Inet extrem langsam

**-[G3G]-Mephisto** · 29.07.2009, 16:45

Der sagt wenn da ein Doppelklick mache "Das es keine zulässige Win32-Anwendung"

**Petra** · 29.07.2009, 17:04

Dann lösche die vorhandene Version, mache folgende Änderungen in den Internetoptionen (Start => Systemsteuerung => Internetoptionen => Sicherheit => Stufe anpassen) die Punkte "Anwendungen und unsichere Daten starten" und "Installation von Desktopobjekten" auf "Bestätigen" ändern. Danach erneut versuchen.

Wenn es dann immer noch nicht geht, noch zwei Ideen:

lässt sich bedingt durch eine aktive Malware die HijackThis.exe nicht starten, bitte einfach letztgenannte z.B. in pruefung.com umbenennen und dann ausführen. -- Wichtig hierbei: Die Dateiendung "exe" muss durch "com" ersetzt werden!

Hijackthis starten, "Open the misc tools section" wählen, dort oben "Ignorelist" anklicken und dann, falls Einträge drin stehen, rechts "delete all" wählen.

**-[G3G]-Mephisto** · 29.07.2009, 17:49

Tut mir leid aber ich vermute das ich die Datei nicht komplett runterladen kann. Der lädt immer nur ca 400 kb große sachen runter und sagt mir das er dann fertig ist. Wenn ich dann starte kommt immer diese Meldung mit dem 32 dings. Umbennen geht ebenfalls nicht. Und die Internetoptionen sind so eingestellt. Besteht die Möglichkeit HiJack als Zip-Datei woanders runterzuladen und selbst in das "richtige Verzeichnis zu installieren??

MfG Mephisto

**Petra** · 29.07.2009, 18:10

ja, es gibt auch ein ZIP-Archiv, siehe hier.

**-[G3G]-Mephisto** · 29.07.2009, 18:19

Gut bin über nen Freund an die Version rangekommen (Dank XFire)
So hier nun die neue Logfile

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:08, on 29.07.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Mephisto\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe
C:\Program Files\vodafone\vmclite\PhoneConnectorVMC.exe
C:\Program Files\vodafone\vmclite\VMC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VodafoneVMCLiteLauncher] C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: NewShortcut1.lnk = C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix: 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238441176689&h=8560a3f1dba69de364199fd65e591b0b/&filename=jinstall-6u13-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2332CA72-0BE9-4C19-933D-E5883C387BC0}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{2332CA72-0BE9-4C19-933D-E5883C387BC0}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CS3\Services\Tcpip\..\{2332CA72-0BE9-4C19-933D-E5883C387BC0}: NameServer = 139.7.30.125 139.7.30.126
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate1c9bd0c239e918b) (gupdate1c9bd0c239e918b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12323 bytes

Juti ich hoffe ich hab jetzt nichts falsch gemacht.

So und jetzt noch das neue RSIT

Code:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mephisto at 2009-07-29 19:22:23
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 132 GB (57%) free of 232 GB
Total RAM: 3066 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:28, on 29.07.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Mephisto\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe
C:\Program Files\vodafone\vmclite\PhoneConnectorVMC.exe
C:\Program Files\vodafone\vmclite\VMC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Xfire\Xfire.exe
C:\Users\Mephisto\Downloads\Programme\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Mephisto.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VodafoneVMCLiteLauncher] C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: NewShortcut1.lnk = C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix: 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238441176689&h=8560a3f1dba69de364199fd65e591b0b/&filename=jinstall-6u13-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2332CA72-0BE9-4C19-933D-E5883C387BC0}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{2332CA72-0BE9-4C19-933D-E5883C387BC0}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CS3\Services\Tcpip\..\{2332CA72-0BE9-4C19-933D-E5883C387BC0}: NameServer = 139.7.30.125 139.7.30.126
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate1c9bd0c239e918b) (gupdate1c9bd0c239e918b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12369 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-07-29 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-14 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-30 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-07-29 142896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-09-18 6294048]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-11-28 417792]
"eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-09-11 544768]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-07-29 526896]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-29 13601312]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-29 92704]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-06-04 817672]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-10-08 147456]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-10-08 167936]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2007-11-28 1647912]
""= []
"VodafoneVMCLiteLauncher"=C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe [2007-10-17 102400]
"Skytel"=C:\Windows\Skytel.exe [2008-09-18 1833504]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"Cm106Sound"=RunDll32 cm106.cpl,CMICtrlWnd []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-21 68856]
"VMCL"=C:\Program Files\vodafone\vmclite\DongleEnumerator.exe [2007-10-17 131072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NewShortcut1.lnk - C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-07-29 15:46:02 ----D---- C:\Windows\ERDNT
2009-07-29 15:45:15 ----D---- C:\Program Files\ERUNT
2009-07-29 14:33:15 ----D---- C:\_OTM
2009-07-29 10:44:08 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 10:44:07 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 10:44:07 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 10:44:07 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 10:44:07 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 10:44:06 ----A---- C:\Windows\system32\occache.dll
2009-07-29 10:44:06 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 10:44:06 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 10:44:05 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-29 10:44:05 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 10:44:05 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 10:44:05 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 10:44:05 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-29 10:44:05 ----A---- C:\Windows\system32\iepeers.dll
2009-07-29 10:44:04 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-29 10:44:04 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 10:44:04 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 10:44:04 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-28 20:54:57 ----D---- C:\rsit
2009-07-28 20:54:57 ----D---- C:\Program Files\trend micro
2009-07-28 19:33:45 ----A---- C:\Windows\ntbtlog.txt
2009-07-28 19:25:04 ----D---- C:\Users\Mephisto\AppData\Roaming\Malwarebytes
2009-07-28 19:24:55 ----D---- C:\ProgramData\Malwarebytes
2009-07-28 19:24:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-28 18:57:29 ----D---- C:\Program Files\CCleaner
2009-07-26 13:43:22 ----D---- C:\Users\Mephisto\AppData\Roaming\TeamViewer
2009-07-26 13:43:17 ----D---- C:\Program Files\TeamViewer
2009-07-24 03:57:06 ----A---- C:\Windows\system32\xfcodec.dll
2009-07-15 19:03:08 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 19:03:08 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 19:03:08 ----A---- C:\Windows\system32\atmfd.dll
2009-07-15 19:03:07 ----A---- C:\Windows\system32\lpk.dll
2009-07-15 19:03:07 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 18:20:22 ----D---- C:\Windows\Minidump
2009-07-12 20:17:50 ----D---- C:\Program Files\THQ
2009-07-11 20:02:16 ----D---- C:\Program Files\ModernRcon
2009-07-11 18:41:55 ----RA---- C:\Windows\Vmix106.dll
2009-07-11 18:41:39 ----RA---- C:\Windows\system32\c106prop.dll
2009-07-11 18:41:39 ----A---- C:\Windows\Cm106.ini.cfl
2009-07-11 18:41:35 ----RA---- C:\Windows\system32\Cmeau106.exe
2009-07-11 18:40:45 ----RA---- C:\Windows\system32\CmiInstallResAll.dll
2009-07-11 18:40:45 ----RA---- C:\Windows\Cm106.ini.cfg
2009-07-11 18:40:45 ----A---- C:\Windows\Cm106.ini.imi
2009-07-06 12:23:50 ----D---- C:\ProgramData\Media Center Programs
2009-07-06 01:43:28 ----D---- C:\Users\Mephisto\AppData\Roaming\JLC's Software
2009-07-06 01:43:17 ----D---- C:\Users\Mephisto\AppData\Roaming\Desktopicon
2009-07-06 01:43:17 ----D---- C:\Program Files\JLC's Software
2009-07-05 22:16:12 ----D---- C:\Program Files\Common Files\PC Tools
2009-07-05 22:16:08 ----D---- C:\Users\Mephisto\AppData\Roaming\PC Tools
2009-07-05 22:16:08 ----D---- C:\ProgramData\PC Tools
2009-07-05 22:16:08 ----D---- C:\Program Files\Spyware Doctor
2009-07-05 21:35:34 ----D---- C:\ProgramData\SecTaskMan
2009-07-05 21:35:29 ----D---- C:\Program Files\Security Task Manager
2009-07-01 11:06:48 ----D---- C:\ProgramData\Tages
2009-07-01 11:05:31 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-07-01 11:05:31 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-07-01 11:05:31 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-07-01 11:05:31 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-07-01 11:05:31 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-07-01 11:05:31 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-07-01 11:05:31 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-07-01 11:05:31 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-07-01 11:05:31 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-07-01 11:05:31 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-07-01 11:05:30 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-07-01 11:05:30 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-07-01 11:05:30 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-07-01 11:05:30 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-07-01 11:05:30 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-07-01 11:05:30 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-07-01 11:05:30 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-07-01 11:05:30 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-07-01 11:05:30 ----A---- C:\Windows\system32\D3DCompiler_39.dll

======List of files/folders modified in the last 1 months======

2009-07-29 19:22:28 ----D---- C:\Windows\Prefetch
2009-07-29 19:22:16 ----D---- C:\Windows\Temp
2009-07-29 17:37:56 ----AD---- C:\ProgramData\Temp
2009-07-29 17:28:48 ----D---- C:\Windows\System32
2009-07-29 17:28:48 ----D---- C:\Windows\inf
2009-07-29 17:28:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-29 17:25:23 ----D---- C:\Windows\Tasks
2009-07-29 17:23:12 ----D---- C:\Windows\system32\drivers
2009-07-29 15:46:02 ----D---- C:\Windows
2009-07-29 15:45:15 ----RD---- C:\Program Files
2009-07-29 12:09:28 ----A---- C:\Windows\NeroDigital.ini
2009-07-29 11:07:28 ----D---- C:\Windows\system32\migration
2009-07-29 11:07:27 ----D---- C:\Program Files\Internet Explorer
2009-07-29 11:07:08 ----D---- C:\Windows\winsxs
2009-07-29 11:06:50 ----SHD---- C:\System Volume Information
2009-07-29 10:37:40 ----D---- C:\Windows\system32\catroot2
2009-07-29 10:37:40 ----D---- C:\Windows\system32\catroot
2009-07-29 10:32:43 ----D---- C:\ProgramData\Google Updater
2009-07-28 20:28:55 ----D---- C:\ProgramData\Partner
2009-07-28 19:24:55 ----HD---- C:\ProgramData
2009-07-28 18:59:16 ----D---- C:\Windows\Debug
2009-07-28 14:58:33 ----D---- C:\Users\Mephisto\AppData\Roaming\Xfire
2009-07-28 14:16:21 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-07-28 02:08:23 ----SD---- C:\Windows\Downloaded Program Files
2009-07-28 01:23:22 ----D---- C:\ProgramData\Xfire
2009-07-28 01:23:22 ----D---- C:\Program Files\Xfire
2009-07-18 17:56:06 ----D---- C:\Windows\system
2009-07-15 19:14:44 ----D---- C:\Program Files\Windows Mail
2009-07-14 23:09:56 ----D---- C:\Users\Mephisto\AppData\Roaming\dvdcss
2009-07-14 11:26:06 ----D---- C:\Users\Mephisto\AppData\Roaming\Das Fussball Studio
2009-07-14 11:24:42 ----D---- C:\Program Files\Das Fussball Studio
2009-07-14 11:17:56 ----D---- C:\ProgramData\Das Fussball Studio
2009-07-12 20:18:59 ----SHD---- C:\Windows\Installer
2009-07-09 07:16:06 ----D---- C:\Windows\system32\WDI
2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe
2009-07-05 22:16:12 ----D---- C:\Program Files\Common Files
2009-07-05 21:46:05 ----D---- C:\Program Files\Free Download Manager
2009-07-01 22:21:13 ----D---- C:\Users\Mephisto\AppData\Roaming\temp
2009-07-01 11:20:21 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-01 11:05:22 ----RSD---- C:\Windows\assembly
2009-06-30 14:00:36 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2008-12-11 159600]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-01 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-04-27 55640]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-10-01 12832]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-01 25888]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-07-29 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-07-29 60464]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-19 8704]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-03-26 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-03-26 207872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-09-18 2169944]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-12-16 48128]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-12-29 45600]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-29 7451264]
R3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\Windows\system32\DRIVERS\nwusbmdm.sys [2007-10-15 99200]
R3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\Windows\system32\DRIVERS\nwusbser.sys [2007-10-15 99200]
R3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2008-12-10 64392]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2009-03-31 33056]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-03-26 661504]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 A310;AVerMedia A310 DVB-T; C:\Windows\system32\DRIVERS\AVerA310USB.sys [2008-07-03 26752]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device; C:\Windows\system32\drivers\AVerA310Cap.sys [2008-07-03 47104]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-07 101504]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-04-28 50576]
S3 USBMULCD;USB Multi-Channel Audio Device Interface; C:\Windows\system32\drivers\CM106.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-10 185089]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-07-29 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-29 203296]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-05-24 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-07-28 189800]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-06-27 604416]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-19 386560]
R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-03-31 70944]
S2 gupdate1c9bd0c239e918b;Google Update Service (gupdate1c9bd0c239e918b); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-14 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-14 183280]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-20 72704]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2008-10-24 145248]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-06-27 361216]

-----------------EOF-----------------

**Petra** · 29.07.2009, 18:29

Hallo -[G3G]-Mephisto,

===== Punkt 1 =====

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte vorher fragen.
Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole und zur Anwendung

Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

**-[G3G]-Mephisto** · 29.07.2009, 19:39

Ok mit riesen bammel das Prog (mal wieder hatte ich schon damals beim Virus "Antivirus 2009") ausgeführt. Hier ein Log

Code:

ComboFix 09-07-29.01 - Mephisto 29.07.2009 20:07.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2115 [GMT 2:00]
ausgeführt von:: c:\users\Mephisto\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3181879258-2065202216-3916683371-500
c:\users\Mephisto\AppData\Roaming\.#
c:\windows\Installer\21bd881.msi
c:\windows\Installer\f35b2.msi

.
(((((((((((((((((((((((   Dateien erstellt von 2009-06-28 bis 2009-07-29  ))))))))))))))))))))))))))))))
.

2009-07-29 18:12 . 2009-07-29 18:13	--------	d-----w-	c:\users\Mephisto\AppData\Local\temp
2009-07-29 13:45 . 2009-07-29 13:45	--------	d-----w-	c:\program files\ERUNT
2009-07-29 12:33 . 2009-07-29 12:33	--------	d-----w-	C:\_OTM
2009-07-28 18:54 . 2009-07-29 17:11	--------	d-----w-	c:\program files\trend micro
2009-07-28 18:54 . 2009-07-29 12:49	--------	d-----w-	C:\rsit
2009-07-28 17:25 . 2009-07-28 17:25	--------	d-----w-	c:\users\Mephisto\AppData\Roaming\Malwarebytes
2009-07-28 17:24 . 2009-07-13 11:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 17:24 . 2009-07-28 17:24	--------	d-----w-	c:\programdata\Malwarebytes
2009-07-28 17:24 . 2009-07-13 11:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-28 17:24 . 2009-07-28 17:25	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-07-28 16:57 . 2009-07-28 16:57	--------	d-----w-	c:\program files\CCleaner
2009-07-26 11:43 . 2009-07-26 11:43	--------	d-----w-	c:\users\Mephisto\AppData\Roaming\TeamViewer
2009-07-26 11:43 . 2009-07-28 13:23	--------	d-----w-	c:\program files\TeamViewer
2009-07-26 11:42 . 2009-07-26 11:42	--------	d-----w-	c:\users\Mephisto\temp
2009-07-24 01:57 . 2009-07-24 01:57	41872	----a-w-	c:\windows\system32\xfcodec.dll
2009-07-15 17:03 . 2009-06-15 14:53	156672	----a-w-	c:\windows\system32\t2embed.dll
2009-07-15 17:03 . 2009-06-15 14:52	72704	----a-w-	c:\windows\system32\fontsub.dll
2009-07-15 17:03 . 2009-06-15 12:42	289792	----a-w-	c:\windows\system32\atmfd.dll
2009-07-15 17:03 . 2009-06-15 14:52	23552	----a-w-	c:\windows\system32\lpk.dll
2009-07-15 17:03 . 2009-06-15 14:51	10240	----a-w-	c:\windows\system32\dciman32.dll
2009-07-12 18:17 . 2009-07-12 18:17	--------	d-----w-	c:\program files\THQ
2009-07-11 18:02 . 2009-07-11 18:06	--------	d-----w-	c:\program files\ModernRcon
2009-07-11 16:41 . 2007-10-22 12:01	139264	----a-r-	c:\windows\Vmix106.dll
2009-07-11 16:41 . 2006-09-13 05:08	491520	----a-r-	c:\windows\system\cmau106.dll
2009-07-11 16:41 . 2007-10-02 04:11	217088	----a-r-	c:\windows\system\cm106eye.exe
2009-07-11 16:41 . 2001-11-23 04:08	712704	----a-r-	c:\windows\system\a3d106pu.dll
2009-07-11 16:41 . 2001-11-23 04:08	712704	----a-r-	c:\windows\system\a3d.dll
2009-07-11 16:41 . 2006-03-09 09:42	32768	----a-r-	c:\windows\system32\c106prop.dll
2009-07-11 16:41 . 2008-04-17 02:32	495616	----a-r-	c:\windows\system32\Cmeau106.exe
2009-07-11 16:40 . 2008-04-17 02:29	241664	----a-r-	c:\windows\system32\CmiInstallResAll.dll
2009-07-06 10:23 . 2009-07-12 18:41	--------	d-----w-	c:\programdata\Media Center Programs
2009-07-05 23:43 . 2009-07-05 23:43	--------	d-----w-	c:\users\Mephisto\AppData\Roaming\JLC's Software
2009-07-05 23:43 . 2009-07-29 11:47	--------	d-----w-	c:\users\Mephisto\AppData\Roaming\Desktopicon
2009-07-05 23:43 . 2009-07-05 23:43	--------	d-----w-	c:\program files\JLC's Software
2009-07-05 20:37 . 2009-03-31 09:23	39200	----a-w-	c:\windows\system32\drivers\TfSysMon.sys
2009-07-05 20:37 . 2009-03-31 09:23	33056	----a-w-	c:\windows\system32\drivers\TfNetMon.sys
2009-07-05 20:36 . 2009-03-31 09:23	12576	----a-w-	c:\windows\system32\drivers\TfKbMon.sys
2009-07-05 20:36 . 2009-03-31 09:23	51488	----a-w-	c:\windows\system32\drivers\TfFsMon.sys
2009-07-05 20:16 . 2008-12-11 06:38	159600	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2009-07-05 20:16 . 2009-04-03 09:18	130936	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2009-07-05 20:16 . 2008-12-18 10:16	73840	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-05 20:16 . 2009-07-05 20:20	--------	d-----w-	c:\program files\Common Files\PC Tools
2009-07-05 20:16 . 2008-12-10 09:36	64392	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2009-07-05 20:16 . 2009-07-29 18:04	--------	d-----w-	c:\program files\Spyware Doctor
2009-07-05 20:16 . 2009-07-05 20:37	--------	d-----w-	c:\programdata\PC Tools
2009-07-05 20:16 . 2009-07-05 20:16	--------	d-----w-	c:\users\Mephisto\AppData\Roaming\PC Tools
2009-07-01 09:06 . 2009-07-01 09:06	--------	d-----w-	c:\programdata\Tages

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 17:54 . 2009-03-15 12:46	--------	d-----w-	c:\users\Mephisto\AppData\Roaming\Xfire
2009-07-29 15:28 . 2008-01-21 07:15	664282	----a-w-	c:\windows\system32\perfh007.dat
2009-07-29 15:28 . 2008-01-21 07:15	142622	----a-w-	c:\windows\system32\perfc007.dat
2009-07-29 08:32 . 2009-04-14 14:12	--------	d-----w-	c:\programdata\Google Updater
2009-07-28 18:28 . 2009-02-21 14:27	--------	d-----w-	c:\programdata\Partner
2009-07-28 13:18 . 2009-07-05 19:35	--------	d-----w-	c:\programdata\SecTaskMan
2009-07-28 13:01 . 2009-02-04 13:48	48924	----a-w-	c:\programdata\nvModes.dat
2009-07-28 12:16 . 2009-02-21 17:31	138608	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-07-28 12:16 . 2009-02-21 17:31	189800	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-07-27 23:23 . 2009-03-15 12:46	--------	d-----w-	c:\programdata\Xfire
2009-07-27 23:23 . 2009-03-01 13:14	--------	d-----w-	c:\program files\Xfire
2009-07-21 21:52 . 2009-07-29 08:44	915456	----a-w-	c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 08:44	109056	----a-w-	c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 08:44	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 08:44	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2009-07-15 17:14 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-07-14 21:09 . 2009-03-04 17:48	--------	d-----w-	c:\users\Mephisto\AppData\Roaming\dvdcss
2009-07-14 09:26 . 2009-02-21 16:21	--------	d-----w-	c:\users\Mephisto\AppData\Roaming\Das Fussball Studio
2009-07-14 09:24 . 2009-02-21 16:17	--------	d-----w-	c:\program files\Das Fussball Studio
2009-07-14 09:17 . 2009-05-16 20:44	--------	d-----w-	c:\programdata\Das Fussball Studio
2009-07-05 19:46 . 2009-05-14 14:29	--------	d-----w-	c:\program files\Free Download Manager
2009-07-01 09:20 . 2009-01-16 10:27	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-07-01 09:05 . 2009-07-01 09:05	281760	----a-w-	c:\windows\system32\drivers\atksgt.sys
2009-07-01 09:05 . 2009-07-01 09:05	25888	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2009-06-27 09:28 . 2009-06-27 09:28	2756608	----a-w-	c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Planeten.tls.dll
2009-06-27 09:28 . 2009-06-27 09:28	524288	----a-w-	c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations\Planeten.tla.dll
2009-06-27 09:13 . 2009-06-27 09:13	604416	----a-w-	c:\windows\system32\TUProgSt.exe
2009-06-27 09:13 . 2009-06-27 09:13	361216	----a-w-	c:\windows\system32\TuneUpDefragService.exe
2009-06-27 09:13 . 2009-02-22 10:16	--------	d-----w-	c:\program files\TuneUp Utilities 2009
2009-06-25 19:38 . 2009-04-25 10:30	--------	d-----w-	c:\program files\ISet
2009-06-12 23:36 . 2009-06-12 23:36	--------	d-----w-	c:\program files\T4E
2009-06-12 20:21 . 2009-06-12 20:21	456304	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbBAE0.tmp.exe
2009-06-08 21:56 . 2009-02-04 13:48	--------	d-----w-	c:\programdata\NVIDIA
2009-06-08 21:50 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2009-06-08 21:50 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2009-06-08 21:50 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2009-06-08 21:50 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2009-06-08 21:50 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2009-06-08 21:50 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2009-06-08 21:49 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2009-06-08 21:45 . 2006-11-02 12:37	37665	----a-w-	c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-04 19:52 . 2009-06-04 19:48	--------	d-----w-	c:\programdata\Electronic Arts
2009-06-04 19:48 . 2009-02-23 15:19	--------	d-----w-	c:\program files\Electronic Arts
2009-06-04 19:45 . 2009-06-04 19:45	10134	----a-r-	c:\users\Mephisto\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-04 19:45 . 2009-06-04 19:45	--------	d-----w-	c:\program files\Microsoft WSE
2009-05-27 08:46 . 2009-05-27 08:46	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-05-25 20:38 . 2009-05-25 20:38	611064	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-05-25 20:38 . 2009-05-25 20:38	142904	----a-w-	c:\windows\system32\drivers\sptddrv1.sys
2009-05-24 18:43 . 2009-02-21 17:31	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-05-24 18:30 . 2009-02-21 17:31	22328	----a-w-	c:\users\Mephisto\AppData\Roaming\PnkBstrK.sys
2009-05-24 18:30 . 2009-02-21 17:31	22328	----a-w-	c:\users\Mephisto\AppData\Roaming\PnkBstrK.sys
2009-05-22 08:51 . 2009-02-21 14:27	70048	----a-w-	c:\users\Mephisto\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-18 17:03 . 2009-05-18 04:33	680	----a-w-	c:\users\Mephisto\AppData\Local\d3d9caps.dat
2009-05-18 14:12 . 2009-05-18 14:12	96	----a-w-	c:\users\Mephisto\AppData\Local\fusioncache.dat
2009-05-14 15:37 . 2009-05-14 15:37	53248	----a-w-	c:\windows\keymanip.dll
2009-05-14 15:37 . 2009-05-14 15:37	49152	----a-w-	c:\windows\keydll3.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 68856]
"VMCL"="c:\program files\vodafone\vmclite\DongleEnumerator.exe" [2007-10-17 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-28 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-28 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-11-28 1647912]
"VodafoneVMCLiteLauncher"="c:\program files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe" [2007-10-17 102400]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-09-18 6294048]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-09-18 1833504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NewShortcut1.lnk - c:\program files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe [2007-10-17 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Software Informer"="c:\program files\Software Informer\softinfo.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):31,b4,f5,f0,83,e8,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{422081B4-629C-4DF5-80F6-FDAB89DDFA39}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{2E4C0EF8-0D53-4F53-9AE5-0F67F3FA98C0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{B959BA05-AB26-4D1E-A0F8-4B0EA8DE7770}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{1D7F367D-449F-4A27-9613-40C24A5D2286}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{B874BB46-6C15-45AB-A5D2-28572AB2EB57}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{D13C60E0-9F69-41B7-B7B2-0E59C5A2036E}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{345DAC13-C096-4CDB-AFFA-87FC9DB95CAC}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{4C769772-2A24-4702-B058-0D8C24799A04}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{ADBC7BFF-5F4C-4F64-9E0A-F01D754B5517}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{5491CE59-B983-4ED5-B9AD-AE5180EB85EF}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{23DEF7CB-9A9B-4EBB-B425-760C8A3E08F0}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{9F6D8067-A257-4F50-98B8-D70469F6CC44}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E2071CD9-592E-4C7F-A58A-7ED742237424}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{AE8E0C36-9DAB-41D3-A171-854016B4E0F9}g:\\games\\cs2\\css (neu)\\counter-strike source\\hl2.exe"= UDP:g:\games\cs2\css (neu)\counter-strike source\hl2.exe:hl2
"UDP Query User{9C7FD8FF-875B-423C-B69E-74639B2BCC55}g:\\games\\cs2\\css (neu)\\counter-strike source\\hl2.exe"= TCP:g:\games\cs2\css (neu)\counter-strike source\hl2.exe:hl2
"TCP Query User{E1AD6A21-3217-434E-9520-36B6062C0C9C}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{7D02B685-C50D-49A5-A3AD-1F0879E842B2}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{CF35B916-AE04-4BB9-B63F-10DB3609CEB0}"= UDP:c:\program files\EA Games\Die Schlacht um Mittelerde(tm)\game.dat:Die Schlacht um Mittelerde
"{847460EB-5048-48CB-BACC-359B37EDA856}"= TCP:c:\program files\EA Games\Die Schlacht um Mittelerde(tm)\game.dat:Die Schlacht um Mittelerde
"{4C77DE62-F387-4329-9A4E-E5F6ED10141B}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"{98197AF5-1963-44B6-BAD3-2504CEBA2857}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"TCP Query User{CD227D4C-23E0-4D85-8416-DB9BD2C93044}i:\\games\\cs2\\css (neu)\\counter-strike source\\hl2.exe"= UDP:i:\games\cs2\css (neu)\counter-strike source\hl2.exe:hl2
"UDP Query User{D55212A0-4A10-45E3-A0A5-E23D595B26A6}i:\\games\\cs2\\css (neu)\\counter-strike source\\hl2.exe"= TCP:i:\games\cs2\css (neu)\counter-strike source\hl2.exe:hl2
"TCP Query User{09302221-1C37-4A31-BD63-65F05CFA8394}i:\\games\\age of empires ii\\empires2.exe"= UDP:i:\games\age of empires ii\empires2.exe:Age of Empires II
"UDP Query User{844027A3-8310-4F24-8597-B27163682F91}i:\\games\\age of empires ii\\empires2.exe"= TCP:i:\games\age of empires ii\empires2.exe:Age of Empires II
"TCP Query User{1FF4E11B-86A2-46ED-8226-67F58F5B4911}i:\\games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:i:\games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{90D0048E-E289-40CA-8654-0A36E50FEA8B}i:\\games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:i:\games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"TCP Query User{6E66DEE0-25CE-432C-AE26-F19BD2096D03}d:\\neuer ordner\\company of heros\\reliccoh.exe"= UDP:d:\neuer ordner\company of heros\reliccoh.exe:RelicCOH
"UDP Query User{F8A99D06-5C1B-4E9C-8279-6DCF0AE13576}d:\\neuer ordner\\company of heros\\reliccoh.exe"= TCP:d:\neuer ordner\company of heros\reliccoh.exe:RelicCOH
"TCP Query User{F29518FC-8DE2-49E4-B150-CFA62A9B7233}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"UDP Query User{F748BC0A-BCD7-48A2-8D1E-9BB504B3C313}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"TCP Query User{83DB5876-658C-4981-AF2E-2CC75B44B501}c:\\program files\\modernrcon\\modernrcon_v0.8.exe"= UDP:c:\program files\modernrcon\modernrcon_v0.8.exe:ModernRcon_v0.8
"UDP Query User{A37AF448-2FAB-45FC-9088-EB72FDDB0073}c:\\program files\\modernrcon\\modernrcon_v0.8.exe"= TCP:c:\program files\modernrcon\modernrcon_v0.8.exe:ModernRcon_v0.8
"{6BDCD96D-A821-49FF-9B16-C955C6C84820}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes
"{C03C54F4-6F48-40A1-91B9-17F8A5A1C0A1}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes
"{8F199837-4908-4330-9C2B-0DF63FCF3C93}"= UDP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{2EC51907-6247-4D09-9159-CDC475F1556C}"= TCP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [05.07.2009 22:16 130936]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [05.07.2009 22:36 51488]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [05.07.2009 22:37 39200]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [05.07.2009 22:16 159600]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [23.03.2009 07:40 108289]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [04.02.2009 15:44 69632]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [16.01.2009 12:52 24576]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23.09.2008 15:11 144632]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [27.06.2009 11:13 604416]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [16.12.2008 06:05 48128]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\System32\drivers\NETw5v32.sys [16.01.2009 19:39 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [16.01.2009 19:39 45600]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [05.07.2009 22:37 33056]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28.03.2007 08:51 43008]
S2 gupdate1c9bd0c239e918b;Google Update Service (gupdate1c9bd0c239e918b);c:\program files\Google\Update\GoogleUpdate.exe [14.04.2009 16:20 133104]
S3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [16.01.2009 19:39 26752]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [16.01.2009 19:39 47104]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23.09.2008 15:11 50424]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [05.07.2009 22:16 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [05.07.2009 22:16 348752]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-07-29 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:39]

2009-07-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 14:12]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 14:20]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 14:20]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-Cm106Sound - cm106.cpl


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_6930g
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 20:13
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3181879258-2065202216-3916683371-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bb,4f,38,55,fe,b5,6c,62,b3,a8,d4,27,1d,9a,9d,63,39,97,e8,cf,37,81,c8,
   57,97,12,54,f8,d6,cf,4a,ef,59,f9,5a,3f,21,de,f4,33,3a,2b,85,e0,0b,52,b9,31,\
"??"=hex:13,37,c1,b4,d0,8e,50,84,2e,54,a4,df,5b,4d,7a,5b

[HKEY_USERS\S-1-5-21-3181879258-2065202216-3916683371-1000\Software\SecuROM\License information*]
"datasecu"=hex:bc,1d,8a,4c,55,41,76,b5,d5,75,25,9e,38,c3,cc,ce,82,29,da,fd,9d,
   85,73,f1,b7,31,88,99,1d,de,9f,0c,79,ed,0e,f6,cf,92,a2,d6,89,7e,e4,27,84,7c,\
"rkeysecu"=hex:3c,53,4b,96,51,bc,51,00,db,02,17,2c,20,21,35,a0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2009-07-29 20:14
ComboFix-quarantined-files.txt  2009-07-29 18:14

Vor Suchlauf: 14 Verzeichnis(se), 138.615.783.424 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 138.579.050.496 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
320	--- E O F ---	2009-07-29 09:07

und das zweite (wenns das richtige ist)

Code:

Acer Arcade Deluxe
Acer Crystal Eye Webcam 2.0.8
Acer eAudio Management
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer Mobility Center Plug-In
Acer Product Registration
Acer ScreenSaver
Adobe Audition 3.0
Adobe Reader 9 - Deutsch
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Avira AntiVir Personal - Free Antivirus
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner (remove only)
Choice Guard
Company of Heroes
Company of Heroes - FAKEMSI
Das Fussball Studio 7.1.1
Der Herr der Ringe® - Die Eroberung™
Die Schlacht um Mittelerde(tm)
Die*Sims™*3
Elvenstar Mod
Elvenstar Mod 6.0
Emergency4
ERUNT 1.1j
Explorer Suite III
FUSSBALL MANAGER 09
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
Java(TM) 6 Update 13
JLC's Internet TV
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Access Runtime (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 3.0 Runtime
ModernRcon v0.8
Monopoly Deluxe
MSVCRT
MSXML 4.0 SP2 (KB954430)
Need for Speed™ Undercover
Nero 7 Ultra Edition
neroxml
NTI Backup Now 5
NTI Backup Now Standard
NVIDIA Drivers
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Sandlot Games Client Services 1.2.2
Security Task Manager 1.7h
Software Informer 1.0 BETA
Spyware Doctor 6.0
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
Techno4ever Player
TuneUp Utilities 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Multi-Channel Audio Device
VLC media player 0.9.8a
Vodafone Mobile Connect Lite
Winbond CIR Device Drivers
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Sync
Windows Live Writer
WinRAR
Xfire (remove only)

So das wars.

**Petra** · 29.07.2009, 20:31

Prima, dann mache bitte wie folgt weiter:

Kaspersky Online Scan

Da wir nur einen kleinen Teil des Systems sehen und analysieren können, überprüfe Dein komplettes System mit dem Kaspersky Online-Scanner. Bitte während des Scans alle evtl. vorhandenen externen Festplatten einschalten/anschließen. Außerdem während des Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliche) abstellen und nicht vergessen, sie hinterher wieder einzuschalten.

Kaspersky Online Scanner
- Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
- Java muss installiert, aktiv und erlaubt sein.
- Bebilderte Anleitung von sundavis.
- Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.
- Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
- Die Datenschutzerklärung akzeptieren.
- Programm installieren lassen.
- Update der Signaturen installieren lassen (ca. 52 MB).
  Wenn Du eine sehr langsame Internet-Verbindung hast, gib mir Bescheid.
- Wenn der Status "Complete" ist,
- Scan-Einstellungen (Settings) Standard lassen
- Links den Link "My Computer" anklicken.
- Scan beginnt automatisch.
- Wenn der Scan fertig ist, auf "View Scan Report" klicken,
- "Save Report As" und Dateityp auf .txt umstellen,
- und auf dem Desktop als Kaspersky.txt speichern.
- Logdatei hier posten.
- Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.

**-[G3G]-Mephisto** · 29.07.2009, 21:45

Jo sind 63 MB könnte wat länger dauern. Aber no Prob hab Zeit, hoffe nur das mein Inet lange genug mitspielt. Bzw hoffe ich darauf das falls mein Internet abkackt das ich trotzdem da weitermachen kann wo ich aufhören musste. Najut erstma alles Schwarzmalerei. Gut Nacht morgen gibts neues. Bzw heute nacht.

MfG Mephisto

**Petra** · 30.07.2009, 10:33

===== Punkt 1 =====

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking (Norton) und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix.exe /u => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch daraus die Schädlinge verschwinden. Es wird ein neuer Systemwiederherstellungspunkt erstellt. Gleichzeitig setzt Combofix die Zeiteinstellungen wieder auf die Ursprungseinstellungen, und setzt die Systemeinstellungen wieder so zurück, dass Dateierweiterungen und Systemdateien versteckt sind, was Du bei Bedarf im Explorer unter Extras => Ordneroptionen aber wieder ändern bzw. Deinen persönlichen Vorlieben entsprechend anpassen kannst.

Und ich warte dann auf das Ergebnis des noch ausstehenden Online-Scans.

Thema: Inet extrem langsam

Themen-Optionen

AW: Inet extrem langsam

AW: Inet extrem langsam

AW: Inet extrem langsam

AW: Inet extrem langsam

AW: Inet extrem langsam

AW: Inet extrem langsam

AW: Inet extrem langsam

AW: Inet extrem langsam

AW: Inet extrem langsam

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

inet ist total langsam und geht auch gerne mal garnicht

System langsam - INet-Seiten öffnen sich automatisch

Extrem lange Ladezeiten und Inet Probleme

PC extrem langsam

Problem: Inet langsam, Trojaner?

Berechtigungen