| |
| |||||||
Log-Analyse und Auswertung: Schriften verschwinden, System reagiert nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.11.2010, 22:40
| #1 |
 |  Schriften verschwinden, System reagiert nicht mehr Hallo, Nach 30min-1h verschwindet die Schrift aus Taskleiste, von Browsertabs und Dateien am Desktop, innerhalb von 10 Sekunden reagiert das gesamte System nicht mehr. Ich surfte zu diesem Zeitpunkt immer mit Firefox oder Internet Explorer. Ein Neustart ist nur durch Drücken des Ausschalt-Knopfs am Laptop möglich. Das Problem besteht seit ich Avira Virenschutz letzte Woche upgedated habe. Quick Scan mit Avira hat nichts gezeigt. Quick Scan mit Malwarebytes brachte 3 schädliche Dateien, die jetzt seit gestern in Quarantäne sind. Das Problem besteht allerdings noch immer. Aufgrund meiner unspezifischen Beschreibung konnte ich durch Recherche nichts rausfinden. Weiß hier jemand Rat? Danke im Voraus, Kaya Mir gelang es noch einen Screenshot zu machen: h**p://yfrog.com/48bildvdj HiJackThis und Malwarebytes Logs sind angehängt. Die angesprochenen infected files (Auszug Malwarebytes): Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Files Infected: C:\Dokumente und Einstellungen\***\Anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken. C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\fvgqad.dat (Malware.Trace) -> No action taken. |
|
23.11.2010, 11:13
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Schriften verschwinden, System reagiert nicht mehrZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
24.11.2010, 00:06
| #3 |
| | Schriften verschwinden, System reagiert nicht mehr Hallo,
__________________erstmal danke für die Antwort, hier die gewünschten Infos: 1. Malwarebytes: Ich habe es geschafft einen vollen Scan mit Malwarebytes durchzuführen. Da System aber immer recht bald und unangekündigt abstürzt, habe ich bei den Einstellungen nur C: dann nur D: angehakt, und so 2 Scanfiles erzeugt. Hoffe es passt so. Malwarebytes Voller Scan C: HTML-Code: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5173 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23.11.2010 21:06:50 mbam-log-2010-11-23 (21-06-50).txt Scan type: Full scan (C:\|) Objects scanned: 332348 Time elapsed: 2 hour(s), 9 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HTML-Code: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5173 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23.11.2010 21:40:33 mbam-log-2010-11-23 (21-40-33).txt Scan type: Full scan (D:\|) Objects scanned: 197454 Time elapsed: 32 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) 2. OTL: OTL - File 1 - OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.11.2010 21:53:00 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 127,00 Mb Available Physical Memory | 12,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 3106 3299 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 44,37 Gb Total Space | 0,35 Gb Free Space | 0,78% Space Free | Partition Type: FAT32 Drive D: | 44,86 Gb Total Space | 1,77 Gb Free Space | 3,95% Space Free | Partition Type: FAT32 Drive F: | 6,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ACER-917A74570E | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Programme\3ConnectivityWizard\Drivers\Automatic\Option Globesurfer Icon\GtFlashSwitch.exe (OptionNV) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\3DataManager\3DataManager.exe (WebToGo Mobile Internet GmbH) PRC - C:\Programme\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\BlazeVideo\BlazeDTV2.1\MediaDetector.exe (BlazeVideo Company) PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe () PRC - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe () PRC - C:\Programme\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.) PRC - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (Cyberlink) PRC - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\BlazeVideo\BlazeDTV2.1\MMKeyboardHook.dll () MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST) MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll () MOD - C:\WINDOWS\system32\MSNChatHook.dll () MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\MFC71u.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\MFC71DEU.DLL (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LVPrcSrv) -- c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (GoogleDesktopManager-090809-085438) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (GTFlashSwitch) -- C:\Programme\3ConnectivityWizard\Drivers\Automatic\Option Globesurfer Icon\GtFlashSwitch.exe (OptionNV) SRV - (vsmon) -- C:\WINDOWS\System32\ZONELABS\vsmon.exe (Zone Labs, LLC) SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (Adobe Version Cue CS3) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe () SRV - (CyberLink Media Library Service) -- C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (NTGUARD) -- C:\Programme\a1internetsecurity\bin\NTGUARD.SYS File not found DRV - (LVPr2Mon) -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys File not found DRV - (LVMVDrv) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys File not found DRV - (LVcKap) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (AF05BDA) -- C:\WINDOWS\system32\drivers\AF05BDA.sys (AfaTech ) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys () DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 49 FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.93 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000004 FF - prefs.js..extensions.enabledItems: pencil@evolus.vn:1.0.6 FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:14.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programme\Real\RealPlayer\browserrecord [2007.12.15 11:14:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2007.12.06 22:41:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2007.12.06 22:41:02 | 000,000,000 | ---D | M] [2008.09.16 08:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.09.04 13:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com [2007.12.06 22:45:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions [2010.07.29 17:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.03 08:12:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.09.24 00:30:58 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.29 18:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.11.02 19:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2009.11.23 18:51:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.18 19:22:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.01.19 20:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009.02.21 22:40:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\en-GB@dictionaries.addons.mozilla.org [2009.03.08 10:41:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\moveplayer@movenetworks.com [2009.08.30 12:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\pencil@evolus.vn [2010.07.29 17:47:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\qtl.co.il@gmail.com [2010.07.29 17:47:40 | 000,002,101 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\searchplugins\qtl.xml [2010.09.24 15:55:28 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\searchplugins\conduit.xml [2007.12.06 22:41:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.11.03 17:23:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.03 17:23:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.11.03 17:23:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.03 17:23:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.11.03 17:23:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Web Accessibility Toolbar) - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Programme\Accessibility_Toolbar\Accessibility_Toolbar.dll (Web Accessibility Tools Consortium) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Web Accessibility Toolbar) - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Programme\Accessibility_Toolbar\Accessibility_Toolbar.dll (Web Accessibility Tools Consortium) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [ACER-917A74570E] C:\WINDOWS\System32\ACER-917A74570E.vbs File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Google Desktop Search] C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [HTC Sync Loader] C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCMService] C:\Programme\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Sample Toolband Serach - C:\WINDOWS\System32\ToolBand.dll (HiTRUST) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.02.15 03:06:22 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.01.03 18:40:11 | 000,000,051 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{021c1105-4f98-11dd-b896-00038a000015}\Shell\AutoRun\command - "" = K:\Setup.exe -- File not found O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{0bc77210-03ad-11df-bbe5-001302078cf7}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe -- File not found O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell - "" = AutoRun O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\Shell - "" = Autorun O33 - MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\Shell\downloadsb\command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{6b708f58-f88b-11de-bbd4-001302078cf7}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell - "" = AutoRun O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.22 20:45:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp [2010.11.22 18:54:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.11.21 20:41:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.11.21 20:41:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.11.21 20:41:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.11.21 20:41:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.11.21 20:40:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.21 20:22:53 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe [2010.11.21 12:42:28 | 000,000,000 | -HSD | C] -- C:\FOUND.003 [2010.11.19 18:46:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2010.11.07 17:35:06 | 063,363,736 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\PowerPointViewer2010.exe [2010.11.07 12:55:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\anhaenge_05_11_2010 [2010.11.03 18:03:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [7 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.23 21:29:10 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.11.23 18:55:38 | 000,000,494 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010.11.23 18:55:16 | 000,002,321 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2010.11.23 18:54:28 | 000,043,805 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.11.23 18:54:08 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.11.23 18:54:06 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.11.23 18:53:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.23 18:53:06 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys [2010.11.23 08:44:58 | 000,440,352 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.11.23 08:44:58 | 000,007,280 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.11.23 08:44:46 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2010.11.22 18:55:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.11.21 20:41:18 | 000,000,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.21 20:26:46 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe [2010.11.21 19:59:06 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\virus.jpg [2010.11.21 19:58:32 | 000,041,897 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bildv.jpg [2010.11.20 16:05:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.11.19 19:06:24 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.11.19 19:06:24 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.11.19 11:02:50 | 044,151,368 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\avira_antivir_personal_de.exe [2010.11.17 12:38:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.09 20:15:56 | 000,166,912 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.08 20:07:04 | 000,191,342 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\nur10.jpg [2010.11.08 08:15:06 | 001,606,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.11.08 01:16:48 | 000,058,727 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Konzept Veranstaltungskalender_v0.3(at).docx [2010.11.07 17:54:38 | 063,363,736 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\PowerPointViewer2010.exe [2010.11.06 21:26:58 | 000,008,535 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Daten-DVDanamusic.cdm [2010.11.06 20:47:46 | 004,065,408 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\(Track- 01) Yeah Yeah Yeahs - Phenomena.mp3 [2010.11.06 19:19:44 | 003,657,856 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\(Track- 14) Little Big Town - Bones.mp3 [2010.11.06 19:15:56 | 002,781,312 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\(Track- 02) Beck - Timebomb.mp3 [2010.11.06 19:13:04 | 004,024,448 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\(Track- 09) Johnny Hazzard - Deeper Into You.mp3 [2010.11.06 17:13:38 | 002,218,112 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube - 'OMG' - Usher Acoustic (cover).mp3 [2010.11.06 17:11:20 | 002,910,336 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube - M ward- howlin for my baby- true blood soundtrack season 2.mp3 [2010.11.06 17:08:20 | 003,287,168 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube - Vallejo-Snake in the grass.mp3 [2010.11.06 17:04:56 | 003,278,976 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube - True Blood Snake In the Grass Vampires.mp3 [2010.11.06 17:01:32 | 003,674,240 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube - True Blood ~ Bones.mp3 [2010.11.06 16:57:42 | 006,563,968 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube - True Blood - Sookie_Bill_Eric - Knock me out.mp3 [2010.11.06 16:32:40 | 003,086,464 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube - The Datsuns - Harmonic Generator.mp3 [2010.11.06 16:29:28 | 003,596,416 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube - OneRepublic - Secrets (Official Music video).mp3 [2010.11.06 16:27:52 | 009,805,952 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube - Best House Music & Electro Music 1.mp3 [2010.11.06 16:04:12 | 006,919,741 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\15 Radioactive (Choir Remix).mp3 [2010.11.06 15:56:26 | 008,273,433 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\01 The End.mp3 [2010.11.06 15:52:02 | 006,761,146 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\02 Radioactive.mp3 [2010.11.06 15:48:36 | 008,390,715 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\13 Pickup Truck.mp3 [2010.11.06 15:43:50 | 009,491,381 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\14 Celebration.mp3 [2010.11.06 15:38:38 | 005,613,263 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\10 Pony Up.mp3 [2010.11.06 15:32:04 | 003,627,136 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Far East Movement - Like A G6 ft. The Cataracs. Dev.mp3 [2010.11.06 11:18:02 | 003,780,736 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\'Bad Romance' - Lady Gaga Acoustic (cover).mp3 [2010.11.05 19:09:40 | 000,400,889 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\anhaenge_05_11_2010.zip [2010.11.05 18:09:44 | 000,395,223 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Scribbles UI Veranstaltungskalender v2.pptx [2010.11.05 18:09:44 | 000,059,683 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Konzept Veranstaltungskalender_v0.3.docx [2010.10.27 01:07:52 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Urlaubsliste(businesstrip).xls [2010.10.26 00:33:02 | 007,346,552 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\07 Back Down South.mp3 [2010.10.26 00:32:38 | 005,857,165 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\09 No Money.mp3 [2010.10.26 00:30:02 | 006,485,651 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\05 The Face.mp3 [2010.10.26 00:29:26 | 006,015,161 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\11 Birthday.mp3 [2010.10.26 00:20:18 | 006,738,406 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\06 The Immortals.mp3 [2010.10.26 00:20:12 | 007,084,425 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\04 Mary.mp3 [2010.10.26 00:17:42 | 007,308,487 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\03 Pyro.mp3 [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [7 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.21 20:41:17 | 000,000,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.21 19:59:05 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\virus.jpg [2010.11.21 19:58:30 | 000,041,897 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bildv.jpg [2010.11.19 10:45:01 | 044,151,368 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\avira_antivir_personal_de.exe [2010.11.08 20:07:03 | 000,191,342 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\nur10.jpg [2010.11.07 12:56:57 | 000,058,727 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Konzept Veranstaltungskalender_v0.3(at).docx [2010.11.07 12:56:23 | 000,395,223 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Scribbles UI Veranstaltungskalender v2.pptx [2010.11.07 12:56:23 | 000,059,683 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Konzept Veranstaltungskalender_v0.3.docx [2010.11.06 21:26:56 | 000,008,535 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Daten-DVDanamusic.cdm [2010.11.06 16:26:06 | 009,805,952 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube - Best House Music & Electro Music 1.mp3 [2010.11.06 11:25:45 | 003,627,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Far East Movement - Like A G6 ft. The Cataracs. Dev.mp3 [2010.11.06 11:20:42 | 002,218,112 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube - 'OMG' - Usher Acoustic (cover).mp3 [2010.11.06 11:17:13 | 003,780,736 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\'Bad Romance' - Lady Gaga Acoustic (cover).mp3 [2010.11.05 19:09:39 | 000,400,889 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\anhaenge_05_11_2010.zip [2010.10.26 00:37:06 | 008,390,715 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\13 Pickup Truck.mp3 [2010.10.26 00:32:29 | 006,919,741 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\15 Radioactive (Choir Remix).mp3 [2010.10.26 00:31:55 | 005,613,263 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\10 Pony Up.mp3 [2010.10.26 00:30:50 | 009,491,381 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\14 Celebration.mp3 [2010.10.26 00:30:31 | 005,857,165 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\09 No Money.mp3 [2010.10.26 00:30:14 | 007,346,552 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\07 Back Down South.mp3 [2010.10.26 00:29:27 | 006,485,651 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\05 The Face.mp3 [2010.10.26 00:28:44 | 006,015,161 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\11 Birthday.mp3 [2010.10.26 00:19:16 | 006,738,406 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\06 The Immortals.mp3 [2010.10.26 00:19:03 | 007,084,425 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\04 Mary.mp3 [2010.10.26 00:16:45 | 007,308,487 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\03 Pyro.mp3 [2010.10.25 23:29:38 | 006,761,146 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\02 Radioactive.mp3 [2010.10.25 23:29:33 | 008,273,433 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\01 The End.mp3 [2010.05.19 20:57:26 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\plugcach.fon [2009.03.26 19:56:34 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2009.01.19 08:12:01 | 004,762,112 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll [2009.01.19 08:12:01 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.01.19 08:12:01 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2009.01.12 00:15:01 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.03.20 22:17:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2008.01.20 15:41:18 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2007.12.15 15:45:25 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll [2007.12.15 15:45:24 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll [2007.12.15 15:44:42 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2007.12.13 02:07:52 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.12.09 23:34:44 | 000,000,356 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2007.12.06 23:11:36 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll [2007.12.06 23:11:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2007.12.06 22:00:32 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2007.12.03 23:49:16 | 000,166,912 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.03 22:42:57 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.12.03 15:04:08 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2007.12.03 14:58:57 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007.12.03 14:58:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI [2007.12.03 14:52:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2007.12.03 14:52:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2007.12.03 14:52:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2007.12.03 14:52:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2007.12.03 14:52:11 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2007.12.03 14:51:37 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007.12.03 14:42:12 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI [2007.12.03 14:42:03 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007.12.03 14:42:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007.12.03 14:42:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.12.03 14:41:59 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007.12.03 14:41:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2005.12.14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005.12.02 14:14:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005.11.29 13:12:38 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.10.31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005.03.27 23:45:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\alaunch.ini [2005.02.15 03:57:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.02.15 03:06:48 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2005.02.15 03:05:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2005.02.15 03:05:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2005.02.15 03:05:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2005.02.15 03:05:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2005.02.14 12:07:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.12.17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2004.08.04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.02.13 13:49:44 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll [2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll < End of report > OTL - File 2 - Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.11.2010 21:53:00 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 127,00 Mb Available Physical Memory | 12,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 3106 3299 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 44,37 Gb Total Space | 0,35 Gb Free Space | 0,78% Space Free | Partition Type: FAT32
Drive D: | 44,86 Gb Total Space | 1,77 Gb Free Space | 3,95% Space Free | Partition Type: FAT32
Drive F: | 6,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ACER-917A74570E | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Acer\Acer Arcade\PCMService.exe" = C:\Programme\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Programme\CREEO\IcyTV Trial\IcyTV.exe" = C:\Programme\CREEO\IcyTV Trial\IcyTV.exe:*:Enabled:Watch digital television -- File not found
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\WINDOWS\System32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\System32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner -- ()
"C:\Programme\Joost\xulrunner\tvprunner.exe" = C:\Programme\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner -- File not found
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9811A185-3D3D-11D6-9E14-00036D172B00}" = Adobe MPEG Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"3ConnectivityWizard" = 3 Connectivity Wizard
"3DataManager" = Mein 3DataManager
"3GP Player_is1" = 3GP Player 2008
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"Accessibility Toolbar_is1" = Web Accessibility Toolbar 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Premiere 6.5" = Adobe Premiere 6.5
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"America Online de" = AOL Deutschland
"AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner
"AOLCoach de" = AOL Coach Version 1.0(Build:20040229.1 de)
"Ask Toolbar_is1" = Ask Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlazeDTV 2.1_is1" = BlazeDTV 2.1
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 5.0.0.594
"CamStudio" = CamStudio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ePresentation" = Acer ePresentation Management
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"FreePDF_XP" = FreePDF XP (Remove only)
"Freez FLV to MP3 Converter V1.2_is1" = Freez FLV to MP3 Converter
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.61
"GridVista" = Acer GridVista
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikogo" = Mikogo
"Mobiola Screen Capture for S60_is1" = Mobiola Screen Capture for S60 3.0.7
"morpher" = Morpher
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSNINST" = MSN
"MWSnap 3" = MWSnap 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ORA 1.9.4.4" = ORA
"Picasa 3" = Picasa 3
"ProInst" = Intel(R) PROSet/Wireless Software
"QcDrv" = Logitech® Camera-Treiber
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"SequoiaView" = SequoiaView
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SWFPlayer_is1" = SWFPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Task Killer" = Task Killer (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Xfire" = Xfire (remove only)
"XMind" = XMind
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"HappyFoto Bestellsoftware" = HappyFoto Bestellsoftware
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2010 03:13:12 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =
Error - 23.11.2010 03:29:29 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =
Error - 23.11.2010 13:53:37 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =
Error - 23.11.2010 14:03:40 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =
Error - 23.11.2010 14:29:09 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =
Error - 23.11.2010 15:03:39 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =
Error - 23.11.2010 15:29:10 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =
Error - 23.11.2010 16:03:41 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =
Error - 23.11.2010 16:29:09 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =
Error - 23.11.2010 17:03:39 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 21.11.2010 17:49:18 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
Error - 22.11.2010 12:38:08 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 22.11.2010 12:38:21 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 22.11.2010 16:07:17 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 22.11.2010 16:07:32 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 22.11.2010 17:15:14 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 22.11.2010 17:15:30 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 22.11.2010 18:26:09 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 23.11.2010 02:59:31 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 23.11.2010 13:53:38 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
< End of report >
Was meint ihr dazu? Danke für die Antwort  LG Kaya |
|
24.11.2010, 10:48
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schriften verschwinden, System reagiert nicht mehr Hat Malwarebytes tatsächlich nichts mehr gefunden nach dem ersten Quickscan? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.11.2010, 19:12
| #5 |
| | Schriften verschwinden, System reagiert nicht mehr Nein, der erfolgreiche Full Scan hat nichts mehr gezeigt. Was mir allerdings aufgefallen ist, bevor der Full Scan gelang: Bei einem versuchten Full Scan Durchlauf ist das typische Problem wieder aufgetreten, dass alles einfriert, Teile verschwinden und nichts funktioniert. Ich konnte allerdings noch sehen, dass eine infizierte Datei namens faxsetup.log im Verzeichnis c/windows als infected angezeigt wurde, musste Laptop aber neu starten und im Log war nichts zu sehen, vermutlich da Scan nicht ganz ausgeführt wurde. Habe daraufhin diese Datei im Explorer nochmal einzeln mit Rechtsklick und Malwarebytes gescannt, hier gab es dann aber keine infected Ergebnisse dazu. Habe es dennoch unten im Code gepostet. Welche Möglichkeiten habe ich jetzt noch? Danke fürs Antworten und ansehen, LG Kaya HTML-Code: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5173 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23.11.2010 08:06:09 mbam-log-2010-11-23 (08-06-09).txt Scan type: Quick scan Objects scanned: 1 Time elapsed: 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
24.11.2010, 20:41
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schriften verschwinden, System reagiert nicht mehr Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.02.15 03:06:22 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.01.03 18:40:11 | 000,000,051 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{021c1105-4f98-11dd-b896-00038a000015}\Shell\AutoRun\command - "" = K:\Setup.exe -- File not found
O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0bc77210-03ad-11df-bbe5-001302078cf7}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell - "" = AutoRun
O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\Shell - "" = Autorun
O33 - MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\Shell\downloadsb\command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{6b708f58-f88b-11de-bbd4-001302078cf7}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell - "" = AutoRun
O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
[2010.11.21 12:42:28 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2010.11.03 18:03:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Schriften verschwinden, System reagiert nicht mehr |
|
25.11.2010, 08:07
| #7 |
| | Schriften verschwinden, System reagiert nicht mehr Hallo, Danke für das OTL File. Ich habe die Anweisungen durchgeführt. Unten der Log. Zusätzliche Infos: 1) Bei Abschluss öffnete sich ein Fenster zum Bestätigen, darin war nur ein Bindestrich "-" zu sehen und der OK Button. (dh. Vorgang wurde evtl. nicht beendet oder unterbrochen?), nach Bestätigung wurde neu gestartet und ich erhielt das Log-File. 2) Ich habe gestern auch selbst aus windows/temp ordner die größten Dateien gelöscht und einige Programme, weil fast kein Platz mehr auf Festplatte war. Danke, LG Kaya HTML-Code: All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{021c1105-4f98-11dd-b896-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{021c1105-4f98-11dd-b896-00038a000015}\ not found.
File K:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0609c264-8c22-11dd-b902-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0609c264-8c22-11dd-b902-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0609c264-8c22-11dd-b902-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bc77210-03ad-11df-bbe5-001302078cf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bc77210-03ad-11df-bbe5-001302078cf7}\ not found.
File G:\Get_Started_for_Win.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d4-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d4-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d4-11e7-11dd-b836-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d5-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d5-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d5-11e7-11dd-b836-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e00-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e00-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e00-8703-11dd-b8f7-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e01-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e01-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e01-8703-11dd-b8f7-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{389c63ae-b816-11df-bd0e-001302078cf7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{389c63ae-b816-11df-bd0e-001302078cf7}\ not found.
Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b708f58-f88b-11de-bbd4-001302078cf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b708f58-f88b-11de-bbd4-001302078cf7}\ not found.
File F:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98d3c6b6-11e1-11dd-b834-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98d3c6b6-11e1-11dd-b834-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98d3c6b6-11e1-11dd-b834-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad1d7710-2224-11de-ba12-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad1d7710-2224-11de-ba12-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad1d7710-2224-11de-ba12-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae6ccc46-56cd-11de-ba76-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae6ccc46-56cd-11de-ba76-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae6ccc46-56cd-11de-ba76-00038a000015}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7aa2781-8caa-11dd-b904-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7aa2781-8caa-11dd-b904-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7aa2781-8caa-11dd-b904-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
C:\FOUND.003 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong\Data folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 500224 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2931590 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14471998 bytes
User: ***
->Temp folder emptied: 387768552 bytes
->Temporary Internet Files folder emptied: 244823989 bytes
->Java cache emptied: 116325213 bytes
->FireFox cache emptied: 87060064 bytes
->Opera cache emptied: 3373558 bytes
->Flash cache emptied: 70233 bytes
User: Gast
User: ***
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 289905 bytes
%systemroot%\System32 .tmp files removed: 5933959 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Windows Temp folder emptied: 58053680 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 879,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11242010_234102
Files\Folders moved on Reboot...
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
Registry entries deleted on Reboot... |
|
25.11.2010, 13:28
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schriften verschwinden, System reagiert nicht mehr Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.11.2010, 22:33
| #9 |
| | Schriften verschwinden, System reagiert nicht mehr Hi, Danke für super Anleitung, Anweisungen hab ich ausgeführt. Anbei das Logfile unten. Zusätzliche Infos: 2 Fehlermeldungen tauchten auf gegen Ende des Scans: FM 1) hab nicht genau aufgeschrieben, etwas mit: unable to create registry file log FM 2) lautete: "Error restoring C:/Windows/erdnt/subs software to C:WINDOWS/System32/config/Software Continue with next file? RegReplaceKey: 1450-Nicht genügend Systemressourcen um angeforderten Dienst auszuführen" LG Kaya Combofix Logfile: Code:
ATTFilter ComboFix 10-11-24.04 - *** 25.11.2010 21:23:53.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.586 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programme\WinPCap
c:\programme\WinPCap\daemon_mgm.exe
c:\programme\WinPCap\npf_mgm.exe
c:\programme\WinPCap\rpcapd.exe
c:\windows\fix.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((( Dateien erstellt von 2010-10-25 bis 2010-11-25 ))))))))))))))))))))))))))))))
.
2010-11-25 18:17 . 2010-11-25 18:17 -------- d-----w- c:\programme\CCleaner
2010-11-24 22:41 . 2010-11-24 22:41 -------- d-----w- C:\_OTL
2010-11-24 19:45 . 2010-11-24 19:45 -------- d-----w- c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Apple
2010-11-22 19:45 . 2010-11-22 19:45 -------- d-----w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp
2010-11-21 19:41 . 2010-11-21 19:41 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-11-21 19:41 . 2010-04-29 11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-21 19:41 . 2010-11-21 19:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-11-21 19:41 . 2010-04-29 11:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-21 19:40 . 2010-11-21 19:41 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-11-19 17:46 . 2010-11-19 17:46 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Avira
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 18:15 . 2009-12-18 07:56 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-19 18:06 . 2009-12-18 07:56 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-18 11:22 . 2004-08-04 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 07:52 . 2004-08-04 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 07:52 . 2004-08-04 04:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 07:52 . 2004-08-04 04:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 06:47 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 06:47 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 06:47 . 2004-08-04 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 12:50 . 2004-08-04 04:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 08:54 . 2004-08-04 04:00 1852928 ----a-w- c:\windows\system32\win32k.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\programme\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\programme\opera\program\plugins\ssldivx.dll
2009-10-03 14:39 . 2009-10-03 14:39 119808 ----a-w- c:\programme\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-11-03 2735200]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-11-03 17:04 2735200 ----a-w- c:\programme\DVDVideoSoftTB\tbDVD1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-11-03 2735200]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-11-03 2735200]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 02:19 94208 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 02:19 94208 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 02:19 94208 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2010-09-02 13351304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\programme\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\programme\Acer\Acer Arcade\PCMService.exe" [2005-12-13 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-03 7393280]
"nwiz"="nwiz.exe" [2006-01-03 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-01-03 86016]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-01-09 589824]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2010-03-27 149280]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-12-15 185896]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-11-10 417792]
"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-03 30192]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-19 281768]
"HTC Sync Loader"="c:\programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-08-18 249856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-24 113664]
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-3-23 295606]
Adobe Reader Synchronizer.lnk - c:\programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 13:44 196608 ----a-w- c:\programme\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 14:24 458752 ----a-w- c:\programme\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 14:14 217088 ----a-w- c:\programme\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programme\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-12-19 13:52 15797248 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-12-15 10:14 185896 ----a-w- c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"AWService"=2 (0x2)
"WLSetupSvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Dokumente und Einstellungen\\***\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.12.2009 08:56 135336]
R2 GTFlashSwitch;GtFlashSwitch Service;c:\programme\3ConnectivityWizard\Drivers\Automatic\Option Globesurfer Icon\GtFlashSwitch.exe [28.09.2008 21:34 123208]
S2 gupdate1ca5cc4eb1b22d0;Google Update Service (gupdate1ca5cc4eb1b22d0);c:\programme\Google\Update\GoogleUpdate.exe [03.11.2009 21:31 133104]
S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [20.01.2008 12:40 133504]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [03.10.2009 15:39 30192]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [16.10.2010 10:01 24576]
S3 NTGUARD;NTGUARD;\??\c:\programme\a1internetsecurity\bin\NTGUARD.SYS --> c:\programme\a1internetsecurity\bin\NTGUARD.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-03 20:31]
2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-03 20:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandenes PDF anfügen - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {7875C5B7-79D3-4F12-9113-346355AC6FB9} = 213.94.78.17 213.94.78.16
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000004.dll
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programme\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programme\Opera\program\plugins\np_gp.dll
FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-ACER-917A74570E - c:\windows\SYSTEM32\ACER-917A74570E.vbs
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AOLDialer - c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
MSConfigStartUp-mRouterConfig - c:\programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
MSConfigStartUp-PC Suite for Smartphones - c:\programme\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
MSConfigStartUp-swg - c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-25 21:51
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3392460284-2625656429-3545236937-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:86,96,36,f5,7d,3e,2a,0d,46,f2,fa,2d,b1,14,58,89,60,8e,01,3b,76,50,e9,
2a,4e,5a,1f,65,0c,d0,30,41,12,24,ed,37,d8,1c,1d,a9,16,15,e2,55,ae,28,43,c0,\
"??"=hex:f5,9e,f5,2c,44,71,79,ea,6e,0a,ab,98,d0,e1,76,8d
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'explorer.exe'(1520)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSDE.DLL
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-25 22:00:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-11-25 21:00
Vor Suchlauf: 8.906.178.560 Bytes frei
Nach Suchlauf: 8.865.382.400 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - C3A0CFDD9B1745A6FB9C7B73869DF520
|
|
26.11.2010, 19:14
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schriften verschwinden, System reagiert nicht mehrZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.11.2010, 15:53
| #11 |
| | Schriften verschwinden, System reagiert nicht mehr Hi, Ja, danke. Zonealarm ist deinstalliert, Windows Firewall aktiviert, Das Problem, dass Schriften verschwinden, danach Interface-Teile verschwinden und das System kurz darauf gar nicht mehr reagiert, ist noch immer vorhanden. LG, Kaya |
|
27.11.2010, 17:11
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schriften verschwinden, System reagiert nicht mehr Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.11.2010, 23:44
| #13 |
| | Schriften verschwinden, System reagiert nicht mehr Hi, Vielen Dank  alle Scans durchgeführt.Anbei die 3 Logfiles, thx, lg Kaya Zusätzliche Infos: ad GER: habe scan durchgeführt. hier wurden im Abschnitt Files alte dateien aus einem Ordner angezeigt (ein Studien-Projekt aus 2008 ca 50 KB bestehend aus jpgs, gifs, css-files) Da nicht mehr benötigt, wollte ich sie löschen, was vorerst nicht gelang (zu langer oder unzulässiger Dateiname). Habe sie dann mit Programm "unlocker" entfernt. Das Log des zweiten Scans nach der Löschung habe ich gepostet. Hier befindet sich kein Abschnitt Files mehr. ad MRBCheck.exe: Auf die Meldung "Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: " habe ich mit N geantwortet. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-27 22:25:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS021G
Running: ik6zw7k6.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\kgnyraow.sys
---- System - GMER 1.0.15 ----
SSDT F7AB605E ZwCreateKey
SSDT F7AB6054 ZwCreateThread
SSDT F7AB6063 ZwDeleteKey
SSDT F7AB606D ZwDeleteValueKey
SSDT F7AB6072 ZwLoadKey
SSDT F7AB6040 ZwOpenProcess
SSDT F7AB6045 ZwOpenThread
SSDT F7AB607C ZwReplaceKey
SSDT F7AB6077 ZwRestoreKey
SSDT F7AB6068 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6D56380, 0x216F6D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[2460] SHELL32.dll!SHFileOperationW 7E7208E4 5 Bytes JMP 02BC1102 C:\Programme\Unlocker\UnlockerHook.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device \Driver\Cdrom \Device\CdRom1 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a48efb47
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0014a48efb47 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:38:41 on 27.11.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.12 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BTCPL.CPL" - "Broadcom Corporation." - C:\WINDOWS\system32\BTCPL.CPL "CAMCPL.CPL" - "Logitech Inc." - C:\WINDOWS\system32\CAMCPL.CPL "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "JAVACPL.CPL" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\JAVACPL.CPL "NVTUICPL.CPL" - "NVIDIA Corporation" - C:\WINDOWS\system32\NVTUICPL.CPL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Version Cue CS3" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.cpl "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acer EPM Power Scheme Driver" (EpmPsd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-psd.sys "Acer EPM System Hardware Driver" (EpmShd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-shd.sys "Acer NetMonitor Protocol" (NETMNT) - ? - C:\WINDOWS\System32\DRIVERS\NETMNT.sys (File found, but it contains no detailed information) "AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys "Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys "Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys "Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys (File found, but it contains no detailed information) "Intel(R) PRO/Wireless 3945ABG Adapter Driver" (w39n51) - "Intel® Corporation" - C:\WINDOWS\System32\DRIVERS\w39n51.sys "kgnyraow" (kgnyraow) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\kgnyraow.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Logitech AEC Driver" (LVcKap) - ? - C:\WINDOWS\System32\DRIVERS\LVcKap.sys (File not found) "Logitech LVPr2Mon Driver" (LVPr2Mon) - ? - C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys (File not found) "Logitech Machine Vision Engine Loader" (LVMVDrv) - ? - C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys (File not found) "NTGUARD" (NTGUARD) - ? - C:\Programme\a1internetsecurity\bin\NTGUARD.SYS (File not found) "OSA NdisFilter Protocol" (NdisFilt) - "OSA Technologies" - C:\WINDOWS\System32\Drivers\NdisFilt.sys "OsaFsLoc" (OsaFsLoc) - "OSA Technologies" - C:\WINDOWS\system32\drivers\OsaFsLoc.sys "osaio" (osaio) - "OSA Technologies, An Avocent Company" - C:\WINDOWS\system32\drivers\osaio.sys "osanbm" (osanbm) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\osanbm.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - ? - "C:\Programme\WinPcap\rpcapd.exe" -d -f "C:\Programme\WinPcap\rpcapd.ini" (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "UBHelper" (UBHelper) - ? - C:\WINDOWS\system32\drivers\UBHelper.sys (File found, but it contains no detailed information) "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys "Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys "WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys "WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Datei-Manager" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "Eigene Logitech-Bilder" - "Logitech Inc." - C:\Programme\Logitech\Video\Namespc2.dll {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - "Acer Labs USA" - C:\WINDOWS\system32\epm-po.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll <binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Web Accessibility Toolbar" - "Web Accessibility Tools Consortium" - C:\Programme\Accessibility_Toolbar\Accessibility_Toolbar.dll <binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} "Java Plug-in 1.4.2_15" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\Java\j2re1.4.2_15\bin\npjpi142_15.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\WINDOWS\system32\ToolBand.dll <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll <binary data> "Web Accessibility Toolbar" - "Web Accessibility Tools Consortium" - C:\Programme\Accessibility_Toolbar\Accessibility_Toolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "Adobe Reader Synchronizer.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Shortcut exists | File exists) "DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\DESKTOP.INI "Dropbox.lnk" - ? - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acer ePower Management" - "Acer Value Labs, Taiwan" - C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "ADMTray.exe" - "Avocent Inc." - "C:\Acer\Empowering Technology\admtray.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe_ID0EYTHM" - "Adobe Systems Incorporated" - C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "AzMixerSel" - "Realtek Semiconductor Corp." - C:\Programme\Realtek\InstallShield\AzMixerSel.exe "eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe "ePower_DMC" - "Acer Incorporated" - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe "eRecoveryService" - "acer Inc." - C:\Acer\Empowering Technology\eRecovery\Monitor.exe "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup "HTC Sync Loader" - ? - "C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe "LVCOMSX" - "Logitech Inc." - C:\WINDOWS\system32\LVCOMSX.EXE "MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC (File signed by Microsoft | File found, but it contains no detailed information) "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "PCMService" - "CyberLink Corp." - "C:\Programme\Acer\Acer Arcade\PCMService.exe" "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot "UnlockerAssistant" - ? - "C:\Programme\Unlocker\UnlockerAssistant.exe" (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll "Bullzip PDF Print Monitor" - "BullZip" - C:\WINDOWS\system32\bzpdf.dll "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Version Cue CS3 {de_DE} " (Adobe Version Cue CS3) - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe "CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe "CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe "CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1ca5cc4eb1b22d0)" (gupdate1ca5cc4eb1b22d0) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GtFlashSwitch Service" (GTFlashSwitch) - "OptionNV" - C:\Programme\3ConnectivityWizard\Drivers\Automatic\Option Globesurfer Icon\GTFlashSwitch.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe "Process Monitor" (LVPrcSrv) - ? - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe (File not found) "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/HTML] HTML-Code: MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 195):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7992000 \WINDOWS\system32\KDCOM.DLL
0xF78A2000 \WINDOWS\system32\BOOTVID.dll
0xF7362000 ACPI.sys
0xF7994000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7351000 pci.sys
0xF7492000 isapnp.sys
0xF74A2000 ohci1394.sys
0xF74B2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF78A6000 compbatt.sys
0xF78AA000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A5A000 pciide.sys
0xF7712000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7996000 aliide.sys
0xF7998000 intelide.sys
0xF799A000 toside.sys
0xF799C000 viaide.sys
0xF799E000 cmdide.sys
0xF7333000 pcmcia.sys
0xF74C2000 MountMgr.sys
0xF7314000 ftdisk.sys
0xF78AE000 ACPIEC.sys
0xF7A5B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF771A000 PartMgr.sys
0xF78B2000 UBHelper.sys
0xF74D2000 VolSnap.sys
0xF78B6000 cpqarray.sys
0xF72FC000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF72E4000 atapi.sys
0xF78BA000 aha154x.sys
0xF7722000 sparrow.sys
0xF78BE000 symc810.sys
0xF74E2000 aic78xx.sys
0xF78C2000 dac960nt.sys
0xF74F2000 ql10wnt.sys
0xF78C6000 amsint.sys
0xF772A000 asc.sys
0xF78CA000 asc3550.sys
0xF7732000 mraid35x.sys
0xF773A000 i2omp.sys
0xF78CE000 ini910u.sys
0xF7502000 ql1240.sys
0xF7512000 aic78u2.sys
0xF7742000 symc8xx.sys
0xF774A000 sym_hi.sys
0xF7752000 sym_u3.sys
0xF775A000 ABP480N5.SYS
0xF7762000 asc3350p.sys
0xF79A0000 cd20xrnt.sys
0xF7522000 ultra.sys
0xF72CB000 adpu160m.sys
0xF776A000 dpti2o.sys
0xF7532000 ql1080.sys
0xF7542000 ql1280.sys
0xF7552000 ql12160.sys
0xF7772000 perc2.sys
0xF79A2000 perc2hib.sys
0xF777A000 hpn.sys
0xF78D2000 cbidf2k.sys
0xF729F000 dac2w2k.sys
0xF7562000 disk.sys
0xF7572000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF727F000 fltmgr.sys
0xF726D000 sr.sys
0xF7582000 PxHelp20.sys
0xF7249000 Fastfat.sys
0xF7232000 KSecDD.sys
0xF7205000 NDIS.sys
0xF7592000 sisagp.sys
0xF75A2000 viaagp.sys
0xF71EB000 Mup.sys
0xF75B2000 agp440.sys
0xF75C2000 alim1541.sys
0xF75D2000 amdagp.sys
0xF75E2000 agpCPQ.sys
0xF7602000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7956000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF6D56000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6D42000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6D1A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6CF7000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF6B9A000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF77EA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6B76000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77F2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7612000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7622000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0xF6B62000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF6B4F000 \SystemRoot\system32\DRIVERS\ESM7SK.sys
0xF7632000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0xF796A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7642000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77FA000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7802000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6AF8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79A6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF780A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7652000 \SystemRoot\system32\DRIVERS\smcirda.sys
0xF796E000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF7662000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7672000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7682000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6A35000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79A8000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF6968000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7BBC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7812000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF781A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF76E2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF797E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6951000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76F2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7702000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6940000 \SystemRoot\system32\DRIVERS\psched.sys
0xF71DB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7822000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF782A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF71CB000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79AA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF68E2000 \SystemRoot\system32\DRIVERS\update.sys
0xF7986000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF71BB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF44AC000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF4488000 \SystemRoot\system32\drivers\portcls.sys
0xF719B000 \SystemRoot\system32\drivers\drmk.sys
0xF4452000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xF435E000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF42AD000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7832000 \SystemRoot\System32\Drivers\Modem.SYS
0xF717B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF70FF000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF784A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7852000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF79B0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AAA000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B2000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7862000 \SystemRoot\System32\drivers\vga.sys
0xF79B4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF786A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7872000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF70EB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF4162000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF4109000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF40E1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF40BB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF4099000 \SystemRoot\System32\drivers\afd.sys
0xF6AE8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF787A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF406E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF6B43000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
0xF3FD6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6AD8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6AC8000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6AB8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF3FB3000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF3F9D000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0xF79BA000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF7882000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6A98000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF3F85000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79BC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF68CA000 \SystemRoot\System32\drivers\Dxapi.sys
0xF788A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AFB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA573000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xBA534000 \SystemRoot\system32\DRIVERS\WudfPf.sys
0xF7892000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xBA42E000 \SystemRoot\system32\DRIVERS\irda.sys
0xBA588000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xBA553000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB99D1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF789A000 \??\C:\WINDOWS\system32\drivers\btserial.sys
0xF7B9B000 \??\C:\WINDOWS\system32\drivers\epm-psd.sys
0xB97DD000 \??\C:\WINDOWS\system32\drivers\epm-shd.sys
0xB9728000 \SystemRoot\system32\drivers\wdmaud.sys
0xB98A9000 \SystemRoot\system32\drivers\sysaudio.sys
0xB98F1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB9685000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7A26000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF7B41000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
0xB89BF000 \SystemRoot\System32\Drivers\HTTP.sys
0xB88E6000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xB74A8000 \??\C:\DOKUME~1\***\LOKALE~1\Temp\kgnyraow.sys
0xB747D000 \SystemRoot\system32\drivers\kmixer.sys
0xB92A6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB6C3B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB9446000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB87F8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C910000 \WINDOWS\System32\ntdll.dll
Processes (total 66):
0 System Idle Process
4 System
796 C:\WINDOWS\System32\SMSS.EXE
856 CSRSS.EXE
884 C:\WINDOWS\System32\WINLOGON.EXE
932 C:\WINDOWS\System32\SERVICES.EXE
944 C:\WINDOWS\System32\LSASS.EXE
1132 C:\WINDOWS\System32\SVCHOST.EXE
1212 SVCHOST.EXE
1256 C:\WINDOWS\System32\SVCHOST.EXE
1300 C:\WINDOWS\System32\SVCHOST.EXE
1344 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
1396 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
1520 SVCHOST.EXE
1596 SVCHOST.EXE
1960 C:\WINDOWS\System32\SPOOLSV.EXE
2004 C:\Programme\Avira\AntiVir Desktop\SCHED.EXE
140 SVCHOST.EXE
276 C:\Programme\Avira\AntiVir Desktop\AVGUARD.EXE
300 C:\Programme\Bonjour\mDNSResponder.exe
344 SVCHOST.EXE
388 C:\Programme\WIDCOMM\Bluetooth Software\BIN\BTWDINS.EXE
412 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
576 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
628 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
652 C:\Programme\3ConnectivityWizard\Drivers\Automatic\Option Globesurfer Icon\GtFlashSwitch.exe
708 C:\Programme\Avira\AntiVir Desktop\AVSHADOW.EXE
752 C:\Programme\Java\JRE6\BIN\JQS.EXE
108 C:\WINDOWS\System32\NVSVC32.EXE
1164 C:\WINDOWS\System32\HPZipm12.exe
1308 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
1464 C:\Programme\CyberLink\Shared Files\RichVideo.exe
1720 C:\WINDOWS\System32\SVCHOST.EXE
956 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
2264 wmiprvse.exe
2460 C:\WINDOWS\EXPLORER.EXE
2796 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2864 C:\Programme\Acer\Acer Arcade\PCMService.exe
3044 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
3056 C:\WINDOWS\System32\RUNDLL32.EXE
3068 C:\WINDOWS\System32\RUNDLL32.EXE
3080 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
3108 C:\Programme\Launch Manager\LManager.exe
3160 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
3212 C:\WINDOWS\System32\LVCOMSX.EXE
3244 C:\Programme\Java\JRE6\BIN\jusched.exe
3404 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
3420 C:\Programme\QuickTime\QTTask.exe
3464 C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
3536 C:\Programme\FreePDF_XP\fpassist.exe
3552 C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
3564 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
3600 C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
3632 C:\Programme\Unlocker\UnlockerAssistant.exe
3644 C:\Programme\Skype\Phone\Skype.exe
3900 wmiprvse.exe
536 C:\WINDOWS\System32\WBEM\unsecapp.exe
2728 ALG.EXE
2808 C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
2868 C:\WINDOWS\System32\WBEM\wmiapsrv.exe
996 C:\WINDOWS\System32\RUNDLL32.EXE
2372 C:\WINDOWS\System32\wscntfy.exe
3660 C:\Programme\Mozilla Firefox\firefox.exe
2336 C:\Programme\3DataManager\3DataManager.exe
1864 C:\WINDOWS\System32\notepad.exe
192 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`1223be00 (FAT32)
PhysicalDrive0 Model Number: TOSHIBAMK1032GSX, Rev: AS021G
Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done! |
|
28.11.2010, 00:16
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schriften verschwinden, System reagiert nicht mehr Hast Du noch andere Betriebssystem außer WinXP drauf? Wenn nicht, also WinXP das einzige installierte System ist: Starte den Rechner neu und wähle im Bootmenü die Wiederherstellungskonsole aus. Tipp dort den Befehl fixmbr ein (dann Enter, mit j bestätigen) danach den Befehl fixboot (dann Enter, mit j bestätigen) Mit exit (dann enter drücken) wird der Rechner neu gestartet. Führe im normalen Windowsmodus den Bootkit Remover nochmals aus und poste das neue Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.11.2010, 00:22
| #15 |
| | Schriften verschwinden, System reagiert nicht mehr hi, Nein, hab ich nicht. Werd das fixmbr mal machen. noch ne Frage: welches ist der Bootkit Remover? LG Kaya |
|
| Themen zu Schriften verschwinden, System reagiert nicht mehr |
| avira, browser, browsertabs, center, dateien, desktop, einstellungen, firefox, infected, internet, laptop, malwarebytes, microsoft, neustart, problem, reagiert nicht, reagiert nicht mehr, scan, schrift-verschwindet, schutz, screenshot, security, sekunden, software, system, system reagiert nicht, system32, taskleiste, virenschutz, windows |
Linear-Darstellung
