Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
mein firefox spinnt und microsoft office

mein firefox spinnt und microsoft office


Log-Analyse und Auswertung: mein firefox spinnt und microsoft office

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 14.03.2010, 18:33   #1
nightmarepj
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:04:28, on 14.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Windows\SysWOW64\regsvr32.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Download\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,C:\Windows\system32\msytes32.exe,C:\Windows\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: ezLife browser enhancer rdfvgsdu - {10134F49-AA57-444E-B1A4-9BC7488B87C3} - C:\Windows\SysWow64\rdfvgsdu.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
O2 - BHO: gooochi browser enhancer - {3B97AB0B-9FF2-B93C-FB57-B6A9724436CA} - C:\Windows\SysWow64\udxllgjlildrw.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [krrxttnyslqnji] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\udxllgjlildrw.dll"
O4 - HKLM\..\Run: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [a-squared] "C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files (x86)\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\xxxxx\AppData\Local\Temp\Nbd.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://E:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://62.146.191.133/atlas_activex.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EBB89B-0FD6-4B28-8211-DF67F56C1E97}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: kbupdate - kbupdate.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10732 bytes
--------------------------------------------------------------------------

Code:
ATTFilter
ComboScan v20070226.18 run by xxxxxxxxx on 2010-03-14 at 16:20:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis Clone -------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2010-03-14 16:21:59
Platform: Windows Vista Service Pack 2 (6.00.6002)
MSIE: Internet Explorer (8.0.6001.18882)

Running processes:
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Windows\SysWOW64\regsvr32.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe
D:\Download\HiJackThis\HijackThis.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Download\comboscan\comboscan\comboscan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,C:\Windows\system32\msytes32.exe,C:\Windows\system32\sdra64.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: ezLife browser enhancer rdfvgsdu - {10134F49-AA57-444E-B1A4-9BC7488B87C3} - C:\Windows\SysWOW64\rdfvgsdu.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
O2 - BHO: gooochi browser enhancer - {3B97AB0B-9FF2-B93C-FB57-B6A9724436CA} - C:\Windows\SysWOW64\udxllgjlildrw.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [krrxttnyslqnji] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\udxllgjlildrw.dll"
O4 - HKLM\..\Run: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [a-squared] "C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files (x86)\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\xxxxxxxxx\AppData\Local\Temp\Nbd.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: Download with &Shareaza - res://E:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://62.146.191.133/atlas_activex.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{79EBB89B-0FD6-4B28-8211-DF67F56C1E97}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: kbupdate - C:\Windows\system32\kbupdate.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - "C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe"
O23 - Service: Acer HomeMedia Connect Service - "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
O23 - Service: Avira AntiVir Guard (AntiVirService) - "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
O23 - Service: Autodesk Licensing Service - "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
O23 - Service: Bonjour-Dienst (Bonjour Service) - "C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X64 (clr_optimization_v2.0.50727_64) - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
O23 - Service: eDataSecurity Service - "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
O23 - Service: eRecovery Service (eRecoveryService) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service 64 - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
O23 - Service: HASP License Manager (hasplms) - C:\Windows\system32\hasplms.exe  -run
O23 - Service: iPod-Dienst (iPod Service) - "C:\Program Files (x86)\iPod\bin\iPodService.exe"
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
O23 - Service: Microsoft Office Groove Audit Service - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe"
O23 - Service: Nero BackItUp Scheduler 4.0 - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - C:\Windows\system32\nvvsvc.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
O23 - Service: Office Source Engine (ose) - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - C:\Windows\SysWOW64\perfhost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - C:\Windows\system32\svchost.exe -k LocalService


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "%SystemRoot%\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\winhlp32.exe %1
.inf - inffile - %SystemRoot%\system32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\system32\NOTEPAD.EXE %1
.js - JSFile - C:\Windows\SysWOW64\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - AutoCADScriptFile - C:\Windows\system32\notepad.exe "%1"
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - "%SystemRoot%\System32\WScript.exe" "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

1R acedrv09 - C:\Windows\system32\drivers\acedrv09.sys (not found)
2R aksdf - C:\Windows\system32\drivers\aksdf.sys (not found)
2R aksfridge - C:\Windows\system32\drivers\aksfridge.sys (not found)
2R avgntflt - C:\Windows\system32\DRIVERS\avgntflt.sys (not found)
4S blbdrive - C:\Windows\system32\drivers\blbdrive.sys (not found)
1R ElbyCDIO (ElbyCDIO Driver) - C:\Windows\system32\Drivers\ElbyCDIO.sys (not found)
4S ErrDev (Microsoft Hardware Error Device Driver) - C:\Windows\system32\drivers\errdev.sys (not found)
3S exfat (exFAT File System Driver) - C:\Windows\system32\drivers\exfat.sys (not found)
2R hardlock - C:\Windows\system32\drivers\hardlock.sys (not found)
3S HdAudAddService (Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst) - C:\Windows\system32\drivers\HdAudio.sys (not found)
2R int15 - \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\Windows\system32\drivers\RTKVHD64.sys (not found)
3R ksthunk (Kernel Streaming Thunks) - C:\Windows\system32\drivers\ksthunk.sys (not found)
4S MegaSR - C:\Windows\system32\drivers\megasr.sys (not found)
1R MIPFSv364 - C:\Windows\system32\drivers\MIPFSv364.sys (not found)
1R MIPv364 - C:\Windows\system32\drivers\MIPv364.sys (not found)
3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\Windows\system32\DRIVERS\nvmfdx64.sys (not found)
3R NVHDA (Service for NVIDIA High Definition Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys (not found)
3R nvlddmkm - C:\Windows\system32\DRIVERS\nvlddmkm.sys (not found)
0R nvrd64 (NVIDIA nForce RAID Driver) - C:\Windows\system32\drivers\nvrd64.sys (not found)
3R nvsmu - C:\Windows\system32\DRIVERS\nvsmu.sys (not found)
0R nvstor64 - C:\Windows\system32\drivers\nvstor64.sys (not found)
0R PSDFilter - C:\Windows\system32\DRIVERS\psdfilter.sys (not found)
2R PSDNServ - C:\Windows\system32\DRIVERS\PSDNServ.sys (not found)
2R psdvdisk - C:\Windows\system32\DRIVERS\PSDVdisk.sys (not found)
3R RasSstp (WAN-Miniport (SSTP)) - C:\Windows\system32\DRIVERS\rassstp.sys (not found)
3S sscdbus (SAMSUNG USB Composite Device driver (WDM)) - C:\Windows\system32\DRIVERS\sscdbus.sys (not found)
3S sscdmdfl (SAMSUNG Mobile Modem Filter) - C:\Windows\system32\DRIVERS\sscdmdfl.sys (not found)
3S sscdmdm (SAMSUNG Mobile Modem Drivers) - C:\Windows\system32\DRIVERS\sscdmdm.sys (not found)
3S ss_bus (SAMSUNG Mobile USB Device 1.0 driver (WDM)) - C:\Windows\system32\DRIVERS\ss_bus.sys (not found)
3S ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - C:\Windows\system32\DRIVERS\ss_mdfl.sys (not found)
3S ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - C:\Windows\system32\DRIVERS\ss_mdm.sys (not found)
3S usbscan (USB-Scannertreiber) - C:\Windows\system32\DRIVERS\usbscan.sys (not found)
3R USBSTOR (USB-Massenspeichertreiber) - C:\Windows\system32\DRIVERS\USBSTOR.SYS (not found)
3R VClone - C:\Windows\system32\DRIVERS\VClone.sys (not found)
3S WpdUsb - C:\Windows\system32\DRIVERS\wpdusb.sys (not found)
3R WUDFRd - C:\Windows\system32\DRIVERS\WUDFRd.sys (not found)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2R Acer HomeMedia Connect Service - "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
2R AcerMemUsageCheckService (ePerformance Service) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2R AntiVirSchedulerService (Avira AntiVir Planer) - "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
2R AntiVirService (Avira AntiVir Guard) - "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
3S Autodesk Licensing Service - "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
2R Bonjour Service (Bonjour-Dienst) - "C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
3S clr_optimization_v2.0.50727_64 (Microsoft .NET Framework NGEN v2.0.50727_X64) - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
2R eDataSecurity Service - "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
2R eRecoveryService (eRecovery Service) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2R eSettingsService (eSettings Service) - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3S FLEXnet Licensing Service 64 - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
3S FontCache (Windows-Dienst für Schriftartencache) - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
2R hasplms (HASP License Manager) - C:\Windows\system32\hasplms.exe  -run
3S iPod Service (iPod-Dienst) - "C:\Program Files (x86)\iPod\bin\iPodService.exe"
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
2R Nero BackItUp Scheduler 4.0 - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
2R nvsvc (NVIDIA Display Driver Service) - C:\Windows\system32\nvvsvc.exe
3S PerfHost (Leistungsindikator-DLL-Host) - C:\Windows\SysWow64\perfhost.exe
2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
3R SstpSvc (SSTP-Dienst) - C:\Windows\system32\svchost.exe -k LocalService
2R a2AntiMalware (a-squared Anti-Malware Service) - "C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe"
3S ose (Office Source Engine) - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
3S Microsoft Office Groove Audit Service - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe"
3S odserv (Microsoft Office Diagnostics Service) - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"


-- Scheduled Tasks --------------------------------------------------------------

2010-03-14 15:44:02       262 --ah----- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job<{35DC3~1.JOB>
2010-03-13 15:03:39       314 --ah----- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job<{66BA5~1.JOB>


-- Files created between 2010-02-14 and 2010-03-14 ------------------------------



-- Find3M Report ----------------------------------------------------------------

2010-03-14 15:24:44         0 d-------- C:\Program Files (x86)\Mozilla Firefox<MOZILL~1>
2010-03-14 15:17:54         0 d-------- C:\Program Files (x86)\Microsoft Works<MICROS~2>
2010-03-14 15:17:37         0 d-------- C:\Program Files (x86)\MSBuild
2010-03-14 15:16:51         0 d-------- C:\Program Files (x86)\Microsoft.NET<MICROS~1.NET>
2010-03-14 15:15:05         0 d-------- C:\Program Files (x86)\Microsoft Visual Studio 8<MID05A~1>
2010-03-14 15:07:19         0 d-------- C:\Program Files (x86)\a-squared Anti-Malware<A-SQUA~1>
2010-03-14 15:03:53         0 d-------- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2<MOZILL~1.6BE>
2010-03-14 14:52:53       288 --a------ C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\wklnhst.dat
2010-03-14 14:43:52         0 d-------- C:\Program Files (x86)\Windows Live<WI1F86~1>
2010-03-14 14:43:14         0 d-------- C:\Program Files (x86)\Microsoft SQL Server Compact Edition<MICROS~4>
2010-03-14 14:42:30         0 d-------- C:\Program Files (x86)\Microsoft<MICROS~3>
2010-03-13 15:28:45         0 d-------- C:\Program Files (x86)\Windows Mail<WINDOW~1>
2010-03-12 22:11:50         0 d-------- C:\Program Files (x86)\Autodesk
2010-03-12 22:09:22         0 d-------- C:\Program Files (x86)\Common Files\Autodesk Shared<AUTODE~1>
2010-03-12 21:53:08        43 --a------ C:\Windows\system32\kboem32.dat
2010-03-12 21:27:22       198 --a------ C:\Users\xxxxxxxx\AppData\Roaming\default.rss
2010-03-12 21:25:24         0 d-------- C:\Program Files (x86)\Rhinoceros 4.0<RHINOC~1.0>
2010-03-12 20:18:49         0 d-------- C:\Program Files (x86)\Common Files\McNeel Shared<MCNEEL~1>
2010-03-12 17:33:27         0 d-------- C:\Users\xxxxxxxxx\AppData\Roaming\Autodesk
2010-03-11 17:28:52         0 d-------- C:\Program Files (x86)\Common Files\Nero
2010-03-10 21:31:25         0 d-------- C:\Program Files (x86)\SweetIM
2010-03-10 21:28:50         0 d-------- C:\Users\xxxxxxxx\AppData\Roaming\Any Video Converter<ANYVID~1>
2010-03-10 21:27:50         0 d--h----- C:\Program Files (x86)\InstallShield Installation Information<INSTAL~1>
2010-03-10 21:27:32         0 d-------- C:\Program Files (x86)\Creative
2010-03-10 20:35:27         0 d-------- C:\Users\xxxxxx\AppData\Roaming\Nero
2010-03-10 20:31:07         0 d-------- C:\Program Files (x86)\Nero
2010-03-10 18:40:13         0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard<WISEIN~1>
2010-03-09 18:12:58         0 d-------- C:\Users\xxxxxxxx\AppData\Roaming\DICAD_Systeme_GmbH<DICAD_~1>
2010-03-09 17:57:28         0 d-------- C:\Program Files (x86)\Common Files\Aladdin Shared<ALADDI~1>
2010-03-08 23:24:44         0 d---s---- C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft<MICROS~1>
2010-03-08 23:24:32         0 d-------- C:\Program Files (x86)\Common Files\Acronis
2010-03-08 23:19:13         0 d-------- C:\Users\xxxxxxxxxx\AppData\Roaming\Acronis
2010-03-08 17:57:51         0 d-------- C:\Users\xxxxxxxxxxx\AppData\Roaming\GetRightToGo<GETRIG~1>
2010-03-08 13:28:38         0 d-------- C:\Users\xxxxxxxxx\AppData\Roaming\LimeWire
2010-03-04 16:11:53     48283 --a------ C:\Windows\system32\uaohlaofcedigp.exe<UAOHLA~1.EXE>
2010-03-04 16:11:22         0 d-------- C:\Program Files (x86)\ezLife
2010-03-01 19:57:56         0 d-------- C:\Program Files (x86)\AviSynth 2.5<AVISYN~1.5>
2010-02-21 00:06:41     24064 --a------ C:\Windows\system32\nshhttp.dll
2010-02-21 00:05:14     30720 --a------ C:\Windows\system32\httpapi.dll
2010-02-03 12:30:48    290816 --a------ C:\Windows\system32\rdfvgsdu.dll
2010-02-02 16:51:38         0 d-------- C:\Users\xxxxxxxxx\AppData\Roaming\Shareaza
2010-01-27 02:14:34    499200 --a------ C:\Windows\system32\udxllgjlildrw.dll<UDXLLG~1.DLL>
2010-01-26 17:56:49         0 dr-h----- C:\Users\xxxxxxxxxxx\AppData\Roaming\SecuROM
2010-01-25 13:00:35    152576 --a------ C:\Windows\system32\secproc_ssp_isv.dll
2010-01-25 13:00:35    152064 --a------ C:\Windows\system32\secproc_ssp.dll
2010-01-25 13:00:35    471552 --a------ C:\Windows\system32\secproc_isv.dll
2010-01-25 13:00:22    471552 --a------ C:\Windows\system32\secproc.dll
2010-01-25 12:58:52    332288 --a------ C:\Windows\system32\msdrm.dll
2010-01-25 09:21:20    346624 --a------ C:\Windows\system32\RMActivate_ssp_isv.exe
2010-01-25 09:21:20    526336 --a------ C:\Windows\system32\RMActivate_isv.exe
2010-01-25 09:21:18    347136 --a------ C:\Windows\system32\RMActivate_ssp.exe
2010-01-25 09:21:18    518144 --a------ C:\Windows\system32\RMActivate.exe
2010-01-23 10:26:13      2048 --a------ C:\Windows\system32\tzres.dll
2010-01-22 22:01:06    348160 --a------ C:\Windows\system32\msvcr71.dll
2010-01-22 22:00:57         0 d-------- C:\Program Files (x86)\Common Files\DVDVideoSoft<DVDVID~1>
2010-01-22 16:43:17         0 d-------- C:\Program Files (x86)\CoreAAC
2010-01-21 09:09:09         0 d-------- C:\Program Files (x86)\Microsoft Silverlight<MI2020~1>
2010-01-19 18:24:05         0 d-------- C:\Users\xxxxxxxxxx\AppData\Roaming\IMSIDesign<IMSIDE~1>
2010-01-18 22:59:08         0 d-------- C:\Users\xxxxxxxxxxx\AppData\Roaming\uTorrent
2010-01-18 21:35:48         0 d-------- C:\Users\xxxxxxxxxxx\AppData\Roaming\Azureus
2010-01-17 16:26:59         6 --ahs---- C:\Users\xxxxxxxxxx\AppData\Roaming\desktop.ini
2010-01-17 16:15:25         0 d-------- C:\Program Files (x86)\BearShare Applications<BEARSH~1>
2010-01-17 16:09:12         0 d-------- C:\Users\xxxxxxxxx\AppData\Roaming\Mozilla
2010-01-17 14:14:59         0 d-------- C:\Users\xxxxxxx\AppData\Roaming\SZMaster
2010-01-15 15:58:14    796672 --a------ C:\Windows\GPInstall.exe<GPINST~1.EXE>
2010-01-14 17:57:32         0 d-------- C:\Users\xxxxxxxx\AppData\Roaming\WinRAR
2010-01-12 17:44:17     29480 --a------ C:\Windows\system32\msxml3a.dll
2010-01-12 17:44:16    505128 --a------ C:\Windows\system32\msvcp71.dll
2010-01-06 16:39:38   1696256 --a------ C:\Windows\system32\gameux.dll
2010-01-06 16:38:47     28672 --a------ C:\Windows\system32\Apphlpdm.dll
2010-01-06 14:30:41   4240384 --a------ C:\Windows\system32\GameUXLegacyGDFs.dll
2010-01-02 07:36:10    206848 --a------ C:\Windows\system32\occache.dll
2010-01-02 07:33:32     55296 --a------ C:\Windows\system32\msfeedsbs.dll
2010-01-02 07:33:32    594432 --a------ C:\Windows\system32\msfeeds.dll
2010-01-02 07:32:33    164352 --a------ C:\Windows\system32\ieui.dll
2010-01-02 07:32:33    109056 --a------ C:\Windows\system32\iesysprep.dll
2010-01-02 07:32:33     71680 --a------ C:\Windows\system32\iesetup.dll
2010-01-02 07:32:33   1985536 --a------ C:\Windows\system32\iertutil.dll
2010-01-02 07:32:32     55808 --a------ C:\Windows\system32\iernonce.dll
2010-01-02 07:32:32  11070464 --a------ C:\Windows\system32\ieframe.dll
2010-01-02 07:32:26    387584 --a------ C:\Windows\system32\iedkcs32.dll
2010-01-02 05:57:00    133632 --a------ C:\Windows\system32\ieUnatt.exe
2010-01-02 05:56:50    173056 --a------ C:\Windows\system32\ie4uinit.exe
2010-01-02 05:56:14     13312 --a------ C:\Windows\system32\msfeedssync.exe
2009-12-30 13:30:20   1568768 --a------ C:\Windows\bsdsetup.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"MtdAcq"="C:\\Program Files (x86)\\Creative\\Shared Files\\Media Sniffer\\MtdAcq.exe /s"
"WMPNSCFG"="C:\\Program Files (x86)\\Windows Media Player\\WMPNSCFG.exe"
"TOY5KNQ8OC"="C:\\Users\\xxxxxxxxxxx\\AppData\\Local\\Temp\\Nbd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PCMMediaSharing"="\"C:\\Program Files (x86)\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe\""
"WarReg_PopUp"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe"
"avgnt"="\"C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Java\\jre6\\bin\\jusched.exe\""
"SweetIM"="C:\\Program Files (x86)\\SweetIM\\Messenger\\SweetIM.exe"
"ezLife"=dword:00000000
"krrxttnyslqnji"="C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Windows\\SysWow64\\udxllgjlildrw.dll\""
"VirtualCloneDrive"="\"e:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"a-squared"="\"C:\\Program Files (x86)\\a-squared Anti-Malware\\a2guard.exe\""
"GrooveMonitor"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
	

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000001
"NoActiveDesktopChanges"=dword:00000001
"ForceActiveDesktopOn"=dword:00000000
"BindDirectlyToPropertySetStorage"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbupdate
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalSystemNetworkRestricted	REG_MULTI_SZ   	hidserv\0Netman\0AudioEndpointBuilder\0dot3svc\0WPDBusEnum\0wlansvc\0\0
termsvcs	REG_MULTI_SZ   	TermService\0\0
LocalService	REG_MULTI_SZ   	NSI\0SSDPSRV\0upnphost\0SCardSvr\0RemoteRegistry\0WinHttpAutoProxySvc\0TBS\0SLUINotify\0netprofm\0QWAVE\0WebClient\0\0
rpcss	REG_MULTI_SZ   	RpcSs\0\0
LocalServiceNetworkRestricted	REG_MULTI_SZ   	AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
wcssvc	REG_MULTI_SZ   	WcsPlugInService\0\0
DcomLaunch	REG_MULTI_SZ   	PlugPlay\0DcomLaunch\0\0
NetworkService	REG_MULTI_SZ   	DHCP\0TermService\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
imgsvc	REG_MULTI_SZ   	StiSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
CertPropSvc
SCPolicySvc
gpsvc
LogonHours
PCAudit
iphlpsvc
msiscsi
SessionEnv



-- End of ComboScan: finished at 2010-03-14 at 16:22:44
---------------------------------------------------------------------
Code:
ATTFilter
ComboScan v20070226.18 run by xxxxxxxxxxxx on 2010-03-14 at 16:20:46
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium  (build 6002) SP 2.0
Architecture: X64; Language: German

CPU 0: Intel(R) Core(TM)2 Quad  CPU   Q8200  @ 2.33GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 4094.32 MiB / 2195.94 MiB
Pagefile Memory (total/avail): 8401.93 MiB / 6217.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1893.89 MiB

C: is Fixed (NTFS) - 293.33 GiB total, 161.89 GiB free. 
D: is Fixed (NTFS) - 596.17 GiB total, 594.61 GiB free. 
E: is Fixed (NTFS) - 293.08 GiB total, 275.74 GiB free. 
F: is CDROM (No Media)
G: is CDROM (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)


-- Security Center --------------------------------------------------------------

Windows Internal Firewall is enabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\xxxxxxxxx\AppData\Roaming
CLASSPATH=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=xxxxxxxxxxpc
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\xxxxxxxxx
LOCALAPPDATA=C:\Users\xxxxxxxxxxx\AppData\Local
LOGONSERVER=\\xxxxxxxxxPC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files (x86)\Samsung\Samsung PC Studio 3\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1707
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\CHRIST~1\AppData\Local\Temp
TMP=C:\Users\CHRIST~1\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
USERDOMAIN=xxxxxxxxPC
USERNAME=xxxxxxxxxx
USERPROFILE=C:\Users\xxxxxxxxx
windir=C:\Windows


-- User Profiles ----------------------------------------------------------------

xxxxxxxx


-- Add/Remove Programs ----------------------------------------------------------

 --> C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
a-squared Anti-Malware 4.5 --> "C:\Program Files (x86)\a-squared Anti-Malware\unins000.exe"
Acer Arcade Live Main Page --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\SETUP.exe"  -uninstall
Acer DV Magician --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\SETUP.exe"  -uninstall
Acer DVDivine --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\SETUP.exe"  -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology --> "C:\Program Files (x86)\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ePerformance Management --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x7  -removeonly
Acer eSettings Management --> "C:\Program Files (x86)\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer HomeMedia --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\SETUP.exe"  -uninstall
Acer HomeMedia Connect --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe"  -uninstall
Acer HomeMedia Trial Creator --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B580C409-E16F-44FF-904D-3AE94E113BE0}\SETUP.EXE"  -uninstall
Acer ScreenSaver --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Acer SlideShow DVD --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\SETUP.exe"  -uninstall
Acer VideoMagician --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\SETUP.exe"  -uninstall
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.5 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Advertising Center --> MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Apple Software Update --> MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus --> C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5 --> "C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe"
Bonjour --> MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
ContentSAFER for Wizmax --> 
CoreAAC --> "C:\Program Files (x86)\CoreAAC\Uninstall.exe"
DesignPro 5 SE Goldedition --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6373F2B-6B98-4C84-8C25-78EB41BA31B9} /l1031 
Didi V3 --> "C:\Program Files (x86)\Degener\DidiV3\unins000.exe"
DivX Codec --> C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters --> C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player --> C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DolbyFiles --> MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
EPSON Scan --> C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
eSobi v2 --> C:\Program Files (x86)\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0407
eSobi v2 --> MsiExec.exe /X{15D967B5-A4BE-42AE-9E84-64CD062B25AA}
ezLife browser enhancer --> "C:\Program Files (x86)\ezLife\ezLife\1.3.6.0\uninstall.exe"
Free Realms Installer --> C:\Users\xxxxxxxxxxx\AppData\LocalLow\Sony Online Entertainment\uninst.exe
Gehirnjogging - Der Trainer fürs Gedächtnis... --> C:\PROGRA~2\HAPPYN~1\GEHIRN~1\UNWISE.EXE C:\PROGRA~2\HAPPYN~1\GEHIRN~1\INSTALL.LOG
Gehirnjogging 2 --> C:\PROGRA~2\HAPPYN~1\GEHIRN~2\UNWISE.EXE C:\PROGRA~2\HAPPYN~1\GEHIRN~2\INSTALL.LOG
Gehirnjogging 3 --> C:\PROGRA~2\HAPPYN~1\GEHIRN~3\UNWISE.EXE C:\PROGRA~2\HAPPYN~1\GEHIRN~3\INSTALL.LOG
Google SketchUp 6 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x7  -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x7  -removeonly
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) --> C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) --> C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
iTunes --> MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 17 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update --> MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KB408682 --> 
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\swflash.inf,DefaultUninstall,5
Menu Templates - Starter Kit --> MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Microsoft Choice Guard --> MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (German) 2007 --> MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007 --> MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007 --> MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007 --> MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007 --> MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft VC80 Support DLLs --> MsiExec.exe /I{342F5437-C87D-4BB5-89B9-B23E16C6A395}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 --> MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 --> MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 --> MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable Package --> C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
Movie Templates - Starter Kit --> MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.5.5) --> C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT --> MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430) --> MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688) --> MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 9 Trial --> C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights --> MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter --> MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner --> MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero Disc Copy Gadget --> MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed --> MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed --> MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool --> MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer --> MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap --> MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode --> MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent --> MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime --> MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart --> MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision --> MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor --> MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM --> MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress --> MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTI Backup NOW! 4.7 --> C:\Program Files (x86)\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0407
NTI CD & DVD-Maker --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1031 CDM7
PSP ISO Compressor --> MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}
PSPVC :: PSP Video Converter v3.75 --> "e:\Program Files (x86)\pspvc\Uninstall.exe"
QuickTime --> MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver --> RtlUpd64.exe -r -m -nrg2709
RON Too1 Gooochi --> C:\Windows\system32\uaohlaofcedigp.exe
Samsung PC Studio 3 --> "C:\Program Files (x86)\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0007 -removeonly
Samsung PC Studio 3 USB Driver Installer --> "C:\Program Files (x86)\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0007 -removeonly
Shareaza 2.5.2.0 --> "E:\Program Files (x86)\Shareaza\Uninstall\unins000.exe"
SoundTrax --> MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
Supreme Commander - Forged Alliance --> C:\Program Files (x86)\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe -runfromtemp -l0x0007 -removeonly
SweetIM for Messenger 2.8 --> MsiExec.exe /X{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}
Uniblue RegistryBooster 2010 --> "E:\Program Files (x86)\RegistryBooster\unins000.exe"
Uninstall 1.0.0.1 --> "C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) --> C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053 --> MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VirtualCloneDrive --> "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive"
VLC media player 0.9.9 --> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live-Uploadtool --> MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Anmelde-Assistent --> MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call --> MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform --> MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials --> C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials --> MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Fotogalerie --> MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}
Windows Live Mail --> MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger --> MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Sync --> MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}


-- End of ComboScan: finished at 2010-03-14 at 16:22:44 -------------------------

Alt 14.03.2010, 20:55   #2
Chris4You
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
    und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\SysWow64\udxllgjlildrw.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Dann gibt es noch das hier (neben ein paar anderen Sachen
Zitat:
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\xxxxx\AppData\Local\Temp\Nbd.exe
Das sollte MAM aber schaffen...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris
Für mich:
...
O4 - HKLM\..\Run: [krrxttnyslqnji] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\udxllgjlildrw.dll"
F2 - REG:system.ini: UserInit=userinit.exe,C:\Windows\system32\msytes32.exe,C:\Windows\system32\sdra64.exe,
O2 - BHO: ezLife browser enhancer rdfvgsdu - {10134F49-AA57-444E-B1A4-9BC7488B87C3} - C:\Windows\SysWOW64\rdfvgsdu.dll
O2 - BHO: gooochi browser enhancer - {3B97AB0B-9FF2-B93C-FB57-B6A9724436CA} - C:\Windows\SysWOW64\udxllgjlildrw.dll
...
__________________

__________________
Alt 14.03.2010, 22:11   #3
nightmarepj
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


das geht mit dem button (durchsuchen) auf virustotal

gibt es noch eine seite die das macht
__________________
Alt 15.03.2010, 00:29   #4
nightmarepj
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


dauert einwenig ab grade denn die datei acedrv09.sys in den arch getretten

Alt 15.03.2010, 01:16   #5
nightmarepj
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:13:48, on 15.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Download\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [a-squared] "C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files (x86)\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://E:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://62.146.191.133/atlas_activex.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EBB89B-0FD6-4B28-8211-DF67F56C1E97}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9903 bytes


Alt 15.03.2010, 01:17   #6
nightmarepj
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


jetzt hab ich das mit dem MAM
nur das mit dem Virtustotal geht irgendwie nicht

Alt 15.03.2010, 02:16   #7
nightmarepj
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:13:48, on 15.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Download\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [a-squared] "C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files (x86)\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://E:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://62.146.191.133/atlas_activex.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EBB89B-0FD6-4B28-8211-DF67F56C1E97}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9903 bytes

Alt 15.03.2010, 07:53   #8
Chris4You
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


Hi,

poste das Log von MAM noch...

Du hast sehr viel Filesharing-Sw am Laufen, Bearshare würde ich auf jeden Fall komplett entfernen:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.bearshare.com/
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)

Folgendes File suchen und bei virustotal.com prüfen lassen:
O4 - Global Startup: ASETRES.EXE

Ein Active-X das geladen wird (kennst Du das? Sonst mit HJ fixen lassen):
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - hxxp://62.146.191.133/atlas_activex.dll

Fixen HJ:
Hijackthis, fixen:
Öffne das HijackThis -- Button "scan" -- vor den unten genannten Einträge(n) Häkchen setzen -- Button "Fix checked" -- PC neustarten
Achtung: Alle Anwendungen bis auf HJ müssen geschlossen sein, ein eventuell aktiver Teatimer von Spybot muss unbedingt deaktiviert sein!)
Code:
ATTFilter
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://62.146.191.133/atlas_activex.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )
Geändert von Chris4You (15.03.2010 um 08:23 Uhr)

Alt 15.03.2010, 21:45   #9
nightmarepj
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


Das mit dem Virustotal.com funktioniert nicht, da ich nichts hochladen kann. In dem weißen Feld kann ich nichtmal reinschreiben. Gibt es noch eine gleichwertige Seite, auf der man das überprüfen lassen kann?
Ich habe auch das Programm Killbox runtergeladen, ist das empfehlenswert?

Ich kann leider erstmal nicht weitermachen, da ich ein paar Tage über wegfahre. Am Donnerstag Abend komme ich wieder. Bist du am Donnerstag dann auch so gegen 21 Uhr hier im Forum online um das Thema weiterzuführen?

Aber Danke schonmal für deine Hilfe bis jetzt!

Alt 16.03.2010, 07:24   #10
Chris4You
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


Hi,

http://virusscan.jotti.org/de
Bin heute den ganzen Tag unterwegs, werde den Notebook mitnehmen (Do)...

Hast Du CureIT laufen lassen? Poste bitte das Log...
(Falls die Log Datei ist sehr groß ist, benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.)

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 18.03.2010, 16:16   #11
nightmarepj
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:08:17, on 18.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Users\cHrIsTiNaLiCiOuS\Desktop\etwas\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EBB89B-0FD6-4B28-8211-DF67F56C1E97}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8926 bytes

Alt 18.03.2010, 16:27   #12
nightmarepj
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


virustotal geht im internetcafe aber nicht zuhause

Alt 18.03.2010, 21:59   #13
Chris4You
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


Hi,

das sieht nicht gut aus, wenn Dr. Web recht hat, dann hattest Du einen Backdoor, Keylogger etc. auf dem Rechner und dann ist Neuaufsetzen angesagt...!

Ändere sofort von einem sauberen Rechner aus alle Passwörter!

Weiterhin ist noch einiges an Malware zu sehen, die typisch für die Verwendung von gecrackten Versionen ist...und dann dürfen wir hier aus rechtlichen Gründen nicht weitermachen...

Normalerweise käme jetzt Combofix zum Einsatz, Du hast aber ein 64Bit-System und da ist er nicht lauffähig...
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:
ATTFilter
:Files
c:\users\christinalicious\appdata\local\temp\dologin.exe
c:\users\christinalicious\appdata\local\temp\jmstart.exe

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Arbeite alles was unter dem Link angegeben ist ab und
berichte dann im Thread!
Erstmal keine PlugIns installieren und das gemachte
Backup von Firefox nicht einspielen.
http://www.trojaner-board.de/411645-post19.html

Prevx:
http://www.prevx.com/freescan.asp
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 18.03.2010, 22:27   #14
nightmarepj
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


wäre es klug das ganze zu plätten und windows 7 zu kaufen und drauf zu machen.
denn ich hab jetzt grade vista drauf das war schon drauf doch ich habe ja keine cd dafür was würdest du mir raten

Alt 19.03.2010, 16:28   #15
Chris4You
 
mein firefox spinnt und microsoft office - Standard

mein firefox spinnt und microsoft office


Hi,

Windows7 ist nicht schlecht, brauch etwas weniger Ressourcen wie Vista und ist auch etwas schneller...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort
Seite 1 von 2 1 2

Themen zu mein firefox spinnt und microsoft office
1.exe, antivir, antivir guard, antivirus, any video converter, avgntflt.sys, avira, bho, browser, cid, converter, desktop, device driver, diagnostics, error, essentials, firefox, flash player, fontcache, fotogalerie, google, gservice, hdaudio.sys, helper.exe, hijack, hijackthis, home premium, local\temp, logfile, msiexec.exe, nvlddmkm.sys, object, plug-in, popup, realtek, registry, saver, screensaver, senden, sketchup, software, studio, svchost.exe, sweetim, syswow64, userinit.exe, video converter, vista, visual studio, windows, wlansvc, wscript.exe, {66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job


« Nun hat es mich auch erwischt | Hijackthis meldet Trojaner! Was tun? »


Ähnliche Themen: mein firefox spinnt und microsoft office


  1. Zero-Day-Lücke in Microsoft Office
    Nachrichten - 22.10.2014 (0)
  2. Microsoft kündigt Office-Patchday an
    Nachrichten - 06.10.2012 (0)
  3. Mein Firefox und meine Maus spinnt total! Möglicherweise ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (1)
  4. Microsoft schließt Lücken in Windows und Office
    Nachrichten - 13.09.2011 (0)
  5. Microsoft patcht WINS und Office
    Nachrichten - 10.05.2011 (0)
  6. Verwundbarkeit von Microsoft Office und OpenOffice im Vergleich
    Nachrichten - 20.04.2011 (0)
  7. Microsoft aktualisiert Office 2011 für Mac (Update)
    Nachrichten - 11.11.2010 (0)
  8. Microsoft aktualisiert Office 2011 für Mac
    Nachrichten - 10.11.2010 (0)
  9. Microsoft schließt sieben Office-Lücken
    Nachrichten - 09.11.2010 (0)
  10. prombleme mit microsoft office 2007
    Netzwerk und Hardware - 07.11.2009 (15)
  11. Microsoft zentralisiert Office-Update
    Nachrichten - 19.08.2009 (0)
  12. Microsoft Office 2000 Update-Problem
    Alles rund um Windows - 06.08.2009 (16)
  13. Microsoft baut Sandkasten für Office 2010
    Nachrichten - 24.07.2009 (0)
  14. Microsoft warnt vor Lücke in Office-Webkomponente
    Nachrichten - 13.07.2009 (0)
  15. Microsoft Office Outlook 2003 Fehlermeldung
    Alles rund um Windows - 03.01.2008 (2)
  16. Open Office besser Als Office von Microsoft?
    Alles rund um Windows - 06.11.2007 (1)
  17. Bitte checkt mal mein LOgfile. Firefox spinnt
    Mülltonne - 31.08.2007 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema mein firefox spinnt und microsoft office - Code: Alles auswählen Aufklappen ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:04:28, on 14.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: - mein firefox spinnt und microsoft office...
Archiv
Du betrachtest: mein firefox spinnt und microsoft office auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131