Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/"

Benita · 14.10.2010, 07:27

Was stimmt hier nicht?

Benutze firefox und hatte gestern Abend eine merkwürdige Meldg. (-> http://www.trojaner-board.de/91811-v...-redirect.html) beim Googeln - Sieten mit einem (dubiosen?!) firefox-update öffneten sich.
Daraufhin hab i dann doch noch das Virenprog. (MSE) durchlaufen lassen - Ergebnis: alles okay. Habs die Nacht über laufen lassen. Merkwürdig dabei: Der PC hat sich nicht wie sonst in den Ruhezustand versetzt. Er war an als ich aufwachte und längst fertig.

Als ich ihn herunterfahren wollte kam eine Meldg. (leicht transparent-schwarzer Bildschirm, darauf ein Fenster; in etwa: Achtung, Achtung..Herunterfahren..noch geöffnete Programme.. -> Strg+C war nicht mögl.), dass der iexplorer(.exe) o.s.ä. nicht funktioniert bzw. nicht 'aus ist'..

Eben hab i den Rechner wieder eingeschalten und 'tadaa' - er läuft. Die Frage ist nur, wie lange er noch läuft und was hier noch so alles läuft während er läuft.

Hier also das Logfile von vorhin:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:51:46, on 14.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\V0420Mon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKLM\..\RunOnce: [SpybotDeletingA1335] command.com /c del "C:\Windows\System32\sshnas21.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6230] cmd.exe /c del "C:\Windows\System32\sshnas21.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle
O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\Users\Admin\AppData\Local\Temp\Rzd.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6009] command.com /c del "C:\Windows\System32\sshnas21.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3639] cmd.exe /c del "C:\Windows\System32\sshnas21.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1272575101-2667807289-1454402517-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Benita')
O4 - S-1-5-21-1272575101-2667807289-1454402517-1001 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Benita')
O4 - S-1-5-21-1272575101-2667807289-1454402517-1001 User Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Benita')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 10045 bytes

DANKE VORAB!

Chris4You · 14.10.2010, 08:11

Hi,

bitte keine Post in zwei Foren!
Lass sofort MAM laufen und danch CF:

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

chris
Ps.: für mich: C:\Windows\system32\sshnas21.dll

Benita · 14.10.2010, 09:11

Hallo,

sry wg. des 'Doppelposts'.

Das andere Thema war nicht zu löschen und da ich nun ein 'aktuelles' Logfile hatte, habe ich es hier gepostet.

Hier nun wie folgt die Logfiles von OTL & MAM.
CF war mir zu heikel, weil da steht: "Achtung: In einigen wenigen Fällen kann es vorkommen, dass der Rechner nicht mehr booten kann und Neuaufgesetzt werden muss!". Ich wüsste nicht weiter, wenn das passiert.

..ansonsten hab i alles so gemacht, wie es geschrieben steht.

OTL

OTL.TxtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.10.2010 09:24:18 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = c:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 144,82 Gb Free Space | 63,21% Space Free | Partition Type: NTFS
Drive D: | 228,83 Gb Total Space | 208,86 Gb Free Space | 91,28% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 298,55 Gb Free Space | 64,12% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Admin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\Admin\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys File not found
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (V0420VID) Live! Cam Vista IM (VF0420) -- C:\Windows\System32\drivers\V0420Vid.sys (Creative Technology Ltd.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 E1 71 96 C5 43 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.08 15:23:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.13 19:14:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.13 19:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.24 15:21:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.08.24 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2010.10.13 11:42:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\w5cna50m.default\extensions
[2010.10.11 14:47:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\w5cna50m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.13 19:14:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\Admin\AppData\Local\Temp\Rzd.exe (Borland International)
O4 - HKCU..\Run: [Metropolis] C:\Windows\System32\sshnas21.DLL File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingA1335] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingC6230] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB6009] C:\Windows\System32\COMMAND.COM ()
O4 - HKCU..\RunOnce: [SpybotDeletingD3639] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ctrun\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.14 09:18:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2010.10.14 09:18:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.14 09:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.14 09:18:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.14 09:18:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.14 01:37:33 | 000,196,608 | ---- | C] (Borland International) -- C:\Windows\Rcecua.exe
[2010.10.13 22:39:37 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.10.13 22:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.10.13 22:32:12 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.10.12 21:45:57 | 000,000,000 | ---D | C] -- C:\Programme\NOS
[2010.10.12 21:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.10.12 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ICQ
[2010.10.12 21:43:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\AOL
[2010.10.12 11:45:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\eSobi
[2010.10.12 11:41:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan
[2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010.10.12 11:37:13 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2010.10.12 11:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.10.11 23:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.10.11 21:36:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010.10.10 17:29:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2010.10.06 16:27:46 | 000,000,000 | ---D | C] -- C:\Programme\Recuva
[2010.09.29 08:20:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.15 15:28:00 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.01 16:57:53 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC40E.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.14 09:20:56 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.14 09:20:56 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.14 09:20:56 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.14 09:20:56 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.14 09:18:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.14 08:48:01 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.10.14 08:45:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.14 08:28:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.10.14 07:46:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.14 07:46:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.14 07:46:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.14 07:46:35 | 3220,410,368 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.14 02:27:15 | 000,000,095 | ---- | M] () -- C:\Windows\wininit.ini
[2010.10.14 01:37:30 | 000,196,608 | ---- | M] (Borland International) -- C:\Windows\Rcecua.exe
[2010.10.13 22:39:54 | 000,001,059 | ---- | M] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk
[2010.10.13 22:32:12 | 000,001,878 | ---- | M] () -- C:\Users\Admin\Desktop\HijackThis.lnk
[2010.10.13 19:15:00 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.13 19:11:02 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_3
[2010.10.13 19:10:55 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_2
[2010.10.13 19:10:43 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13.json
[2010.10.13 09:57:44 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.10.12 21:47:04 | 000,040,737 | ---- | M] () -- C:\Users\Admin\Desktop\Clipboard01.jpg
[2010.10.12 20:55:45 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.12 18:10:40 | 001,664,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.12 18:10:35 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Admin.job
[2010.10.12 11:37:14 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.10.11 12:33:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job
 
========== Files Created - No Company Name ==========
 
[2010.10.14 09:18:47 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.14 02:27:15 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini
[2010.10.14 01:37:42 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.10.14 01:37:37 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.14 01:37:31 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.10.13 22:39:54 | 000,001,059 | ---- | C] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk
[2010.10.13 22:32:12 | 000,001,878 | ---- | C] () -- C:\Users\Admin\Desktop\HijackThis.lnk
[2010.10.13 19:15:00 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.13 19:11:02 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_3
[2010.10.13 19:10:55 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_2
[2010.10.13 19:10:43 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13.json
[2010.10.13 09:57:44 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.10.12 21:47:04 | 000,040,737 | ---- | C] () -- C:\Users\Admin\Desktop\Clipboard01.jpg
[2010.10.12 20:55:45 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.12 11:37:18 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Admin.job
[2010.10.12 11:37:14 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.08.29 18:24:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.29 16:56:04 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010.08.25 13:16:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.25 12:25:18 | 000,001,504 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.08.24 20:55:24 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.24 20:54:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2010.08.23 18:30:06 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.08.23 09:51:11 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2010.08.23 09:51:11 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.03.22 00:49:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008.03.21 23:05:48 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008.03.21 23:05:48 | 000,000,134 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008.03.21 16:18:28 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---

-- - -- - -- - -- - --

Extras.TxtOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.10.2010 09:24:18 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = c:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 144,82 Gb Free Space | 63,21% Space Free | Partition Type: NTFS
Drive D: | 228,83 Gb Total Space | 208,86 Gb Free Space | 91,28% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 298,55 Gb Free Space | 64,12% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8EA3A1-DB99-4536-891F-6C4DC3623B7C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1608BC78-BABA-46C6-949E-DEA2CD9F569A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1967FC27-C38D-4ED9-AD55-945E6DB8D5D2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{303C60FB-412C-446D-87BB-D2891C92DB7A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{536500AB-F214-4A92-9D25-949CD1A8D7B2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6DC06708-F4FE-4561-AF24-036952FC0F2F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9392473C-141B-4D4B-B057-461D14977CEA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A4CD4F0E-CAFC-48B7-9AAE-B783FA901B96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AA5F5DE5-C2D4-4E24-9CEE-00150A711A45}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CE249E74-9B30-4D6B-97EA-06CD5028BFCE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E33298DC-22CE-4F2F-A6AD-A9099AC83B4A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FA9DFD88-CB5A-462C-8675-B958C8594DA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A61EEC-423F-4E81-90A7-31005DCC82E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{05674754-C76C-49BF-B922-62E2488CDFAA}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{077D2931-DB4D-4CCD-99C5-11DB2FC33C10}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{123A0E08-C9BB-4804-92AB-904E5BAEB631}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{13AB3B93-D622-40F5-BB04-F2057D2388CD}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{1B99EF99-611F-4141-BE2C-FAE9EB540E8E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1F737DB0-A5FC-4DAA-B056-E3C3DA941552}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{23C07E87-1EEE-45EC-AED4-19C4CAC30E67}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{24AEFC7B-C444-4941-BC39-DAAA2CC9DFCE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{28D5960E-B488-490F-B356-FE32012ACAC3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{29E8E4DC-B156-4A3B-8ED5-E0B890F47716}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{2D937DCC-89DF-408A-B5B0-485337D6B49C}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
"{2DB8E8B6-416F-49B3-9DA3-3FF1723390A7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{2EE9E0B5-1D03-46D0-B454-2D6B650CBC1D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{35D53898-57BE-4F42-B36A-0743BE2F1468}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{3C90456F-07F9-426D-A65F-D2C20F26F442}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{3E2D67AB-FBC8-46D0-98FD-89194B8E4C5F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{3F195AE9-BF7E-43C6-9690-E77F3DFABC00}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{407B7AEC-7605-41B9-9EEF-DD50C0F0CCD7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{43BAD0D4-223E-49D4-A0BD-18659A9AB5BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{45B26A3E-524F-40B7-B53E-0CD14C695A9C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{4D56D392-50C7-48E8-8CE2-A2FEC81D8D05}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{4FB28050-BA4F-4074-BF5D-1D96FE22E0F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{57352C9F-BC16-4570-9C59-40AC0D116D5C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6B45DF9B-DC8F-43E8-949E-B25C2042BE93}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6BCBA53E-447C-41F7-8521-3C739F0812B2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{7D1E0179-E346-4CAB-96C2-C247F924AF64}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8C70944F-3280-4CCC-B781-0173DED7AC33}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{8FEB3F4E-162D-4FB5-8950-B65A3C56E085}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{92124ED5-43AD-49B5-92D9-0A99421B2DCA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{996ACF84-94F5-4ECD-B76A-888B99685F10}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{9C4B2756-7381-4803-B1DA-42687C106B69}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A05F63F9-C570-4C0D-95FB-39196FF81D61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{A3863431-FFB7-41D7-A10E-AC193BB372BE}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{A3B416BD-6980-4235-BE55-1B9529AE5EBB}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
"{A579E820-921F-4413-B0D7-0E9602CEE6DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{BCB17394-870F-46D4-BAA3-679591B42429}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{BCCE2808-3651-42B2-B6C0-3FC7A8BC2D36}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
"{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{C0B31EA7-784B-4490-9CB9-9DDB1FD0F17C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C528D3E1-8CE3-478C-95EA-DC62DDA90D66}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{C8366C07-2131-473C-BBED-D27222D02A87}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{C99793BB-DD3E-4A0F-A425-8EA3BAEF8880}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{DB6A42BD-0E5C-4738-B41F-5498B9D82F33}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{DC96B31F-5D1B-4D34-954B-65049D1139C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F849F079-AD5A-4456-B9EC-C1D450B99A70}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{FED8A1D4-1E81-4013-A93D-80E472273DA7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"TCP Query User{9C933299-0C22-4CAA-A144-DD25E7F64923}C:\program files\sightspeed\sightspeed.exe" = protocol=6 | dir=in | app=c:\program files\sightspeed\sightspeed.exe | 
"UDP Query User{14566D9F-8A82-4575-9E65-D5255642D606}C:\program files\sightspeed\sightspeed.exe" = protocol=17 | dir=in | app=c:\program files\sightspeed\sightspeed.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E139DD-A721-6CAD-BD4C-6FF597FC52BD}" = Catalyst Control Center Graphics Light
"{02F1F814-3458-9AE2-B360-6BA8C8DF9049}" = Catalyst Control Center Localization Danish
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{062D3AEE-6E5C-BCE9-4BE4-1190D29EE352}" = CCC Help Thai
"{06A4892F-EC84-7384-B401-52F30FC122FE}" = Catalyst Control Center Localization Japanese
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{0CC4C654-6439-52F7-FB58-7A6A720166ED}" = CCC Help Turkish
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{173823FE-9525-76D1-D97B-0FE91E155252}" = Skins
"{1A214451-2E9B-D3D3-47C6-A5721559CB4C}" = CCC Help Chinese Standard
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{277D09B9-B42D-2AC2-C924-EDDFCF2107A3}" = Catalyst Control Center Core Implementation
"{286062BC-BDD5-9672-C020-136205720097}" = Catalyst Control Center Localization German
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2BA19C43-B671-8CEE-9354-4045F2CA7EB4}" = Catalyst Control Center Graphics Full Existing
"{2C1F489E-5720-996D-B4C1-EDC85CE1B65E}" = CCC Help Finnish
"{2CF047B3-E199-A69F-6D92-AADFBA7FF661}" = Catalyst Control Center Localization Chinese Traditional
"{2DFF2037-F943-84F0-BE0C-64D0CDD77E58}" = Catalyst Control Center Localization French
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36CCF09A-3ABB-C137-4EFD-07E91590D001}" = Catalyst Control Center Localization Swedish
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39140291-BEC7-7D17-B3AC-BA327051FA0B}" = ccc-core-static
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A146779-C87B-332C-EBBC-8579497D68BA}" = Catalyst Control Center Localization Greek
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{423C4F57-FABA-53C2-BD7C-2C5A2EFC50B4}" = Catalyst Control Center Localization Spanish
"{4254E189-9BDD-3319-C681-F60AF423A509}" = CCC Help Polish
"{431643EB-1687-CB60-C9C9-E9E60937E87E}" = Catalyst Control Center Graphics Previews Vista
"{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BBCED26-53AA-B0F9-753C-B7D7822F5B54}" = CCC Help Norwegian
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F99A59A-FA06-50CE-720F-983F59D14344}" = Catalyst Control Center Localization Thai
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{555A4211-DCF8-2A4B-8521-F077D1C72E52}" = Catalyst Control Center Localization Turkish
"{61F260E7-05DE-9EBD-C5F0-4D8AF9FC16A3}" = CCC Help Chinese Traditional
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7C03DBF2-0F03-F9E8-3CBE-B07CB7F59318}" = CCC Help Greek
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{85C89C8C-4FD7-C7E2-97A7-847D947FFDDB}" = Catalyst Control Center Localization Chinese Standard
"{864A44F1-6AB7-5016-B275-DC2AC43D09E7}" = Catalyst Control Center Localization Portuguese
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E279E44-FBBF-3C62-899C-E8D021697D52}" = ccc-utility
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96C48A0F-0368-554A-6833-F9B7D264B59F}" = CCC Help Italian
"{96C61636-0F21-403C-5348-AAE3C857BD72}" = Catalyst Control Center Graphics Full New
"{9AF5B5DE-6161-F211-2052-54BB67F32008}" = Catalyst Control Center Localization Finnish
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B075B92E-C60E-57C2-BDA4-A60E5FF71591}" = CCC Help Dutch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B420E03C-A7A8-7142-8BF1-D6798B98AC8A}" = CCC Help Korean
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{BE63EA03-29BF-4E9D-73C9-095850F069C8}" = CCC Help Swedish
"{BFFDAD41-BAAB-5602-CD1A-EE1171D14D40}" = Catalyst Control Center Localization Hungarian
"{C3452F04-DA8E-2119-1925-D0E050A64186}" = ATI Catalyst Install Manager
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C8CF9485-B188-A9B0-FEE3-3F423779F89C}" = Catalyst Control Center Localization Dutch
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CEA453C2-40E0-9B65-A90D-DA8611C29F32}" = CCC Help Hungarian
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D17E2A02-5D61-C6F9-8D78-90FE1112C19A}" = CCC Help Spanish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D53BAED6-CF1C-FF87-DE1A-D879D22EF67C}" = Catalyst Control Center Localization Czech
"{D5C388EB-9848-80F6-02F4-DBFED2DF02E8}" = CCC Help French
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7E3DAA3-78CB-A30F-FD58-94ED333AE524}" = CCC Help English
"{DE44BDEC-6005-6676-DBA4-FC314F53DD49}" = Catalyst Control Center Localization Norwegian
"{E05830A9-573F-8253-C280-921FF1474DA5}" = Catalyst Control Center Localization Russian
"{E0D6A886-A34F-7303-C485-91FA655E83D5}" = CCC Help Japanese
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E53B1B0E-C8DA-4105-2C41-210571998AB6}" = Catalyst Control Center Localization Korean
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E927B65C-A081-8B68-705C-932883697B80}" = Catalyst Control Center Localization Italian
"{EF70BC30-AEE6-5C73-DC7C-3C3B9A73D8FE}" = Catalyst Control Center Localization Polish
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37200BB-2C03-42D9-DBE3-C6240D53DF06}" = CCC Help Portuguese
"{F57D72B6-7FBB-3C60-A19D-55C7B8042934}" = CCC Help Russian
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F7FE23D7-980C-6250-6873-4BD1660FE4CB}" = CCC Help Czech
"{F90E2693-78D9-7CCB-4617-2383A0A31CD2}" = CCC Help Danish
"{F917BAC3-BC13-E3A0-EE98-74D9DA33BAE6}" = CCC Help German
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Media Player_is1" = AVS Media Player 4.1.2.65
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative VF0420" = Creative Live! Cam Vista IM Driver (1.00.03.0000)
"Free Studio_is1" = Free Studio version 4.8
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Shockwave 7.0.3 Player" = Shockwave 7.0.3 Player
"Shop for HP Supplies" = Shop for HP Supplies
"SysInfo" = Creative-Systeminformationen
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.10.2010 14:44:59 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm AVSMediaPlayer.exe, Version 4.1.2.65 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 124c  Anfangszeit: 01cb6639d82c8b30  Zeitpunkt
 der Beendigung: 9
 
Error - 07.10.2010 18:08:54 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 08.10.2010 02:11:48 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.10.2010 03:38:38 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 08.10.2010 12:26:56 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.10.2010 17:07:32 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.10.2010 04:01:34 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.10.2010 04:46:37 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.10.2010 07:06:18 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.10.2010 11:46:27 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.09.2010 09:34:45 | Computer Name = *** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 08.09.2010 09:34:54 | Computer Name = *** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 08.09.2010 10:04:44 | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 08.09.2010 10:04:44 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 08.09.2010 10:04:44 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.09.2010 15:30:59 | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 08.09.2010 15:31:00 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 08.09.2010 15:31:00 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.09.2010 15:37:49 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 08.09.2010 15:37:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

MAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4818

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

14.10.10 10:07
mbam-log-2010-10-14 (10-07-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 292329
Laufzeit: 45 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\koo9rv9k4z (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Admin\AppData\Local\Temp\Rzd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1272575101-2667807289-1454402517-1001\$RDRCGNZ.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\Rze.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Benita\Downloads\firefox-update(3).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Rcecua.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Chris4You · 14.10.2010, 09:27

Hi,

einges wurde von MAM schon beseitigt, zur Sicherheit noch mal mit OTL (und noch ein bisschen mehr ;o):

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys File not found
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\Admin\AppData\Local\Temp\Rzd.exe (Borland International)
O4 - HKCU..\Run: [Metropolis] C:\Windows\System32\sshnas21.DLL File not found
O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ctrun\start.exe -- File not found
[2010.10.14 08:48:01 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.10.14 08:45:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.14 08:28:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.10.14 01:37:30 | 000,196,608 | ---- | M] (Borland International) -- C:\Windows\Rcecua.exe
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = dword:0x00


:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Superantispyware (SASW):
http://www.trojaner-board.de/51871-a...tispyware.html

chris

Benita · 14.10.2010, 09:47

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.10.2010 10:44:34 - Run 2
OTL by OldTimer - Version 3.2.15.2     Folder = c:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 149,12 Gb Free Space | 65,08% Space Free | Partition Type: NTFS
Drive D: | 228,83 Gb Total Space | 208,86 Gb Free Space | 91,28% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 298,55 Gb Free Space | 64,12% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.14 09:21:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- c:\Users\Admin\Downloads\OTL.exe
PRC - [2010.09.15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\msseces.exe
PRC - [2010.09.15 01:02:28 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.09.15 01:02:28 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009.09.10 16:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.05.06 15:53:34 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2008.03.26 15:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.06.07 14:01:38 | 000,155,648 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.14 09:21:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- c:\Users\Admin\Downloads\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.09.01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.24 13:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.09.01 17:06:05 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.03.25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.05.06 17:53:20 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.05.06 17:53:20 | 000,132,128 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008.03.26 20:35:54 | 002,103,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.03.21 15:43:22 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008.03.05 00:38:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008.03.05 00:38:44 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008.03.05 00:38:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008.02.20 01:52:50 | 003,514,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.21 17:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.16 11:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007.05.31 03:32:34 | 000,099,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0420Vid.sys -- (V0420VID) Live! Cam Vista IM (VF0420)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.06.13 22:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 E1 71 96 C5 43 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.08 15:23:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.13 19:14:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.13 19:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.24 15:21:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.08.24 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2010.10.13 11:42:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\w5cna50m.default\extensions
[2010.10.11 14:47:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\w5cna50m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.13 19:14:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingA1335] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingC6230] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB6009] C:\Windows\System32\COMMAND.COM ()
O4 - HKCU..\RunOnce: [SpybotDeletingD3639] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ctrun\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.14 10:04:42 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.10.14 09:18:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2010.10.14 09:18:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.14 09:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.14 09:18:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.14 09:18:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.13 22:39:37 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.10.13 22:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.10.13 22:32:12 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.10.12 21:45:57 | 000,000,000 | ---D | C] -- C:\Programme\NOS
[2010.10.12 21:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.10.12 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ICQ
[2010.10.12 21:43:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\AOL
[2010.10.12 11:45:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\eSobi
[2010.10.12 11:41:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan
[2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010.10.12 11:37:13 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2010.10.12 11:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.10.11 23:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.10.11 21:36:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010.10.10 17:29:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2010.10.06 16:27:46 | 000,000,000 | ---D | C] -- C:\Programme\Recuva
[2010.09.29 08:20:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.15 15:28:00 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.01 16:57:53 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC40E.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.14 10:28:02 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.10.14 10:08:19 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\tyauye.sys
[2010.10.14 10:04:50 | 000,000,808 | ---- | M] () -- C:\Users\Admin\Desktop\CCleaner.lnk
[2010.10.14 09:46:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.14 09:46:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.14 09:20:56 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.14 09:20:56 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.14 09:20:56 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.14 09:20:56 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.14 09:18:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.14 07:46:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.14 02:27:15 | 000,000,095 | ---- | M] () -- C:\Windows\wininit.ini
[2010.10.13 22:39:54 | 000,001,059 | ---- | M] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk
[2010.10.13 22:32:12 | 000,001,878 | ---- | M] () -- C:\Users\Admin\Desktop\HijackThis.lnk
[2010.10.13 19:15:00 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.13 19:11:02 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_3
[2010.10.13 19:10:55 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_2
[2010.10.13 19:10:43 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13.json
[2010.10.13 09:57:44 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.10.12 21:47:04 | 000,040,737 | ---- | M] () -- C:\Users\Admin\Desktop\Clipboard01.jpg
[2010.10.12 20:55:45 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.12 18:10:40 | 001,664,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.12 18:10:35 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Admin.job
[2010.10.12 11:37:14 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.10.11 12:33:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job
 
========== Files Created - No Company Name ==========
 
[2010.10.14 10:08:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tyauye.sys
[2010.10.14 10:04:50 | 000,000,808 | ---- | C] () -- C:\Users\Admin\Desktop\CCleaner.lnk
[2010.10.14 09:18:47 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.14 02:27:15 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini
[2010.10.14 01:37:42 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.10.13 22:39:54 | 000,001,059 | ---- | C] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk
[2010.10.13 22:32:12 | 000,001,878 | ---- | C] () -- C:\Users\Admin\Desktop\HijackThis.lnk
[2010.10.13 19:15:00 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.13 19:11:02 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_3
[2010.10.13 19:10:55 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_2
[2010.10.13 19:10:43 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13.json
[2010.10.13 09:57:44 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.10.12 21:47:04 | 000,040,737 | ---- | C] () -- C:\Users\Admin\Desktop\Clipboard01.jpg
[2010.10.12 20:55:45 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.12 11:37:18 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Admin.job
[2010.10.12 11:37:14 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.08.29 18:24:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.29 16:56:04 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010.08.25 13:16:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.25 12:25:18 | 000,001,504 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.08.24 20:55:24 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.24 20:54:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2010.08.23 18:30:06 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.08.23 09:51:11 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2010.08.23 09:51:11 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.03.22 00:49:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008.03.21 23:05:48 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008.03.21 23:05:48 | 000,000,134 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008.03.21 16:18:28 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Custom Scans ==========
 
 
< :OTL >
 
< DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found >
 
< DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found >
 
< DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys File not found >
 
< DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys File not found >
 
< DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found >
 
< O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\Admin\AppData\Local\Temp\Rzd.exe (Borland International) >
 
< O4 - HKCU..\Run: [Metropolis] C:\Windows\System32\sshnas21.DLL File not found >
 
< O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell - "" = AutoRun >
 
< O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ctrun\start.exe -- File not found >
 
< [2010.10.14 08:48:01 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job >
 
< [2010.10.14 08:45:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job >
 
< [2010.10.14 08:28:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job >
 
< [2010.10.14 01:37:30 | 000,196,608 | ---- | M] (Borland International) -- C:\Windows\Rcecua.exe >
 
< @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57 >
 
< @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B623B5B8 >
 
< @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 >
 
<  >
 
< :reg >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] >
 
< "DisableMonitoring" = dword:0x00 >
 
<  >
 
<  >
 
< :Commands >
 
< [emptytemp] >
 
< [Reboot] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---

Chris4You · 14.10.2010, 09:55

Hi,

fast richtig.
Du musst das was in meinem vorangegangen Post in der codebox steht bei OTL in das große Feld im unteren Drittel reinkopieren und dann den Button "Run Fixes" drücken und das dann generierte Log posten...

chris

Benita · 14.10.2010, 16:20

Hej Chris,

ich hab natürlich NiCHT "RunFix" geklickt.

Nun also nochmal RiCHTIG (SRY!)..ich hoffe es doch. (Es gab btw nen NEUSTART nach dem "RunFix"-Scan):

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.
Service nmwcdnsuc stopped successfully!
Service nmwcdnsuc deleted successfully!
File C:\Windows\System32\drivers\nmwcdnsuc.sys File not found not found.
Service nmwcdnsu stopped successfully!
Service nmwcdnsu deleted successfully!
File C:\Windows\System32\drivers\nmwcdnsu.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KOO9RV9K4Z not found.
File C:\Users\Admin\AppData\Local\Temp\Rzd.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Metropolis not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd717a34-ae88-11df-a27f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd717a34-ae88-11df-a27f-806e6f6e6963}\ not found.
File E:\ctrun\start.exe not found.
File C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job not found.
File C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
File C:\Windows\Rcecua.exe not found.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP

1B5B4F1 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 76543 bytes
->Temporary Internet Files folder emptied: 7637034 bytes
->FireFox cache emptied: 101805838 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 579 bytes

User: All Users

User: ***
->Temp folder emptied: 1768131 bytes
->Temporary Internet Files folder emptied: 622726 bytes
->FireFox cache emptied: 47254699 bytes
->Flash cache emptied: 2791530 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 212416 bytes
->Temporary Internet Files folder emptied: 21556581 bytes
->Flash cache emptied: 708 bytes

User: J***
->Temp folder emptied: 275254 bytes
->Temporary Internet Files folder emptied: 119818 bytes
->FireFox cache emptied: 40121389 bytes
->Flash cache emptied: 726 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27686676 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 240,00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10142010_165340

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Ach ja -> TDSS-Killer: niente! Gut?

Ich dank dir jetzt schon ganz doll!

Der Rechner ruckelt nimmer!!!

Chris4You · 15.10.2010, 06:50

Hi,

da sind noch ein paar Einträge von Spyboot denen wir nachgehen müssen, und ein neuer Treiber der gestern installiert wurde(?)...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Windows\System32\drivers\tyauye.sys
C:\Windows\System32\COMMAND.COM
C:\Windows\System32\cmd.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Die zwei letzten Einträge will Spybot löschen, sind aber reguläre Files...
Das erste ist der neue Treiber...

chris

Benita · 15.10.2010, 08:44

Hej Chris,

was ihr alles findet!

Super!!, dass du mir so hilfst.

Bei mir siehts leider nicht so rosig aus. -> Die Dateien lassen sich in den angegebenen Verzeichnissen nicht ausfindig machen. Ueber die Suche komme ich nur zu den Logfiles.. Und direkt ueber die Ordner sind sie auch nicht zu finden.

Vista hat gestern 16 Updates vorm Herunterfahren am Abend installiert. Koennten da die Dateien beigewesen sein?

..oder stell ich mich zu dämlich an?!

Chris4You · 15.10.2010, 09:45

Hi,

kopiere einfach den Pfad mit in das Eingabefeld bei Virustotal (also z.B. C:\Windows\System32\drivers\tyauye.sys
), dann brauchst Du nicht suchen. Entweder das System findet die Datei, oder es wird nichts hochgeladen (dann ist sie wohl weg)...
Interessant ist eigentlich nur die erste Datei...

chris

Benita · 15.10.2010, 11:52

Einfuegen ist nicht moeglich; nur die Suche 'im' PC.
ANALYSIS: "Upload a file" -> 'Klick' im "Eingabefeld" -> Pc: "Datei Hochladen"

Eingeben konnte ich den Pfad unter SEARCH: -> "Virustotal_1"
Ergebnis: 2 URL/file Kommentare

Results I
->User: RyanMM
-> Reputation: 3 credits
-> Comment date: 2010-09-21 19:07:48 (UTC)

#Redbook.sys located in the #system32 / #drivers directory. Detected by TDSSKiller as a #rootkit. From the #TDSSKiller log:

2010/09/21 14:30:43.0484 redbook (43f64dbb7296ce330d300b0ff1dc0cd1) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/21 14:30:43.0484 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 43f64dbb7296ce330d300b0ff1dc0cd1, Fake md5: b31b4588e4086d8d84adbf9845c2402b
2010/09/21 14:30:50.0125 Backup copy found, using it..
2010/09/21 14:30:50.0125 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot
2010/09/21 14:30:50.0125 Rootkit.Win32.TDSS.tdl3(redbook) - User select action: Cure
2010/09/21 14:30:58.0046 Deinitialize success

Removing this file and this file alone restored the system to proper functionality, so I'm calling this malware.
Tags: Malware, Redbook, system32, drivers, rootkit, TDSSKiller, patched, lookslike
0b45979623b0ac774a9426c428954e7fb604fae0db187c402af6052906f4099a

Results II

-> User: BugBopperGuy
-> Reputation: 561 credits
-> Comment date: 2010-09-13 19:11:18 (UTC)

BugBopper identifies this file as Trojan.Bat.Erro More info: hxxp://BugBopper.com/MalwareInfo/MD5/83/83d0a4ef71406fce0fcd1924f70c8600.asp
Tags: erro, destoyer, windows
6f064269a7b26cd0dc01886965f00a2f88f50ad4abb1c3b396f728d82693cc4d

Beim ersten Beitrag steht, dass TDSS-Killer die Datei als verdaechtige Datei einstuft..Rootkit..?! -> "Removing this file and this file alone restored the system to proper functionality, so I'm calling this malware." - Datei loeschen; und die Datei stellt von selbst die Funktionalitaet des Systems wieder her?!?!?! Daher Maleware..
Ich checks nicht!

Beim zweiten Beitrag steht, dass BugBopper die Datei als Trojaner identifizierte. Die Suche nach "tyauye" auf der aufgefuehrten Page (hxxp://BugBopper.com/MalwareInfo/MD5/83/83d0a4ef71406fce0fcd1924f70c8600.asp§) hat zu keinem Ergebnis gefuehrt. Der Name taucht dort nirgends auf.

Ich hoffe dass hiervon irgendetwas hilfreich ist!

Chris4You · 15.10.2010, 20:09

Hi,

äh, nicht wirklich...

Bei virustotal.com auf Datei suchen und in dem sich dann öffnenden Dialog per copy-and-past die Datei mit Pfad reinkopieren und "Öffnen" anklicken.
Das Verzeichnis wird gewechselt und die Datei entweder hochgeladen (wenn gefunden) oder es kommt zu einem Fehler...

chris

Benita · 15.10.2010, 20:39

Er findet sie nicht..

Chris4You · 15.10.2010, 21:24

Hi,

zur Sicherheit...

OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
[2010.10.14 10:08:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tyauye.sys

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Was macht der Rechner?

chris

Benita · 16.10.2010, 10:57

Er ist um einiges langsamer als ich und im Übrigen erst 2 Jahre 'alt'.

Hier das OTL-Fix-Log:

All processes killed
========== OTL ==========
File C:\Windows\System32\drivers\tyauye.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: ***
->Temp folder emptied: 72160 bytes
->Temporary Internet Files folder emptied: 7024716 bytes
->FireFox cache emptied: 46699146 bytes
->Flash cache emptied: 1976 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 63070 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 20995186 bytes
->Flash cache emptied: 653 bytes

User: ***
->Temp folder emptied: 41450 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 35165946 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64405 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 105,00 mb

[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: ***
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Gast
->Flash cache emptied: 0 bytes

User: ***
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10162010_102953

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Ein schickes Wochenende wünsch ich DiR!

Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/"

Log-Analyse und Auswertung: Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/"