svchost Problem ist von einem Tag auf den anderen passiert.
Danke nochmal für deine Hilfe, aber ich muss mir da wohl was anderes überlegen.

cosinus 23.02.2011 14:17
Zitat:
Windows 6.0.6001 Service Pack 1
Vllt installierst du erstmal das SP2. Mach es über Eigenschaften von Computer/Arbeitsplatz => Windows-Update.

Was genau ist an den svchost.exe bei dir problematisch? Mehrere davon sind absolut normal falls du das meinst.

Timo7760 23.02.2011 19:52
SP2 hab ich mittlweile drauf, daran kanns also nicht liegen.
Wie gesagt, dass Problem ist, dass mein PC so lahm ist, und da svchost unter den Prozessen das meiste von meinem RAM frisst, denke ich, es liegt an dem Prozess.
svchost läuft bei mir 10 mal, auf meinem zweiten Rechner aber nur 4 oder 5mal, außerdem ohne so hohe RAM Zahlen.

cosinus 23.02.2011 22:16
Schau hiermit nach, was wirklich hinter der svchost steckt, die mehr RAM will als alle anderen => Svchost Process Analyzer - a svchost.exe file checker


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131