Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   My Security Shield -> Logfile -> Bitte prüfen (https://www.trojaner-board.de/93908-my-security-shield-logfile-bitte-pruefen.html)

Zauber 19.12.2010 01:48
My Security Shield -> Logfile -> Bitte prüfen
 
Hallo,

ich hatte Heute ungebetenen Besuch von "My Security Shield".

Ich habe alles so wie in der Anleitung ( http://www.trojaner-board.de/89160-m...entfernen.html ) vorgeschlagen durchgeführt.

Nun stelle ich die OTL-Logfiles, wie vorgeschlagen, hier zur Prüfung nochmals rein:OTL Logfile:
Code:
OTL logfile created on: 19.12.2010 01:08:35 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\xxxx\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 9,05 Gb Free Space | 12,98% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 69,43 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive E: | 3,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: xxxx-PC | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Users\xxxx\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\xxxx\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\eNetHook.dll (acer)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.xxxx.de/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 20:23:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 20:23:22 | 000,000,000 | ---D | M]
 
[2008.07.18 01:00:57 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions
[2010.12.18 14:12:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\rvdo28ks.default\extensions
[2010.04.27 09:10:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\rvdo28ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.08 14:15:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.24 10:52:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.28 08:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.08 14:15:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.24 15:02:37 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.24 15:02:37 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.24 15:02:37 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.24 15:02:37 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.24 15:02:37 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.18 22:43:00 | 000,000,698 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [Acer Tour Reminder] File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Users\JoshSuki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.24 15:29:11 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006.10.01 00:10:34 | 000,000,147 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2006.09.25 00:53:27 | 000,602,112 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{5c79a253-54b1-11dc-8971-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5c79a253-54b1-11dc-8971-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.19 00:53:57 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.18 19:57:54 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes
[2010.12.18 19:57:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.18 19:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.18 19:57:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.18 19:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.18 19:25:41 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\MSA
[2010.12.17 00:21:07 | 000,000,000 | ---D | C] -- C:\Games
[2010.12.17 00:01:02 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.17 00:01:00 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.17 00:01:00 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.17 00:00:59 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.17 00:00:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.17 00:00:56 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.17 00:00:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.17 00:00:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.17 00:00:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.17 00:00:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.17 00:00:48 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.17 00:00:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.17 00:00:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.17 00:00:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.17 00:00:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.17 00:00:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.17 00:00:47 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.17 00:00:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.17 00:00:47 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.17 00:00:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.17 00:00:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.17 00:00:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.17 00:00:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.17 00:00:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.17 00:00:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.17 00:00:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2007.05.19 23:03:06 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007.05.19 14:34:27 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.19 00:53:59 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.19 00:43:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.19 00:43:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.19 00:43:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.19 00:43:29 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.18 20:42:03 | 000,212,992 | ---- | M] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.18 19:57:44 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.17 03:16:34 | 000,372,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.17 00:21:09 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney SE v7.34.lnk
[2010.12.05 17:39:36 | 000,064,000 | ---- | M] () -- C:\Users\xxxx\Documents\Qte1.doc
[2010.12.05 17:09:48 | 000,077,824 | ---- | M] () -- C:\Users\xxxx\Documents\bbungasb.doc
[2010.12.05 16:55:23 | 000,020,094 | ---- | M] () -- C:\Users\xxxx\Documents\seg4.odt
[2010.12.05 16:29:06 | 000,090,112 | ---- | M] () -- C:\Users\xxxx\Documents\LL0111of.doc
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.20 16:45:54 | 000,078,848 | ---- | M] () -- C:\Users\xxxx\Documents\bbungdsz.doc
[2010.11.19 14:53:58 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
 
========== Files Created - No Company Name ==========
 
[2010.12.19 00:53:59 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.18 19:57:44 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.18 19:41:18 | 2145,509,376 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.17 00:21:09 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney SE v7.34.lnk
[2010.12.05 17:09:46 | 000,077,824 | ---- | C] () -- C:\Users\xxxx\Documents\bbungasb.doc
[2010.12.05 16:55:22 | 000,020,094 | ---- | C] () -- C:\Users\xxx\Documents\sxoeg4.odt
[2010.11.20 15:00:55 | 000,078,848 | ---- | C] () -- C:\Users\xxx\Documents\bbungdsz.doc
[2009.09.24 13:03:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.03 11:24:14 | 000,000,680 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat
[2009.03.05 18:07:06 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2009.03.05 18:05:09 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.03.05 17:42:29 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLeNL.DLL
[2008.09.01 23:50:36 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.09.01 23:50:36 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.07.18 13:39:05 | 000,000,096 | ---- | C] () -- C:\Users\xxxx\AppData\Local\fusioncache.dat
[2008.05.01 17:40:50 | 000,157,696 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.05.01 17:40:46 | 000,856,064 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.05.01 17:40:46 | 000,568,850 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008.05.01 17:40:46 | 000,217,088 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.05.01 17:40:45 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.01 17:40:42 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.11.30 18:56:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.11.29 14:52:24 | 000,212,992 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.28 13:57:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2007.11.27 13:16:13 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.08.28 02:17:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.08.28 02:17:20 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007.05.20 01:52:39 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.05.19 23:03:07 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.05.19 14:36:19 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.05.19 14:34:47 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.05.19 14:34:47 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.05.19 14:34:24 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.05.19 14:28:31 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007.04.12 16:42:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.12 16:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.12 16:41:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.12 16:40:04 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.12 16:39:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.12 16:39:48 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:94188BC6
 
< End of report >
--- --- ---


UNDOTL Logfile:
Code:
OTL Extras logfile created on: 19.12.2010 01:08:35 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\xxxx\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 9,05 Gb Free Space | 12,98% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 69,43 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive E: | 3,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: xxxxxx-PC | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22A5E06F-D59A-4C48-BBB4-A06842DFEE40}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{26122130-B5C0-440D-A7C7-F064D0C3FDAB}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{2FE687CD-69B4-4000-9C49-A375970046B5}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{3C0D8CE2-6EB7-4A61-A30B-E2D76B652DC6}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{3C82723C-3BB1-4DB0-B127-BB8721B4C35B}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{41890CBF-D0E7-4907-91EB-DD200E2F5646}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{479ACCCF-B301-49F7-9418-57AD4C9DCF73}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{68FB9B0F-7D96-45A2-B9D5-C43935D39B49}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{7BA3FE8C-2FB5-41FA-B951-CA9F7196E598}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{82BABC09-4E39-40FC-B369-337588E79DA6}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{8A3A2F3A-166F-4644-82F3-DD42396D47F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8C3B82B7-5122-43DF-A690-696CF8088F03}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8DDA8886-6435-4BE6-8A41-84DE96335A53}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{94F65E51-8BA6-4167-8EB1-BF290F7770CF}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{A14DC2D9-70E5-4316-A8C4-FDD042F6584A}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{A90BE003-D0F3-44A9-AF43-5A504EB693B6}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{AEDC17AF-850B-4C48-A22F-6AAFB214B24C}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{E13DAC76-9080-488E-B14A-A09E8C7C96A0}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{E2061A89-8B2B-4C34-A0F5-85D6D996A2B4}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{EBAD4F5A-EEBC-4CF5-8D13-83CFC4817AAE}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{FB05615A-3F6C-48B2-912A-FECB096B4D62}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"TCP Query User{0230A4E5-C4E0-48C8-897E-F8FEE93565E3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{082474EA-685F-45D5-8BAB-FA680D051780}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3C91C7A0-E94F-4391-99DD-16CEE5A9BF5B}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"TCP Query User{936D8472-5AE4-4233-A4F5-810338429B71}C:\program files\atari\act of war - direct action\aoweditor.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\aoweditor.exe |
"TCP Query User{B1E6287D-52C9-4500-BA5A-7141F5D241F9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E3653AE0-1E4A-4FB7-B55D-81C2470E02C9}C:\program files\ea games\command & conquer generäle stunde null\patchget.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\patchget.dat |
"TCP Query User{F96EBB54-1611-4355-88B9-ED6F562FFC5C}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{28F50254-58FA-4C6B-B221-D2E4143B57D0}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{39ADFFC6-D45F-40E2-99F0-205125872036}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{47C4EE7E-4BE1-431D-83C3-37D17E7D11F5}C:\program files\atari\act of war - direct action\aoweditor.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\aoweditor.exe |
"UDP Query User{7EF7413B-A232-4FD5-8C7A-C71B480A15E1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A0B38A23-AD6D-47BE-B49B-DCC73FE0B82D}C:\program files\ea games\command & conquer generäle stunde null\patchget.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\patchget.dat |
"UDP Query User{CD55BDBE-EDFD-44CD-868E-8231F4506AF3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E2C7A304-8781-49D0-9F47-388E544FA6B4}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08021248-88B6-E67B-CFD0-7B2C690CF37F}" = Catalyst Control Center Localization Russian
"{0ABBC013-7CF3-FEAE-8851-A4A290DC3D93}" = Catalyst Control Center Localization Norwegian
"{0E290898-A92A-682B-84BC-791E4B51D39E}" = Catalyst Control Center Localization Finnish
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade
"{196654EB-009F-6E50-7BAB-CE60C89AE403}" = ccc-core-static
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 22
"{2A5050FE-B629-D35A-38F3-89B353477674}" = Catalyst Control Center Localization Spanish
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0
"{3838E2BF-91E8-730A-9C1C-4D73A9A08A91}" = Catalyst Control Center Graphics Light
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3DB8A7B1-2EEB-56AF-A877-5742D2B18BEC}" = Catalyst Control Center Localization Dutch
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{429CEC54-6DE7-C63D-EB89-518AAB6F0E35}" = Catalyst Control Center Localization Korean
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E55CE14-FC19-0D1F-E603-9CB92DBD9E7E}" = Catalyst Control Center Localization Italian
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5204EE13-A206-ED46-8AD6-5102491DE3B6}" = Catalyst Control Center Localization Portuguese
"{54ADF8E0-E14A-6C4E-9D60-51637D6576BE}" = Catalyst Control Center Localization Czech
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{62355C0D-A1AC-0C50-582A-83F08692D1A4}" = Catalyst Control Center Localization Danish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6A904BEA-D1B5-3077-E82D-239262DCE266}" = Catalyst Control Center Localization Thai
"{6CF2361C-E085-E644-9503-D2755C98D1B7}" = Catalyst Control Center Localization German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A2E65F0-FCD3-50F7-CD3A-D17E01D9B22D}" = Catalyst Control Center Localization Japanese
"{7CD88B0E-CC14-20C4-AAD7-310883457848}" = ccc-utility
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8DAE66B9-3D2C-870A-AC1F-D98D56B2E48D}" = Catalyst Control Center Localization Chinese Standard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B850277-4198-1D44-B7BD-CA8D4DCEE620}" = Catalyst Control Center Localization Polish
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FDBB8DB-753F-6482-DB5E-2B7DA5577053}" = Catalyst Control Center Localization Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch
"{AEA296D6-0F45-5B8E-FA16-6D553D5E6149}" = Catalyst Control Center Core Implementation
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{BFC7B8B9-37A3-F118-8929-8D6C0E52E9B2}" = Catalyst Control Center Localization Hungarian
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C28512D7-66A1-2EF6-94F3-6A458BD76419}" = Catalyst Control Center Localization Greek
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C99B5FE7-A85C-77A6-64BD-644358B01A45}" = Catalyst Control Center Localization Turkish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE992AB2-28A0-4A92-01B8-970606F7B2A4}" = Catalyst Control Center Localization French
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D8FC2439-A2CA-6EEC-523D-8470C7967533}" = Catalyst Control Center Localization Swedish
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E3F696A6-98D9-438E-B942-B498087C015B}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ArtMoney SE_is1" = ArtMoney SE v7.34
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Black Mirror_is1" = Black Mirror 1.2
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free Download Manager_is1" = Free Download Manager 3.0
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"OpenTTD" = OpenTTD 1.0.0-RC2
"PokerTH 0.8.1" = PokerTH
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinRAR archiver" = WinRAR Archivierer
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.12.2010 17:31:28 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.12.2010 17:50:33 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.12.2010 17:50:33 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.12.2010 19:44:08 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.12.2010 19:44:08 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.12.2010 19:45:06 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.12.2010 19:45:08 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.12.2010 19:46:07 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.12.2010 19:46:08 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.12.2010 19:46:11 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 18.04.2008 17:22:15 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
 
[ System Events ]
Error - 18.12.2010 14:52:11 | Computer Name = xxxx-PC | Source = DCOM | ID = 10010
Description =
 
Error - 18.12.2010 17:26:22 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.12.2010 17:45:16 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 18.12.2010 17:50:25 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.12.2010 17:56:55 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 18.12.2010 17:57:04 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 18.12.2010 17:57:04 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 18.12.2010 17:57:04 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 18.12.2010 19:43:20 | Computer Name = xxxx-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 18.12.2010 19:43:52 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---


Ich hoffe ich habe alles richtig gemacht, ihr könnt mir helfen und dass das System jetzt wieder sauber ist. Der Laptop verhält sich, soweit ich das beurteilen kann, jetzt wieder normal.

Das Einzige was sich geändert hat ist: Beim Hochfahren erhalte ich nun eine Meldung, dass einige Autostartprogramme von der Firewall "geblockt" wurden. Diese stehen in einer Liste als "noch nicht klassifiziert". Diese Meldung bekam ich vorher noch nie. Ist das Normal?

Viele Grüße & schonmal vorab Danke für die Mühe


Zauber

cosinus 19.12.2010 17:14
Wo sind die Logs von malwarebytes? Bitte alle davon posten.

Zauber 19.12.2010 17:29
Hallo Arno,

hier bitte:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5350

Windows 6.0.6002 Service Pack 2
Internet Explorer

18.12.2010 22:22:57
mbam-log-2010-12-18 (22-22-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 330674
Laufzeit: 1 Stunde(n), 29 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscj.exe (Backdoor.Bot) -> Value: mscj.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Value: userinit -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscjm.exe (Trojan.FakeAlert) -> Value: mscjm.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\xxxx\AppData\Roaming\MSA\mscj.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\xxxx\AppData\Local\qvtausoi.exe (Trojan.GBFE) -> Quarantined and deleted successfully.
c:\Users\xxxx\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\HTCF18B2\exe55[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\xxxx\AppData\Roaming\microsoft\Windows\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.
c:\Users\xxxx\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


UND


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5350

Windows 6.0.6002 Service Pack 2
Internet Explorer

18.12.2010 23:07:06
mbam-log-2010-12-18 (23-07-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159897
Laufzeit: 7 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


War mir nicht klar, dass die auch notwendig sind.

Viele Grüße


Zauber

cosinus 19.12.2010 21:37
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.24 15:29:11 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006.10.01 00:10:34 | 000,000,147 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2006.09.25 00:53:27 | 000,602,112 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{5c79a253-54b1-11dc-8971-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5c79a253-54b1-11dc-8971-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.)
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:94188BC6
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Zauber 19.12.2010 21:52
Okay, hab´ ich alles gemacht.

Hier das Logfile:

All processes killed
========== OTL ==========
C:\autoexec.bat moved successfully.
File not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c79a253-54b1-11dc-8971-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c79a253-54b1-11dc-8971-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c79a253-54b1-11dc-8971-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c79a253-54b1-11dc-8971-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
ADS C:\ProgramData\TEMP:52B72A7C deleted successfully.
ADS C:\ProgramData\TEMP:94188BC6 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Acer
->Temp folder emptied: 280194 bytes
->Temporary Internet Files folder emptied: 106942 bytes
->Flash cache emptied: 75 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: XXXX
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 434622 bytes
->Java cache emptied: 107326543 bytes
->FireFox cache emptied: 105852486 bytes
->Flash cache emptied: 2635 bytes

User: Public

User: Support
->Temp folder emptied: 34771 bytes
->Temporary Internet Files folder emptied: 1178966 bytes
->Flash cache emptied: 75 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1248 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 205,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12192010_214217

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Viele Grüße


Zauber

cosinus 20.12.2010 08:25
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Zauber 20.12.2010 22:19
Okay. Ich habe alles erledigt.

Combofix Logfile:
Code:
ComboFix 10-12-20.01 - XXXX 20.12.2010  20:53:38.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2045.1280 [GMT 1:00]
ausgeführt von:: c:\users\XXXX\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\users\XXXX\AppData\Roaming\MSA

.
(((((((((((((((((((((((  Dateien erstellt von 2010-11-20 bis 2010-12-20  ))))))))))))))))))))))))))))))
.

2073-04-13 15:17 . 2006-11-21 18:48        203576        ------w-        c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2010-12-20 20:05 . 2010-12-20 20:05        --------        d-----w-        c:\users\XXXX\AppData\Local\temp
2010-12-20 20:05 . 2010-12-20 20:05        --------        d-----w-        c:\users\Support\AppData\Local\temp
2010-12-20 20:05 . 2010-12-20 20:05        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-12-20 20:05 . 2010-12-20 20:05        --------        d-----w-        c:\users\Acer\AppData\Local\temp
2010-12-19 20:42 . 2010-12-19 20:42        --------        d-----w-        C:\_OTL
2010-12-18 23:53 . 2010-12-18 23:54        --------        d-----w-        c:\program files\CCleaner
2010-12-18 18:57 . 2010-12-18 18:57        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Malwarebytes
2010-12-18 18:57 . 2010-11-29 16:42        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 18:57 . 2010-12-18 18:57        --------        d-----w-        c:\programdata\Malwarebytes
2010-12-18 18:57 . 2010-12-18 18:57        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-12-18 18:57 . 2010-11-29 16:42        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-12-18 13:08 . 2010-11-10 04:33        6273872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{63AD2FC2-D99A-4E0D-975A-13AE633F69E4}\mpengine.dll
2010-12-16 23:21 . 2010-12-16 23:21        --------        d-----w-        C:\Games
2010-12-16 23:01 . 2010-10-12 15:53        33280        ----a-w-        c:\program files\Windows Mail\wabfind.dll
2010-12-16 23:01 . 2010-10-12 13:41        66048        ----a-w-        c:\program files\Windows Mail\wabmig.exe
2010-12-16 23:01 . 2010-10-12 13:41        515584        ----a-w-        c:\program files\Windows Mail\wab.exe
2010-12-16 23:01 . 2010-10-18 13:31        2038272        ----a-w-        c:\windows\system32\win32k.sys
2010-12-16 23:01 . 2010-11-04 18:56        345600        ----a-w-        c:\windows\system32\wmicmiplugin.dll
2010-12-16 23:01 . 2010-11-04 18:55        352768        ----a-w-        c:\windows\system32\taskschd.dll
2010-12-16 23:01 . 2010-11-04 18:55        601600        ----a-w-        c:\windows\system32\schedsvc.dll
2010-12-16 22:59 . 2010-11-03 10:51        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2010-11-24 15:23 . 2010-10-19 04:27        7680        ----a-w-        c:\program files\Internet Explorer\iecompat.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 13:53 . 2010-11-03 10:05        108144        ----a-w-        c:\windows\system32\CmdLineExt.dll
2010-10-19 09:41 . 2009-10-03 20:27        222080        ------w-        c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-04-10 678672]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 457728]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 1286144]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-11-21 46728]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 206952]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

c:\users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-19 535336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2004-11-24 14976]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-11-21 202872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-11-21 194240]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2006-11-21 102760]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ebay.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\users\JoshSuki\AppData\Roaming\Mozilla\Firefox\Profiles\rvdo28ks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-20 21:05
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2383994041-3322965716-2490565414-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:36,f1,b8,b4,44,d3,de,6d,ea,0d,ba,59,90,62,03,70,9c,42,b6,30,fd,20,02,
  92,63,6c,43,d5,ed,44,ac,4a,9f,00,3c,6f,be,c6,9f,41,34,5b,b8,d3,f9,a0,75,b1,\
"??"=hex:32,cc,82,01,10,ef,17,82,0a,c9,7c,c0,49,66,d7,5c

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\System32\eNetHook.dll

- - - - - - - > 'lsass.exe'(708)
c:\windows\System32\eNetHook.dll
.
Zeit der Fertigstellung: 2010-12-20  21:12:47
ComboFix-quarantined-files.txt  2010-12-20 20:12

Vor Suchlauf: 14 Verzeichnis(se), 10.087.231.488 Bytes frei
Nach Suchlauf: 9.919.012.864 Bytes frei

- - End Of File - - 23C946F67A5279921176295312D2E8B9
--- --- ---


Viele Grüße


Zauber

cosinus 20.12.2010 22:32
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Zauber 21.12.2010 02:22
Ok. Ich habe alles erledigt. Hier die Logfiles.

GMER:

GMER Logfile:
Code:
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-21 01:54:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SB4O
Running: qqeqyluz.exe; Driver: C:\Users\XXXX\AppData\Local\Temp\fxlirkow.sys


---- System - GMER 1.0.15 ----

SSDT  8C52501C                                                                                            ZwCreateThread
SSDT  8C525008                                                                                            ZwOpenProcess
SSDT  8C52500D                                                                                            ZwOpenThread
SSDT  8C525017                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!KeSetEvent + 221                                                                        81CBA984 4 Bytes  [1C, 50, 52, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 3F2                                                                        81CBAB55 3 Bytes  [50, 52, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 40D                                                                        81CBAB70 4 Bytes  [0D, 50, 52, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 621                                                                        81CBAD84 4 Bytes  [17, 50, 52, 8C]
.text  C:\Windows\system32\DRIVERS\atksgt.sys                                                              section is writeable [0x9AEE8300, 0x3ACC8, 0xE8000020]
.text  C:\Windows\system32\DRIVERS\lirsgt.sys                                                              section is writeable [0x9AF3C300, 0x1B7E, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73B17817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [73B6A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [73B1BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [73B0F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [73B175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73B0E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73B48395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [73B1DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [73B0FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73B0FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [73B071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [73B9CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73B3C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [73B0D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [73B06853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73B0687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [73B12AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File  C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb                                              0 bytes

---- EOF - GMER 1.0.15 -
--- --- ---

OSAM:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 02:11:50 on 21.12.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "acer" - C:\Windows\System32\eNetHook.dll
"AppInit_DLLs" - "acer" - C:\Windows\System32\eNetHook.dll
"AppInit_DLLs" - "acer" - C:\Windows\system32\eNetHook.dll

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Computer, Inc." - C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\XXXX\AppData\Local\Temp\catchme.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS
"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys
"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
"SRTSP" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSP.SYS
"SRTSPL" (SRTSPL) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPL.SYS
"SRTSPX" (SRTSPX) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPX.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Intrusion Prevention Driver" (IDSvix86) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\Windows\Downloaded Program Files\gp.ocx / hxxp://www.adobe.com/products/acrobat/nos/gp.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
{90222687-F593-4738-B738-FBEE9C7B26DF} "Show Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
<binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Program Files\Free Download Manager\iefdm2.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Windows\system32\ActiveToolBand.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} "Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} "{1E8A6170-7264-4D0F-BEAE-D42A53123C75}" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 2.4.lnk" - ? - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer Tour Reminder" - "Acer Inc." - C:\Acer\AcerTour\Reminder.exe
"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"ccApp" - "Symantec Corporation" - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"eAudio" - "CyberLink" - "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"IS CfgWiz" - "Symantec Corporation" - "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"OpwareSE4" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"osCheck" - "Symantec Corporation" - "C:\Program Files\Norton Internet Security\osCheck.exe"
"PlayMovie" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"StartCCC" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe
"WrtMon.exe" - ? - C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ALaunch Service" (ALaunchService) - ? - C:\Acer\ALaunch\ALaunchSvc.exe
"Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"COM Host" (comHost) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"eDSService.exe" (eDataSecurity Service) - "HiTRSUT" - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
"eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
"eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe
"ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Symantec AppCore Service" (SymAppCore) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
"Symantec Core LC" (Symantec Core LC) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
"Symantec IS Kennwortprüfung" (ISPwdSvc) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\isPwdSvc.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\system32\acer.scr  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer:
System Product Name: Aspire 5710Z
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 165):
0x81C0F000 \SystemRoot\system32\ntkrnlpa.exe
0x81FC8000 \SystemRoot\system32\hal.dll
0x80606000 \SystemRoot\system32\kdcom.dll
0x8060D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067D000 \SystemRoot\system32\PSHED.dll
0x8068E000 \SystemRoot\system32\BOOTVID.dll
0x80696000 \SystemRoot\system32\CLFS.SYS
0x806D7000 \SystemRoot\system32\CI.dll
0x82208000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82284000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82291000 \SystemRoot\system32\drivers\acpi.sys
0x822D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x822E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x822E8000 \SystemRoot\system32\drivers\pci.sys
0x8230F000 \SystemRoot\System32\drivers\partmgr.sys
0x8231E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82321000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8232B000 \SystemRoot\system32\drivers\volmgr.sys
0x8233A000 \SystemRoot\System32\drivers\volmgrx.sys
0x82384000 \SystemRoot\system32\drivers\intelide.sys
0x8238B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82399000 \SystemRoot\System32\drivers\mountmgr.sys
0x87A0C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x87AD3000 \SystemRoot\system32\drivers\atapi.sys
0x87ADB000 \SystemRoot\system32\drivers\ataport.SYS
0x87AF9000 \SystemRoot\system32\drivers\fltmgr.sys
0x87B2B000 \SystemRoot\system32\drivers\fileinfo.sys
0x87B3B000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x87B44000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C0F000 \SystemRoot\system32\drivers\ndis.sys
0x87D1A000 \SystemRoot\system32\drivers\msrpc.sys
0x87D45000 \SystemRoot\system32\drivers\NETIO.SYS
0x87E09000 \SystemRoot\System32\drivers\tcpip.sys
0x87EF3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88007000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88117000 \SystemRoot\system32\drivers\volsnap.sys
0x88150000 \SystemRoot\System32\Drivers\spldr.sys
0x88158000 \SystemRoot\system32\drivers\psdvdisk.sys
0x8816A000 \SystemRoot\system32\drivers\PSDNServ.sys
0x88173000 \SystemRoot\System32\Drivers\mup.sys
0x88182000 \SystemRoot\System32\drivers\ecache.sys
0x881A9000 \SystemRoot\system32\drivers\disk.sys
0x881BA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x881DB000 \SystemRoot\system32\drivers\crcdisk.sys
0x881F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87FD5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FDE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87FED000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8BC07000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8C2DC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C37D000 \SystemRoot\System32\drivers\watchdog.sys
0x8B80F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B89C000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8B924000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B92F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B96D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B97C000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0x8B991000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8B9AB000 \SystemRoot\system32\DRIVERS\ESM7SK.sys
0x8B9C3000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0x8B9D3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B9D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B9EA000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8B9F4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C389000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8B800000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C3B2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B80B000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8C3CA000 \SystemRoot\system32\DRIVERS\serscan.sys
0x87D80000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x87DAF000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C3D2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C3DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C3F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x87BB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x87DF0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x87BD8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x823A9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x87BEC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B80D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x823BE000 \SystemRoot\system32\DRIVERS\ks.sys
0x87FF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x87C00000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807B7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x823E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C80A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C9B9000 \SystemRoot\system32\drivers\portcls.sys
0x8CA0B000 \SystemRoot\system32\drivers\drmk.sys
0x8CA30000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8CA6D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CC08000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CCBD000 \SystemRoot\system32\drivers\modem.sys
0x8CCCA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CCE1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CCE3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8CCEC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8CCFC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8CD03000 \SystemRoot\system32\drivers\usbaudio.sys
0x8CD15000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8CD1D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CD26000 \SystemRoot\System32\Drivers\Null.SYS
0x8CD2D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CD34000 \SystemRoot\System32\drivers\vga.sys
0x8CD40000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CD61000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CD69000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CD71000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CD7C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CD8A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CD93000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CDA9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CB70000 \SystemRoot\system32\drivers\afd.sys
0x8CDBD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CBB8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CDEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CBCE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CC00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CBE1000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8CE0B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CE47000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x8CE4B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CE55000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8CEB7000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8CED4000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8CEF6000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CF0D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8CF29000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8CF2B000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8CF66000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87F0E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x95830000 \SystemRoot\System32\win32k.sys
0x8CF73000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CF7D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95A50000 \SystemRoot\System32\TSDDD.dll
0x95A70000 \SystemRoot\System32\cdd.dll
0x8CF8C000 \SystemRoot\system32\drivers\luafv.sys
0x8CFA7000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x98604000 \SystemRoot\system32\drivers\spsys.sys
0x986B4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x986C4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x986EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x986F8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9870B000 \SystemRoot\system32\drivers\HTTP.sys
0x98778000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98795000 \SystemRoot\system32\DRIVERS\bowser.sys
0x987AE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x987C3000 \SystemRoot\system32\drivers\mrxdav.sys
0x8CFC3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9AC0C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9AC45000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9AC5D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9AC85000 \SystemRoot\System32\DRIVERS\srv.sys
0x9ACEB000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9AD2E000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x9AD3F000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9AD44000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA1203000 \SystemRoot\system32\drivers\peauth.sys
0xA12E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA12EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA12F7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA12FF000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
0xA1301000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xA200C000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS
0xA20D6000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS
0x77BD0000 \Windows\System32\ntdll.dll

Processes (total 93):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
528 csrss.exe
580 C:\Windows\System32\wininit.exe
592 csrss.exe
624 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\winlogon.exe
836 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\Ati2evxx.exe
1108 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\audiodg.exe
1256 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\SLsvc.exe
1320 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\Ati2evxx.exe
1564 C:\Windows\System32\svchost.exe
1716 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1800 C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
300 C:\Windows\System32\spoolsv.exe
328 C:\Program Files\Avira\AntiVir Desktop\sched.exe
340 C:\Windows\System32\svchost.exe
2076 C:\Windows\System32\dwm.exe
2116 C:\Windows\System32\taskeng.exe
2140 C:\Windows\explorer.exe
2344 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2364 C:\Windows\System32\taskeng.exe
2376 C:\Windows\RtHDVCpl.exe
2620 C:\Windows\System32\rundll32.exe
2636 C:\Acer\ALaunch\ALaunchSvc.exe
2692 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2724 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
2824 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
2932 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
2976 C:\Acer\Empowering Technology\eNet\eNet Service.exe
3036 C:\Users\XXXX\AppData\Local\temp\RtkBtMnt.exe
3044 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3076 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3104 C:\Acer\Mobility Center\MobilityService.exe
3176 C:\Windows\System32\svchost.exe
3204 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3240 C:\Windows\System32\svchost.exe
3324 C:\Windows\System32\svchost.exe
3356 C:\Windows\System32\SearchIndexer.exe
3420 C:\Windows\System32\drivers\XAudio.exe
3444 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3536 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3628 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
3784 WmiPrvSE.exe
3880 WmiPrvSE.exe
3988 unsecapp.exe
3616 C:\Program Files\Launch Manager\LManager.exe
3652 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
3612 C:\Acer\Empowering Technology\eAudio\eAudio.exe
3752 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3332 C:\Program Files\Apoint2K\Apoint.exe
4024 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
2536 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
2432 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2276 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
2792 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2796 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
3428 C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
2648 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2516 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2712 C:\Program Files\Windows Sidebar\sidebar.exe
4112 C:\Windows\ehome\ehtray.exe
4156 C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
4232 C:\Windows\ehome\ehmsas.exe
4336 C:\Program Files\Apoint2K\ApMsgFwd.exe
4396 C:\Acer\Empowering Technology\eNet\eNMTray.exe
4428 C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
4448 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4464 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
4528 C:\Program Files\Apoint2K\ApntEx.exe
4560 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
4588 C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
5632 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1304 C:\Program Files\Mozilla Firefox\firefox.exe
4648 C:\Program Files\Mozilla Firefox\plugin-container.exe
5732 C:\Windows\servicing\TrustedInstaller.exe
5412 C:\Windows\System32\SearchProtocolHost.exe
4268 C:\Windows\System32\SearchFilterHost.exe
2732 dllhost.exe
5172 dllhost.exe
1724 C:\Users\XXXX\Desktop\MBRCheck.exe
5360 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e2200000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


Viele Grüße


Zauber

cosinus 21.12.2010 09:50
Zitat:
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
Hast Du noch andere Betriebssysteme außer Vista installiert?

Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

Zauber 21.12.2010 14:08
Zitat:
Zitat von cosinus (Beitrag 600966)
Hast Du noch andere Betriebssysteme außer Vista installiert?
Nein. Nur Vista.

Zwei kurze Fragen: Imageburn lässt sich bei mir leider nicht installieren (Fehlermeldung: NSIS Error/Installer integry check has failed). Kann ich auch mit NTI CD & DVD Maker 7 (das habe ich bereits auf meinem Laptop) ein Image brennen? Dort finde ich allerdings keine "Imagebrennfunktion". Mit welchem Programm könnte ich die Image-CD/DVD noch erstellen?

Sollte ich vor der Vista-Reparatur wichtige Daten/Programme sichern? Oder ändert das nichts an den gespeicherten Daten?

Bitte entschuldige die Fragen, aber ich bin leider kein Experte auf dem Gebiet.

Viele Grüße


Zauber

cosinus 21.12.2010 16:15
Zitat:
Mit welchem Programm könnte ich die Image-CD/DVD noch erstellen?
CDBurnerXP

Zitat:
Sollte ich vor der Vista-Reparatur wichtige Daten/Programme sichern? Oder ändert das nichts an den gespeicherten Daten?
Wichtige Daten hat man immer gesichert!!

Zauber 21.12.2010 17:34
Okay. Habe jetzt alles so gemacht.

Allerdings bekam ich in der Eingabeaufforderung eine Fehlermeldung:

X:\sources>bootrec.exe/fixboot
Auf dem Datenträger befindet sich kein erkanntes Dateisystem. Stellen Sie
sicher, dass alle benötigten Dateisystemtreiber geladen sind und dass der Datenträger nicht beschädigt ist.

Die andere Eingabe x:\sources>bootrec.exe/fixmbr quittierte die Eingabeaufforderung damit, dass die Veränderungen durchgeführt worden seien.

Ist da etwas falsch gelaufen oder muss das so sein?

Viele Grüße


Zauber

cosinus 21.12.2010 22:47
Müsste i.O. gehen - Vista startet ja normal oder? ;)
Mach bitte ein neues Log mit mbrcheck

Zauber 22.12.2010 12:54
Ja. Abgesehen von der noch immer erscheinenden Meldung bei jedem Start, dass Windows Defender einige Autostartprogramme blockt, startet und arbeitet Vista, soweit ich das beurteilen kann, normal.

Hier das MBRCheck Logfile:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer:
System Product Name: Aspire 5710Z
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 165):
0x81C40000 \SystemRoot\system32\ntkrnlpa.exe
0x81C0D000 \SystemRoot\system32\hal.dll
0x80606000 \SystemRoot\system32\kdcom.dll
0x8060D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067D000 \SystemRoot\system32\PSHED.dll
0x8068E000 \SystemRoot\system32\BOOTVID.dll
0x80696000 \SystemRoot\system32\CLFS.SYS
0x806D7000 \SystemRoot\system32\CI.dll
0x82206000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82282000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8228F000 \SystemRoot\system32\drivers\acpi.sys
0x822D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x822DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x822E6000 \SystemRoot\system32\drivers\pci.sys
0x8230D000 \SystemRoot\System32\drivers\partmgr.sys
0x8231C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8231F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82329000 \SystemRoot\system32\drivers\volmgr.sys
0x82338000 \SystemRoot\System32\drivers\volmgrx.sys
0x82382000 \SystemRoot\system32\drivers\intelide.sys
0x82389000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82397000 \SystemRoot\System32\drivers\mountmgr.sys
0x87A08000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x87ACF000 \SystemRoot\system32\drivers\atapi.sys
0x87AD7000 \SystemRoot\system32\drivers\ataport.SYS
0x87AF5000 \SystemRoot\system32\drivers\fltmgr.sys
0x87B27000 \SystemRoot\system32\drivers\fileinfo.sys
0x87B37000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x87B40000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C05000 \SystemRoot\system32\drivers\ndis.sys
0x87D10000 \SystemRoot\system32\drivers\msrpc.sys
0x87D3B000 \SystemRoot\system32\drivers\NETIO.SYS
0x87E0B000 \SystemRoot\System32\drivers\tcpip.sys
0x87EF5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88007000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88117000 \SystemRoot\system32\drivers\volsnap.sys
0x88150000 \SystemRoot\System32\Drivers\spldr.sys
0x88158000 \SystemRoot\system32\drivers\psdvdisk.sys
0x8816A000 \SystemRoot\system32\drivers\PSDNServ.sys
0x88173000 \SystemRoot\System32\Drivers\mup.sys
0x88182000 \SystemRoot\System32\drivers\ecache.sys
0x881A9000 \SystemRoot\system32\drivers\disk.sys
0x881BA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x881DB000 \SystemRoot\system32\drivers\crcdisk.sys
0x881F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87FD7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FE0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87FEF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B801000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8BED6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BF77000 \SystemRoot\System32\drivers\watchdog.sys
0x8C203000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C290000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C318000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C323000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C361000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C370000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0x8C385000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C39F000 \SystemRoot\system32\DRIVERS\ESM7SK.sys
0x8C3B7000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0x8C3C7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C3CB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C3DE000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8C3E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BF83000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8C3F3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BFAC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C3FE000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8BFC4000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8BFCC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x87D76000 \SystemRoot\system32\DRIVERS\storport.sys
0x87E00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x87DB7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x87DCE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x87DD9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x87BB1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x87BC0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x87BD4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x87BE9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C200000 \SystemRoot\system32\DRIVERS\swenum.sys
0x823A7000 \SystemRoot\system32\DRIVERS\ks.sys
0x823D1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x823DB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807B7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x823E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C80E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C9BD000 \SystemRoot\system32\drivers\portcls.sys
0x8CA02000 \SystemRoot\system32\drivers\drmk.sys
0x8CA27000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8CA64000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CC0C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CCC1000 \SystemRoot\system32\drivers\modem.sys
0x8CCCE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CCE5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CCE7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8CCF0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8CD00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8CD07000 \SystemRoot\system32\drivers\usbaudio.sys
0x8CD19000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8CD21000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CD2A000 \SystemRoot\System32\Drivers\Null.SYS
0x8CD31000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CD38000 \SystemRoot\System32\drivers\vga.sys
0x8CD44000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CD65000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CD6D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CD75000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CD80000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CD8E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CD97000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CDAD000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CB67000 \SystemRoot\system32\drivers\afd.sys
0x8CDC1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CBAF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CBC5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CBD3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CDF3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CBE6000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8CE0F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CE4B000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x8CE4F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CE59000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8CEBB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8CED8000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8CEFA000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CF11000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8CF2D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8CF2F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87F10000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x94EB0000 \SystemRoot\System32\win32k.sys
0x8CF3C000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CF46000 \SystemRoot\system32\DRIVERS\monitor.sys
0x950D0000 \SystemRoot\System32\TSDDD.dll
0x950F0000 \SystemRoot\System32\cdd.dll
0x8CF55000 \SystemRoot\system32\drivers\luafv.sys
0x8CF70000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x98C0F000 \SystemRoot\system32\drivers\spsys.sys
0x98CBF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x98CCF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x98CF9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98D03000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x98D16000 \SystemRoot\system32\drivers\HTTP.sys
0x98D83000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98DA0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x98DB9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x98DCE000 \SystemRoot\system32\drivers\mrxdav.sys
0x8CF8C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8CFAB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8CFE4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9A405000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9A42D000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A493000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9A4D6000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x9A4E7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9A4FD000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9A502000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9A506000 \SystemRoot\system32\drivers\peauth.sys
0x9A5E4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9A5EE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9A47B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9A483000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
0xA080F000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xA0858000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS
0xA0922000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS
0x77B90000 \Windows\System32\ntdll.dll

Processes (total 93):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
576 csrss.exe
628 C:\Windows\System32\wininit.exe
640 csrss.exe
672 C:\Windows\System32\services.exe
684 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\winlogon.exe
884 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\Ati2evxx.exe
1124 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\audiodg.exe
1316 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\SLsvc.exe
1392 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\Ati2evxx.exe
1564 C:\Windows\System32\svchost.exe
1744 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1812 C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
2032 C:\Windows\System32\spoolsv.exe
308 C:\Program Files\Avira\AntiVir Desktop\sched.exe
348 C:\Windows\System32\svchost.exe
2052 C:\Acer\ALaunch\ALaunchSvc.exe
2108 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2136 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
2320 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
2352 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
2460 C:\Acer\Empowering Technology\eNet\eNet Service.exe
2500 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2532 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2576 C:\Acer\Mobility Center\MobilityService.exe
2632 C:\Windows\System32\svchost.exe
2656 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2708 C:\Windows\System32\svchost.exe
2796 C:\Windows\System32\svchost.exe
2848 C:\Windows\System32\SearchIndexer.exe
2964 C:\Windows\System32\taskeng.exe
3008 C:\Windows\System32\drivers\XAudio.exe
3028 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3092 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3224 C:\Windows\System32\dwm.exe
3264 C:\Windows\System32\taskeng.exe
3272 C:\Windows\explorer.exe
3716 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
3724 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3756 C:\Windows\RtHDVCpl.exe
3948 WmiPrvSE.exe
3992 WmiPrvSE.exe
4092 C:\Windows\System32\rundll32.exe
2628 unsecapp.exe
2844 C:\Users\JoshSuki\AppData\Local\temp\RtkBtMnt.exe
1084 C:\Program Files\Launch Manager\LManager.exe
3332 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
1460 C:\Acer\Empowering Technology\eAudio\eAudio.exe
3896 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3712 C:\Program Files\Apoint2K\Apoint.exe
1064 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
1688 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
3696 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
1100 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
516 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
4000 C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
1260 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4100 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4148 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
4304 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4372 C:\Program Files\Apoint2K\ApMsgFwd.exe
4416 C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
4460 C:\Program Files\Apoint2K\ApntEx.exe
4604 C:\Program Files\Windows Sidebar\sidebar.exe
4612 C:\Windows\ehome\ehtray.exe
4712 C:\Windows\ehome\ehmsas.exe
4748 C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
4780 C:\Acer\Empowering Technology\eNet\eNMTray.exe
4812 C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
4820 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4924 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
5100 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
4160 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1172 C:\Program Files\Mozilla Firefox\firefox.exe
4324 C:\Windows\System32\SearchProtocolHost.exe
4296 C:\Windows\System32\SearchFilterHost.exe
3572 C:\Program Files\Mozilla Firefox\plugin-container.exe
1352 dllhost.exe
3580 dllhost.exe
5928 C:\Users\XXXX\Desktop\MBRCheck.exe
4732 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e2200000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!


Viele Grüße


Zauber


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:55 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55