Trojan.Win32.Patched.aa!A2 in explorer.exe

Kurtchen · 10.04.2010, 10:37

Hallo,

habe bei einem Scan mit a-squared einen Trojaner, ein Cookie und einen Wurm gemeldet bekommen.

a - s q u a r e d F r e e - V e r s i o n 4 . 5
L e t z t e s U p d a t e : 0 6 . 0 4 . 2 0 1 0 1 8 : 1 7 : 3 4

S c a n E i n s t e l l u n g e n :
S c a n M e t h o d e : D e t a i l S c a n
O b j e k t e : S p e i c h e r , T r a c e s , C o o k i e s , C : \ , D : \ , E : \
A r c h i v S c a n : A n
H e u r i s t i k : A u s
A D S S c a n : A n

S c a n B e g i n n : 0 6 . 0 4 . 2 0 1 0 1 8 : 1 8 : 2 8

[ 1 9 7 2 ] C : \ W i n d o w s \ e x p l o r e r . e x e g e f u n d e n : T r o j a n . W i n 3 2 . P a t c h e d . a a ! A 2

C : \ U s e r s \ ***\ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ C o o k i e s \***@ d o u b l e c l i c k [ 1 ] . t x t g e f u n d e n : T r a c e . T r a c k i n g C o o k i e . d o u b l e c l i c k ! A 2

C : \ P r o g r a m F i l e s \ J a v a \ j r e 1 . 6 . 0 _ 0 7 \ b i n \ s s v a g e n t . e x e g e f u n d e n : W o r m . W i n 3 2 . V a s o r . 1 7 4 0 0 ! A 2

G e s c a n n t
D a t e i e n : 3 8 5 3 7 8
T r a c e s : 5 7 3 1 9 6
C o o k i e s : 1 2
P r o z e s s e : 7 1

G e f u n d e n
D a t e i e n : 1
T r a c e s : 0
C o o k i e s : 1
P r o z e s s e : 1
R e g i s t r y K e y s : 0

S c a n E n d e : 0 6 . 0 4 . 2 0 1 0 2 1 : 1 4 : 3 4
S c a n Z e i t : 2 : 5 6 : 0 6

Eine Prüfung der Dateien explorer.exe und ssvagent.exe unter www.virustotal.com/de/ hat keinen Fehler ergeben.
Nach einem Update von a-squared wurde bei einem erneuten Scan nur noch der Cookie gefunden, obwohl ich nichts gelöscht habe.
AntiVir und Ad-aware haben den Wurm und den Trojaner ebenfalls nicht erkannt.
Mbam findet auch nichts (s.u.).
Mit den HiJackThis-Auswertungen komm ich nicht klar (s.u.).

Das Lap zeigt keine ungewöhnlichen Verhaltensweisen.
Ich bin mir nun nicht sicher, ob die a-squared Trojaner- und Wurmmeldung eine falsch-positive Meldung war, oder ob ich diese tatsächlich auf dem Laptop habe.

Danke für Eure Hilfe

Im Folgenden Prozesorbezeichnung, Mbam-Protokoll, und die HiJackFiles:

Betriebssystemname Microsoft Windows Vista Home Premium
Version 6.0.6002 Service Pack 2 Build 6002
Zusätzliche Betriebssystembeschreibung Nicht verfügbar
Betriebssystemhersteller Microsoft Corporation
Systemname ***-PC
Systemhersteller Acer
Systemmodell TravelMate 5720
Systemtyp X86-basierter PC
Prozessor Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, 2201 MHz, 2 Kern(e), 2 logische(r) Prozessor(en)
BIOS-Version/-Datum Phoenix Technologies LTD V1.34, 15.04.2008
SMBIOS-Version 2.4
Windows-Verzeichnis C:\Windows
Systemverzeichnis C:\Windows\system32
Startgerät \Device\HarddiskVolume2
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "6.0.6002.18005"
Benutzername ***-PC\***
Zeitzone Mitteleuropäische Sommerzeit
Installierter physikalischer Speicher (RAM) 3,00 GB
Gesamter realer Speicher 3,00 GB
Verfügbarer realer Speicher 1,93 GB
Gesamter virtueller Speicher 6,21 GB
Verfügbarer virtueller Speicher 4,84 GB
Größe der Auslagerungsdatei 3,29 GB
Auslagerungsdatei C:\pagefile.sys

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3972

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

09.04.2010 19:16:47
mbam-log-2010-04-09 (19-16-47).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 103164
Laufzeit: 3 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Nun die Info-Datei:
info.txt logfile of random's system information tool 1.06 2010-04-09 19:31:34

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x7 -removeonly
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x7 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x7 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x7 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x7 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{FC57FC53-104C-415C-98D7-B05E659461A9}
Catalyst Control Center - Branding-->MsiExec.exe /I{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"
Dir-It!-->MsiExec.exe /X{602A58C3-BDF2-4B8A-B9D3-B6D9BACA386A}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
File Shredder 2.0-->"C:\Program Files\File Shredder\unins000.exe"
Folder Size for Windows-->MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
FreePDF XP (Remove only)-->C:\Program Files\FreePDF_XP\fpsetup.exe /r
GPL Ghostscript 8.61-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.61\uninstal.txt"
GPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
GSview 4.9-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -Ic:\Release\Foxconn\51338\AcrZUn32z.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IceBreaker-->C:\Program Files\Icebreaker\uninstall.exe
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaInfo 0.7.6.4-->C:\Program Files\MediaInfo\uninst.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft SQL Server Native Client-->MsiExec.exe /I{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MiKTeX 2.6-->"C:\Program Files\MiKTeX 2.6\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.6\miktex\config\uninstall.dat"
Moraff's MoreJongg 7.01 Free-->C:\Program Files\MoreJongg\uninstall.exe
Mozilla Firefox (3.5.8)-->C:\Program Files\Firefox\uninstall\helper.exe
MP3 Manager-->C:\PROGRAM FILES\MP3 MANAGER\setup\setup.exe
MP3Find pro v4.49-->MsiExec.exe /X{C7466317-1026-4340-99D5-505A6B614FB8}
Mp3tag v2.45-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0407
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1031 CDM7
NTI Shadow-->"C:\Program Files\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe" -removeonly
NTI Shadow-->C:\Program Files\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe -runfromtemp -l0x0407
OpenOffice.org 3.0-->MsiExec.exe /I{7EC19307-7C22-47A8-922B-3FA965291260}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
phonostar-Player Version 3.01.5-->"C:\Program Files\phonostar\phonostar-Player\unins000.exe"
PowerDVD-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RedMon - Redirection Port Monitor-->C:\Windows\system32\unredmon.exe
smartision ScreenCopy 2.3-->"C:\Program Files\ScreenCopy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Teen Spirit-->C:\Program Files\Teen Spirit\uninstall.exe
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}\setup.exe -runfromtemp -l0x0407
The Font Thing-->C:\Windows\uninst.exe -f"C:\Program Files\The Font Thing\DeIsL1.isu" -c"C:\Program Files\The Font Thing\_ISREG32.DLL"
TV Jukebox 3.1-->C:\Program Files\InstallShield Installation Information\{F3F1D08D-ABEF-4528-8383-54C46369EBB6}\Setup.exe -runfromtemp -l0x0007 -removeonly
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 9.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{0138F525-6C8A-333F-A105-14AE030B9A54}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.1.0.2000-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinEdt-->C:\PROGRA~1\WinEdt\WinEdt.exe -V "[Exe('%B\WinShell\Uninstall.edt');]"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: ***-PC
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB974470(Security Update) in den Status Installation angefordert(Install Requested).
Record Number: 147618
Source Name: Microsoft-Windows-Servicing
Time Written: 20091014145459.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***-PC
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB974470(Security Update) in den Status Installation angefordert(Install Requested).
Record Number: 147617
Source Name: Microsoft-Windows-Servicing
Time Written: 20091014145459.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***-PC
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 974470-16_neutral_GDR aus Paket KB974470(Security Update) in den Status Wird bereitgestellt(Staging) setzen zu können.
Record Number: 147616
Source Name: Microsoft-Windows-Servicing
Time Written: 20091014145458.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***-PC
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 974470-15_neutral_LDR aus Paket KB974470(Security Update) in den Status Wird bereitgestellt(Staging) setzen zu können.
Record Number: 147615
Source Name: Microsoft-Windows-Servicing
Time Written: 20091014145458.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***-PC
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 974470-8_neutral_GDR aus Paket KB974470(Security Update) in den Status Wird bereitgestellt(Staging) setzen zu können.
Record Number: 147614
Source Name: Microsoft-Windows-Servicing
Time Written: 20091014145458.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: ***-PC
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 7678
Source Name: Microsoft-Windows-WMI
Time Written: 20081026162214.000000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 7677
Source Name: Microsoft-Windows-WMI
Time Written: 20081026162213.000000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 0
Message: Der Dienst wurde gestartet.
Record Number: 7676
Source Name: MobilityService
Time Written: 20081026162213.000000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 1005
Message: Ergebnis der Inanspruchnahme von Windows-Rechten: hr=0x0

Record Number: 7675
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20081026162213.000000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 1003
Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen.
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
Lizenzierungsstatus=
{1,[3a1d44e2-bede-46fb-8a02-0cd485a1db8b, 8, 0xC004F014,0x0]}

{1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]}

{1,[a3481201-436e-4fc9-88b4-34ccf7f81789, 8, 0xC004F014,0x0]}

{1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]}

{1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]}

{1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}

{1,[c3505bd0-004a-49b9-84db-a1a4869eddf1, 8, 0xC004F014,0x0]}

{1,[c5d8ec70-e2ae-42d8-aaa9-eec3772438ee, 8, 0xC004F014,0x0]}

{1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 8, 0xC004F014,0x0]}

{1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]}

Record Number: 7674
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20081026162213.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: ***-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ***-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x298
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 23489
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090424173059.844202-000
Event Type: Überwachung erfolgreich
User:

Computer Name: ***-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ***-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x298
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 23488
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090424173059.844202-000
Event Type: Überwachung erfolgreich
User:

Computer Name: ***-PC
Event Code: 5056
Message: Ein Kryptografieselbsttest wurde ausgeführt.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ***-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Modul: ncrypt.dll

Rückgabecode: 0x0
Record Number: 23487
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090424173054.438185-000
Event Type: Überwachung erfolgreich
User:

Computer Name: ***-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-21-2070090515-1186517793-667068663-1003
Kontoname: ***
Kontodomäne: ***-PC
Anmelde-ID: 0x1d288

Berechtigungen: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 23486
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090424173054.422585-000
Event Type:Überwachung erfolgreich
User:

Computer Name: ***-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ***-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 2

Neue Anmeldung:
Sicherheits-ID: S-1-5-21-2070090515-1186517793-667068663-1003
Kontoname: ***
Kontodomäne: ***-PC
Anmelde-ID: 0x1d2c6
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x3ec
Prozessname: C:\Windows\System32\winlogon.exe

Netzwerkinformationen:
Arbeitsstationsname: ***-PC
Quellnetzwerkadresse: 127.0.0.1
Quellport: 0

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: User32
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die Übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 23485
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090424173054.422585-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\MiKTeX 2.6\miktex\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\Intel\WiFi\bin\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------

Jetzt noch die Log-Datei

Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2010-04-09 19:31:26
Microsoft Windows Vista Home Premium Service Pack 2
System drive C: has 2 GB (7%) free of 28 GB
Total RAM: 3070 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:33, on 09.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TV Jukebox 3.1\tvjbMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\***\Desktop\RSIT.exe
C:\Program Files\trend micro\***.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.spiegel.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Users\***\Documents\ws.js
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\TV Jukebox 3.1\tvjbMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6945 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03 155184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-08 4853760]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"tvjbmonitor"=C:\Program Files\TV Jukebox 3.1\tvjbMonitor.exe [2006-12-26 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Skytel"=C:\Windows\Skytel.exe [2007-11-21 1826816]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-01-03 521776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
C:\Program Files\FreePDF_XP\fpassist.exe [2007-06-26 312320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-08 858632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-01-22 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-11-21 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSweep]
C:\Program Files\WinSweep\WinSweep.Exe /AUTO []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSweep Popupblocker]
C:\Program Files\WinSweep\WSPopup.Exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-08-28 739880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2007-04-14 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WINSWEEP Popupblocker.Lnk]
C:\PROGRA~1\WinSweep\WSPopup.exe /STEP1 /SOUND []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-09 19:31:26 ----D---- C:\rsit
2010-04-09 19:31:26 ----D---- C:\Program Files\trend micro
2010-04-09 19:11:28 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2010-04-09 19:11:08 ----D---- C:\ProgramData\Malwarebytes
2010-04-09 19:11:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-09 18:39:21 ----D---- C:\Program Files\CCleaner
2010-04-02 21:27:12 ----A---- C:\Windows\system32\mshtml.dll
2010-04-02 21:27:11 ----A---- C:\Windows\system32\ieframe.dll
2010-04-02 21:27:10 ----A---- C:\Windows\system32\wininet.dll
2010-04-02 21:27:10 ----A---- C:\Windows\system32\urlmon.dll
2010-04-02 21:27:10 ----A---- C:\Windows\system32\occache.dll
2010-04-02 21:27:10 ----A---- C:\Windows\system32\mstime.dll
2010-04-02 21:27:10 ----A---- C:\Windows\system32\msfeeds.dll
2010-04-02 21:27:10 ----A---- C:\Windows\system32\iertutil.dll
2010-04-02 21:27:10 ----A---- C:\Windows\system32\iedkcs32.dll
2010-04-02 21:27:09 ----A---- C:\Windows\system32\msfeedssync.exe
2010-04-02 21:27:09 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-04-02 21:27:09 ----A---- C:\Windows\system32\jsproxy.dll
2010-04-02 21:27:09 ----A---- C:\Windows\system32\ieUnatt.exe
2010-04-02 21:27:09 ----A---- C:\Windows\system32\ieui.dll
2010-04-02 21:27:09 ----A---- C:\Windows\system32\iesysprep.dll
2010-04-02 21:27:09 ----A---- C:\Windows\system32\iesetup.dll
2010-04-02 21:27:09 ----A---- C:\Windows\system32\iernonce.dll
2010-04-02 21:27:09 ----A---- C:\Windows\system32\iepeers.dll
2010-04-02 21:27:09 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-13 19:35:18 ----A---- C:\Windows\system32\nshh**p.dll
2010-03-13 19:35:16 ----A---- C:\Windows\system32\h**papi.dll

======List of files/folders modified in the last 1 months======

2010-04-09 19:31:30 ----D---- C:\Windows\Temp
2010-04-09 19:31:26 ----RD---- C:\Program Files
2010-04-09 19:12:42 ----D---- C:\Windows\System32
2010-04-09 19:12:42 ----D---- C:\Windows\inf
2010-04-09 19:12:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-09 19:11:10 ----D---- C:\Windows\system32\drivers
2010-04-09 19:11:08 ----HD---- C:\ProgramData
2010-04-09 19:06:06 ----D---- C:\Windows
2010-04-09 18:41:45 ----D---- C:\Windows\Debug
2010-04-09 01:47:21 ----SHD---- C:\System Volume Information
2010-04-07 01:30:00 ----D---- C:\Windows\Prefetch
2010-04-06 16:58:52 ----D---- C:\Software
2010-04-04 12:22:04 ----D---- C:\Program Files\a-squared Free
2010-04-02 21:28:19 ----D---- C:\Windows\system32\migration
2010-04-02 21:28:19 ----D---- C:\Program Files\Internet Explorer
2010-04-02 21:27:59 ----D---- C:\Windows\winsxs
2010-04-02 21:26:03 ----D---- C:\Windows\system32\catroot2
2010-04-02 21:26:03 ----D---- C:\Windows\system32\catroot
2010-04-01 23:20:00 ----D---- C:\Program Files\MP3 MANAGER
2010-03-16 19:06:35 ----D---- C:\Program Files\Firefox
2010-03-16 18:40:24 ----D---- C:\Windows\system32\WDI
2010-03-13 19:52:40 ----D---- C:\Program Files\Movie Maker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-11-30 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 RMCAST;RMCAST (Pgm)-Protokolltreiber; C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-09 3552256]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-09 2044896]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-27 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-07 192816]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 AF15BDA;AF9015 BDA Filter; C:\Windows\system32\DRIVERS\AF15BDA.sys [2008-08-31 449664]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2007-08-30 81448]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-08-30 99880]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-08-30 17448]
S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WisINT15;WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2010-04-04 1858144]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Ad-Aware\aawservice.exe [2008-08-18 611664]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-05-09 671744]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-01-03 506416]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 EvtEng;Intel PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2007-11-14 131072]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]

-----------------EOF-----------------

cosinus · 10.04.2010, 13:51

Hallo und

Mit Malwarebytes bitte einen Vollscan machen und Log posten.
Erstell danach Log mit OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Kurtchen · 10.04.2010, 15:55

Vielen Dank für die schnelle Hilfe.

Anbei die amgeforderten Dateien

Malwarebytes' Anti-Malware 1.45
w*w.malwarebytes.org

Datenbank Version: 3972

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

10.04.2010 16:18:10
mbam-log-2010-04-10 (16-18-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 268708
Laufzeit: 57 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Nun die OTL-Dateien
OTL logfile created on: 10.04.2010 16:23:00 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Software\Sicherheit\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27,18 Gb Total Space | 1,83 Gb Free Space | 6,72% Space Free | Partition Type: NTFS
Drive D: | 245,52 Gb Total Space | 1,18 Gb Free Space | 0,48% Space Free | Partition Type: NTFS
Drive E: | 9,77 Gb Total Space | 9,68 Gb Free Space | 99,10% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Software\Sicherheit\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\TV Jukebox 3.1\tvjbMonitor.exe ()

========== Modules (SafeList) ==========

MOD - C:\Software\Sicherheit\OTL\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (aawservice) -- C:\Program Files\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech )
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://de.intl.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.spiegel.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Users\***\Documents\ws.js

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "h**p://w*w.spiegel.de/"
FF - prefs.js..extensions.enabledItems: amg@aaronl.com:5.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Firefox\components [2010.03.16 19:06:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010.03.16 19:06:34 | 000,000,000 | ---D | M]

[2008.08.18 19:19:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.04.09 01:20:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3h220h0i.default\extensions
[2009.06.24 20:11:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3h220h0i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.12.12 12:58:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3h220h0i.default\extensions\amg@aaronl.com

O1 HOSTS File: ([2010.04.09 18:34:17 | 000,000,767 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tvjbmonitor] C:\Programme\TV Jukebox 3.1\tvjbMonitor.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Seifenblase.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Seifenblase.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.09 19:31:26 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.09 19:31:26 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.09 19:11:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.04.09 19:11:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.09 19:11:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.09 19:11:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.09 19:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.09 18:39:21 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.02 21:27:10 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.04.02 21:27:10 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.04.02 21:27:10 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.04.02 21:27:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.04.02 21:27:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.04.02 21:27:09 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.04.02 21:27:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.04.02 21:27:09 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.04.02 21:27:09 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.04.02 21:27:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.04.02 21:27:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.04.02 21:27:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.04.02 21:27:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.04.02 21:27:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.04.02 21:27:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.03.13 19:35:18 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshh**p.dll
[2010.03.13 19:35:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\h**papi.dll

========== Files - Modified Within 30 Days ==========

[2010.04.10 16:22:32 | 003,145,728 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.04.10 15:23:01 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.10 15:23:01 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.10 15:23:01 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.10 15:23:01 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.10 15:23:01 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.10 15:17:51 | 000,001,980 | ---- | M] () -- C:\Users\***\Documents\cc_20100410_151744.reg
[2010.04.10 15:15:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.10 15:15:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 15:15:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 15:15:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.10 01:48:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.04.10 01:48:09 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.04.10 01:48:09 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.10 01:48:07 | 003,299,613 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.04.10 01:46:46 | 000,087,552 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.09 19:11:13 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.09 18:58:48 | 000,000,286 | ---- | M] () -- C:\Users\***\Documents\cc_20100409_185831b.reg
[2010.04.09 18:58:17 | 000,000,274 | ---- | M] () -- C:\Users\***\Documents\cc_20100409_185801a.reg
[2010.04.09 18:57:12 | 000,063,284 | ---- | M] () -- C:\Users\***\Documents\cc_20100409_185654.reg
[2010.04.09 18:39:22 | 000,001,674 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.04.09 15:43:17 | 000,781,909 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010.04.10 15:17:48 | 000,001,980 | ---- | C] () -- C:\Users\***\Documents\cc_20100410_151744.reg
[2010.04.09 19:31:14 | 000,781,909 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.04.09 19:11:13 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.09 18:58:37 | 000,000,286 | ---- | C] () -- C:\Users\***\Documents\cc_20100409_185831b.reg
[2010.04.09 18:58:08 | 000,000,274 | ---- | C] () -- C:\Users\***\Documents\cc_20100409_185801a.reg
[2010.04.09 18:57:04 | 000,063,284 | ---- | C] () -- C:\Users\***\Documents\cc_20100409_185654.reg
[2010.04.09 18:39:22 | 000,001,674 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2009.08.11 11:17:31 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.05.27 19:08:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.03.31 19:14:11 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini
[2009.03.31 19:14:11 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.20 13:56:43 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2008.08.20 10:13:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008.08.19 17:38:25 | 000,011,388 | ---- | C] () -- C:\Users\***\gsview32.ini
[2008.08.19 11:48:33 | 000,087,552 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.19 08:28:41 | 000,000,959 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.08.19 00:53:32 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.08.18 15:20:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.08.18 15:19:27 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008.08.18 15:18:06 | 000,110,014 | ---- | C] () -- C:\Users\***\AppData\Local\edsinstaller.txt-20080818.log
[2008.08.18 15:09:25 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini
[2008.08.18 15:09:24 | 003,145,728 | -HS- | C] () -- C:\Users\***\NTUSER.DAT
[2008.08.18 15:09:24 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.08.18 15:09:24 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008.08.18 15:09:24 | 000,262,144 | -H-- | C] () -- C:\Users\***\ntuser.dat.LOG1
[2008.08.18 15:09:24 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008.08.18 15:09:24 | 000,000,000 | -H-- | C] () -- C:\Users\***\ntuser.dat.LOG2
[2008.03.28 10:16:44 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008.03.28 05:27:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.03.28 05:26:55 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.03.28 05:26:55 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.03.28 05:26:54 | 000,000,040 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.03.27 20:57:46 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.08.28 18:03:14 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
< End of report >

OTL Extras logfile created on: 10.04.2010 16:23:00 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Software\Sicherheit\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27,18 Gb Total Space | 1,83 Gb Free Space | 6,72% Space Free | Partition Type: NTFS
Drive D: | 245,52 Gb Total Space | 1,18 Gb Free Space | 0,48% Space Free | Partition Type: NTFS
Drive E: | 9,77 Gb Total Space | 9,68 Gb Free Space | 99,10% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{319F4292-F9FB-48AE-B289-406076863D31}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A71DC60-DA67-484D-83AF-1B6636C1A892}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C7D250D-FF0B-4F27-B429-2098CAF194AF}" = lport=138 | protocol=17 | dir=in | app=system |
"{57A23E1A-93EA-43AD-BBA1-96CE4B8C9310}" = lport=137 | protocol=17 | dir=in | app=system |
"{6A71BDE5-90ED-4E51-8846-D0181047D8A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8375C9BF-BA17-43EF-8823-5234A05EE437}" = lport=445 | protocol=6 | dir=in | app=system |
"{A3A3C3CD-DABE-4F09-90F7-97C501F1C04C}" = rport=138 | protocol=17 | dir=out | app=system |
"{D8158717-218E-410B-8C7C-ABD74EE305F1}" = lport=139 | protocol=6 | dir=in | app=system |
"{ED2142B3-B021-4D1F-BC00-8D24D2B605BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{F8C42162-C1CE-458E-8351-D3F5474C20C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4A78D1F0-CA80-4997-BB27-CAAF913A9614}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D6A9956-B2E9-4157-85CC-BBE0C88F666F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{991816CA-7F7B-4CC0-ABA7-9E2720794C50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BDD8F47F-BAB4-4F02-83E5-CEDA2942FF1A}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{FA75FA22-DD3D-46A4-ACF8-DA3AF5F37D7A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{3937F055-A0FE-4EDB-8C17-5494179D76FE}C:\program files\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\realplayer\realplay.exe |
"TCP Query User{664D43A8-2E1A-4CAD-9174-ACA83CA66D5B}C:\program files\phonostar\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar\phonostar-player\phonostar.exe |
"TCP Query User{6AD23F32-FC6A-4223-997E-481475080958}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{720DB18B-3BFF-4F5C-B9DB-129658CE4654}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{74D99460-8AE6-4E79-AC97-2EDA79BE68C5}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe |
"TCP Query User{7B525C6F-138B-49EB-8AEE-F6FE1DA7DAF6}C:\program files\phonostar\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar\phonostar-player\phonostar.exe |
"TCP Query User{8C95AD7E-0D29-494E-8450-738CC0319634}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe |
"TCP Query User{9F433F05-13E4-4C65-A40E-124A6DAC6F10}C:\program files\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\phonostar\ps_olect.exe |
"TCP Query User{D4330C38-BD2C-4656-8AC9-D760C9310BE2}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{DA6D09FD-5E6C-491A-B380-38E7D4C1A8DB}C:\program files\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\phonostar\ps_olect.exe |
"TCP Query User{E17CB138-67DE-4179-B30E-EF1A6A005BFC}C:\program files\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\realplayer\realplay.exe |
"UDP Query User{024AC675-7E28-48CC-B9DC-361FB946C1D9}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{1AF39CEA-FF9E-4C27-B95F-BDA6FD25CD1D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1C93019A-4FC9-4321-9C4A-F50C4780D147}C:\program files\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\phonostar\ps_olect.exe |
"UDP Query User{5FCC248A-9547-4CCA-B509-C60F62ECBF12}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe |
"UDP Query User{614D0842-9398-4260-AB28-473E4391C58B}C:\program files\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\realplayer\realplay.exe |
"UDP Query User{6FDF8C0C-F9AB-49B7-A76E-D2F9C28213DD}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe |
"UDP Query User{7329F6F6-8109-41B8-8CFC-8D6A4E7641F4}C:\program files\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\realplayer\realplay.exe |
"UDP Query User{83A9EA41-4CA7-45E9-A66C-68E629AC2179}C:\program files\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\phonostar\ps_olect.exe |
"UDP Query User{AF1A9F06-2564-4A31-974C-6B07EF4AE4E5}C:\program files\phonostar\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar\phonostar-player\phonostar.exe |
"UDP Query User{B1D177FA-27DD-48B5-8BE6-32A7BCBE725D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{EABD0FAE-29E3-4B56-8215-74C54A61AEC7}C:\program files\phonostar\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar\phonostar-player\phonostar.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}" = Catalyst Control Center - Branding
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2000
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0A1984C3-5036-5B5F-F18E-16453EF5A6E1}" = Catalyst Control Center Localization Swedish
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{155BBB23-C7A5-223C-3B33-289089D6E0A2}" = Catalyst Control Center Localization Finnish
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19B4BDE9-0F2B-44FF-FDC4-987E1B33D03C}" = CCC Help English
"{24F149E4-D897-9046-48A5-87CD67F81865}" = CCC Help Polish
"{25C1AF96-1F59-A1CE-3135-B38AFAA5C614}" = CCC Help Czech
"{26E2E4FB-F26A-549E-5496-14BAE4E2BA67}" = Catalyst Control Center Graphics Full Existing
"{27B7371A-7AA2-CC5B-6377-72161660F0BE}" = CCC Help Chinese Traditional
"{29F3D466-E05F-CBB6-63E9-01C85C083FCD}" = CCC Help French
"{2CB2E1AE-B62A-3F43-9DD0-EF73467977AC}" = Catalyst Control Center Localization Hungarian
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{30BDD0BE-6A51-6DDD-197D-EFCE3B0EF79D}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{358C26F2-5B99-A7E9-18CF-2AE6BC97289B}" = Catalyst Control Center Localization Czech
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3C277F75-605E-BFFE-4F87-27709C92370C}" = Catalyst Control Center Localization Portuguese
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4BD4AA8B-3C63-26AB-1CA3-010475A9EA72}" = CCC Help Portuguese
"{5262BAD6-5AB7-1490-A65C-D06368F07FF1}" = Catalyst Control Center Localization Italian
"{53F44183-B716-8D7D-053E-CB8039B38E74}" = CCC Help Hungarian
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5539EBB1-4BB9-21E5-921B-16E8886639D3}" = Catalyst Control Center Localization Chinese Traditional
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A89D38C-B9FE-ECFF-B90E-B9DEC8C8F2D8}" = Catalyst Control Center Localization Greek
"{5B1519C1-265C-C636-C414-F1E150B4F0AA}" = CCC Help Turkish
"{602A58C3-BDF2-4B8A-B9D3-B6D9BACA386A}" = Dir-It!
"{6184B5A4-1355-A8D6-CE24-8F7EE887CBF3}" = CCC Help Norwegian
"{650BDC60-79C7-383B-2E9C-B8FF3909A127}" = Catalyst Control Center Localization Spanish
"{653F6FEA-643C-457F-774A-64D4DAAE1028}" = Catalyst Control Center Graphics Previews Vista
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{790DA23A-126B-91A9-FAB7-13EF66724253}" = CCC Help Swedish
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DBDAAAB-8639-B59D-798A-32458B7380F9}" = Catalyst Control Center Localization Norwegian
"{7E96828D-B970-B1A9-3D9F-7EC3624785D0}" = Catalyst Control Center Localization German
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{7ECBF19A-78EC-1665-7E1C-B3E92B07F7CC}" = CCC Help Japanese
"{80C1F369-F876-3D19-7816-B7800E7A6961}" = CCC Help Greek
"{827CFE4D-8687-9E1E-0A72-587BFF0B0D3A}" = CCC Help Thai
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF60AF6-B109-D3A4-4367-B3620CBA37A7}" = CCC Help Finnish
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9ED61802-0F47-F846-FA23-67CE3E4BD427}" = CCC Help Italian
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A79CB508-2DD7-F717-8787-C6382C274082}" = Catalyst Control Center Graphics Light
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AACF5D06-EF3A-1941-3492-1E60589CA444}" = ccc-utility
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE2C968B-8A14-ABA2-D742-14E575104BCD}" = Catalyst Control Center Localization Korean
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B6988D5B-4325-F1F7-B0E5-C4CCCD01E6B8}" = Catalyst Control Center Localization Thai
"{B734B040-25BB-02CA-39BD-FD6D070EDDAB}" = Catalyst Control Center Localization Danish
"{B86EE516-7CB4-E4C3-8382-010D4F2807F5}" = CCC Help Korean
"{BB01F512-272A-3C70-DA60-884C8BBC39DD}" = Catalyst Control Center Localization Chinese Standard
"{BCB0CE1E-7510-3948-4834-99BBA689CF62}" = Catalyst Control Center Core Implementation
"{BD5106DF-C061-5736-F1A5-F114BAA63759}" = CCC Help Russian
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C03A43DF-CEE0-6D82-D2D3-781CCE1FC24E}" = Catalyst Control Center Localization Japanese
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7466317-1026-4340-99D5-505A6B614FB8}" = MP3Find pro v4.49
"{C76DAFAE-5E59-44AB-2764-70BC79E0D4B2}" = Skins
"{C8256DAF-828E-7E91-FB83-D900AA8E3C86}" = CCC Help Danish
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C9429012-1CBE-E0CA-0955-CC53E0F2115F}" = CCC Help Chinese Standard
"{CB9B619A-EEA1-BFAB-6CA5-1FC655E2A0DA}" = Catalyst Control Center Localization Turkish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D013644E-F890-49A4-0DE9-8E4BBD18A406}" = ATI Catalyst Install Manager
"{D7C49EC6-4DEA-7A7A-860D-78D613C68B8C}" = ccc-core-static
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E08C03D7-AE05-0458-2D14-78F219316933}" = Catalyst Control Center Localization Dutch
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E4FD0200-A7DB-2D5A-B5B1-DBC0A184C9B2}" = Catalyst Control Center Localization Russian
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9BA4A79-BD4C-52E3-F34F-85B1CC62EE15}" = Catalyst Control Center Localization Polish
"{E9D20FA4-7CA6-F243-A503-CA961CCD2277}" = CCC Help Spanish
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EF9E54C1-2D5F-DDA8-8E7B-0CD3EF89C8E4}" = Catalyst Control Center Localization French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.1
"{F5A630D4-3D7D-6EEC-5DAE-41835DC0A1DA}" = Catalyst Control Center Graphics Full New
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FD2B6E20-5344-07B4-C210-B57611E02906}" = CCC Help Dutch
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7-Zip" = 7-Zip 4.57
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Free_is1" = a-squared Free 3.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"File Shredder_is1" = File Shredder 2.0
"FreePDF_XP" = FreePDF XP (Remove only)
"GPL Ghostscript 8.61" = GPL Ghostscript 8.61
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GridVista" = Acer GridVista
"GSview 4.9" = GSview 4.9
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"IceBreaker" = IceBreaker
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.6.4
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.6" = MiKTeX 2.6
"Moraff's MoreJongg 7.01 Free" = Moraff's MoreJongg 7.01 Free
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MP3 Manager" = MP3 Manager
"Mp3tag" = Mp3tag v2.45
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.5
"ProInst" = Intel PROSet Wireless
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"smartision ScreenCopy_is1" = smartision ScreenCopy 2.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teen Spirit" = Teen Spirit
"The Font Thing" = The Font Thing
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinEdt" = WinEdt

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23.12.2009 14:02:19 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 23.12.2009 14:02:26 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 23.12.2009 14:02:26 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 23.12.2009 18:25:14 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18065, Zeitstempel
0x4a5dce03, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000374, Fehleroffset 0x000afaf8, Prozess-ID 0x1530, Anwendungsstartzeit
01ca841ecabf81d0.

Error - 24.12.2009 08:37:30 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 24.12.2009 08:37:40 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24.12.2009 08:37:40 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26.12.2009 09:42:52 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 26.12.2009 09:42:57 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26.12.2009 09:42:57 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 06.04.2010 15:51:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06.04.2010 16:37:50 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse
001D72C06623 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 07.04.2010 02:31:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07.04.2010 02:32:52 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =

Error - 08.04.2010 19:03:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08.04.2010 19:37:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.04.2010 12:23:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.04.2010 13:07:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.04.2010 18:59:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.04.2010 09:16:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

cosinus · 11.04.2010, 15:57

Das sieht alles ok aus. Deswegen bin ich davon überzeugt, dass A-Squared sich einen Fehlalarm geleistet hat bei explorer.exe - Virustotal hat ja auch keine Viren dadrin gesehen. Hast Du den Link von Deiner ausgewerteten explorer.exe noch?

Kurtchen · 11.04.2010, 17:25

Hallo Arne,

danke für Deine beruhigende Antwort.

Den Permalink des Scans habe ich nicht mehr.

Das Ergebnis eines erneuten Scans liegt unter

hxxp://www.virustotal.com/de/analisis/135dd05678c8997b45982d77298dbdd98061c9d4fe43d77866846012eb061a04-1270993278

bereit.

cosinus · 12.04.2010, 08:00

Zitat:

Sigcheck: publisher....: Microsoft Corporation

Datei ist von MS signiert, da ist kein Virus drin und A-Squared hat sich nen Fehlalarm geleistet!

Kurtchen · 12.04.2010, 16:50

Hallo Arne,

1000! (> 1 Googol) Dank für Deine Hilfe.

Jetzt kann ich wieder beruhigt schlafen.

Liebe Grüße

Kurt

11.04.2010, 15:57	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojan.Win32.Patched.aa!A2 in explorer.exe Das sieht alles ok aus. Deswegen bin ich davon überzeugt, dass A-Squared sich einen Fehlalarm geleistet hat bei explorer.exe - Virustotal hat ja auch keine Viren dadrin gesehen. Hast Du den Link von Deiner ausgewerteten explorer.exe noch? __________________ Logfiles bitte immer in CODE-Tags posten

Trojan.Win32.Patched.aa!A2 in explorer.exe

Plagegeister aller Art und deren Bekämpfung: Trojan.Win32.Patched.aa!A2 in explorer.exe