Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/kazy.mekml.1 eingefangen (https://www.trojaner-board.de/98047-tr-kazy-mekml-1-eingefangen.html)

Seb13 24.04.2011 19:19
TR/kazy.mekml.1 eingefangen
 
Hallo liebe Community,

oben genannter Trojaner hält mich seit Freitag auf Trab.
Die Symptome sind wie bereits bei anderen Betroffenen
schwarzer Desktop,
kein Zugriff auf Daten (versteckt)
willkürliches Runterfahren des Netbooks,
div. Festplattenfehlermeldungen


Ich habe als erstes Malware durchlaufen lassen, allerdings quick scan. Danach war der Desktop zumindest wieder blau, die Festplattenfehler werden nicht mehr angezeigt und das Netbook fährt nicht mehr willkührlich runter.
allerdings las ich, das von Euch ein vollständiger Suchlauf empfohlen wird.
Deswegen füge ich beide Logdateien von beiden Malware-Läufen an plus otl. log

Über Unterstützung würde ich mich naturgemäß echt freuen und hoffe, vernünftig in Vorleistung getreten zu sein.

Viele Grüße
Sebastian

PS: ich sehe gerade, dass ich meine emails immer in achtfacher Ausführung im Posteingang habe. Zusammenhang??

Malware quick
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6433

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.04.2011 18:09:09
mbam-log-2011-04-24 (18-08-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156168
Laufzeit: 11 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\dokumente und einstellungen\all users\anwendungsdaten\uvewqxceajwf.exe (Trojan.FakeAlert) -> 3484 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
c:\dokumente und einstellungen\***\startmenü\programme\windows recovery (Trojan.FakeAV) -> No action taken.

Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\uvewqxceajwf.exe (Trojan.FakeAlert) -> No action taken.
c:\dokumente und einstellungen\***\Desktop\windows recovery.lnk (Trojan.FakeAV) -> No action taken.
c:\dokumente und einstellungen\***\startmenü\programme\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> No action taken.
c:\dokumente und einstellungen\***\startmenü\programme\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> No action taken.
Malware vollständig
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6433

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.04.2011 19:49:38
mbam-log-2011-04-24 (19-49-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 235717
Laufzeit: 1 Stunde(n), 13 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
otl
Code:
OTL logfile created on: 24.04.2011 19:52:31 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 365,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 135,00 Gb Total Space | 21,00 Gb Free Space | 15,56% Space Free | Partition Type: NTFS
Drive D: | 4,04 Gb Total Space | 2,73 Gb Free Space | 67,55% Space Free | Partition Type: FAT32
 
Computer Name: ACER-AB842E1F73 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
PRC - C:\Programme\Mobile Partner Manager\UIExec.exe ()
PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\WINDOWS\PLFSetI.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UI Assistant Service) -- C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Ndisprot) -- C:\WINDOWS\system32\drivers\Ndisprot.sys (Windows (R) 2000 DDK provider)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys ()
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 09:01:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.24 09:01:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.04.08 08:15:27 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.05.15 13:38:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.05.15 13:38:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.24 18:01:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mfv14asg.default\extensions
[2010.05.29 17:26:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mfv14asg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.15 13:25:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.12 18:33:56 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2011.03.07 11:36:43 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.07 11:36:44 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.07 11:36:44 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.07 11:36:44 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.07 11:36:44 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt]  File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKLM..\Run: [UIExec] C:\Programme\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2387590086-650978795-2170371235-1005..\Run: [ProductReg] C:\Programme\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer VCM.lnk = C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.01 17:53:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.24 18:35:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:35:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:04:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2011.04.24 17:55:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Malwarebytes' Anti-Malware
[2011.04.24 17:40:03 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011.04.24 17:39:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.24 17:39:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.24 17:39:10 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.24 17:39:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware
[2011.04.21 19:46:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\NtmsData
[2011.04.21 17:38:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
[2011.04.16 01:27:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ServicePackFiles
[2011.04.05 08:08:34 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular
[2011.04.05 08:07:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011.04.05 08:07:07 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ElsterFormular
[2011.04.05 08:06:28 | 000,000,000 | -H-D | C] -- C:\Programme\ElsterFormular
[2011.04.03 23:16:36 | 000,014,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010.05.15 13:24:33 | 008,188,856 | -H-- | C] (Mozilla) -- C:\Programme\Firefox_Setup_3.6.3.exe
[2009.08.02 03:33:20 | 000,049,152 | -H-- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[2004.11.24 21:25:52 | 000,335,872 | -H-- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.24 19:43:03 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.24 18:35:34 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 18:12:07 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 18:11:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.24 18:11:27 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.24 17:27:10 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.22 13:55:50 | 000,000,400 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19062580
[2011.04.22 13:53:40 | 000,000,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580
[2011.04.22 13:53:40 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580r
[2011.04.21 17:38:30 | 000,450,556 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.21 17:38:30 | 000,434,032 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.21 17:38:30 | 000,068,318 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.21 17:38:29 | 000,081,178 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.16 12:37:52 | 000,365,712 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.16 01:27:39 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.05 08:07:09 | 000,000,711 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2011.04.02 12:36:48 | 000,001,635 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.24 18:35:34 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 13:53:40 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580r
[2011.04.22 13:53:39 | 000,000,160 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580
[2011.04.22 13:53:22 | 000,000,400 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19062580
[2011.04.05 08:07:09 | 000,000,711 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2011.04.02 12:36:48 | 000,001,635 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2011.03.06 19:34:11 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.07.10 23:29:57 | 000,082,432 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.15 13:27:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.15 13:17:03 | 044,151,368 | -H-- | C] () -- C:\Programme\avira_antivir_personal_de1000567.exe
[2009.12.16 16:14:47 | 000,626,688 | -H-- | C] () -- C:\WINDOWS\Image.dll
[2009.12.16 16:14:47 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\PLFSetI.exe
[2009.12.16 16:14:47 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\USB_VIDEO_REG.exe
[2009.12.16 16:14:47 | 000,000,323 | -H-- | C] () -- C:\WINDOWS\PidList.ini
[2009.12.16 16:13:45 | 000,233,472 | -H-- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009.12.16 16:13:45 | 000,145,152 | -H-- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009.12.16 16:13:45 | 000,015,190 | -H-- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.12.16 16:13:40 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\AutosetFrequency.exe
[2009.12.16 16:13:40 | 000,000,639 | -H-- | C] () -- C:\WINDOWS\AutoSetFrequency.ini
[2009.08.02 03:33:11 | 000,450,556 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009.08.02 03:33:11 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009.08.02 03:33:11 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009.08.02 03:33:10 | 000,081,178 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009.08.02 03:32:57 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.08.02 03:32:55 | 000,434,032 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.08.02 03:32:55 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.08.02 03:32:55 | 000,068,318 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.08.02 03:32:55 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.08.02 03:32:54 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.08.02 03:32:54 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.08.02 03:32:53 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.08.02 03:32:49 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.08.02 03:32:49 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.08.02 03:32:43 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.08.02 03:32:40 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009.08.01 20:56:54 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009.08.01 19:46:20 | 000,189,796 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2009.08.01 19:46:20 | 000,001,112 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009.08.01 19:46:20 | 000,000,712 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009.08.01 19:46:20 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009.08.01 19:46:20 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009.08.01 19:45:23 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.08.01 18:48:05 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.08.01 18:47:19 | 000,365,712 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.08.01 17:56:16 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\AMove.exe
[2009.08.01 17:56:16 | 000,007,003 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.08.01 17:55:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.08.01 17:51:12 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.01 17:50:20 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.05.08 16:08:42 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009.02.25 04:20:23 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2008.12.19 17:15:58 | 004,338,246 | -H-- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | -H-- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | -H-- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | -H-- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | -H-- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006.11.02 18:10:16 | 000,080,912 | -H-- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.10.03 19:50:54 | 000,129,024 | -H-- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001.11.14 14:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer GameZone Console
[2011.04.05 08:07:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009.08.01 20:30:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSobi
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Acer GameZone Console
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Super-Cow
[2010.05.08 18:03:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rocket Santiago\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rocket Santiago\Anwendungsdaten\Acer GameZone Console
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rocket Santiago\Anwendungsdaten\Super-Cow
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acer GameZone Console
[2011.04.05 08:08:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular
[2011.03.07 15:17:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla
[2011.04.02 12:36:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2010.05.28 20:02:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Super-Cow
[2010.05.15 13:38:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >

cosinus 25.04.2011 15:54
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Seb13 25.04.2011 17:06
Hallo Arne,

Nein. Das sind alle.

Ich habe jedoch anscheinend das otl extra log unterschlagen.
VG
Sebastian

OTL EXTRA Logfile:
Code:
OTL Extras logfile created on: 24.04.2011 19:52:31 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 365,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 135,00 Gb Total Space | 21,00 Gb Free Space | 15,56% Space Free | Partition Type: NTFS
Drive D: | 4,04 Gb Total Space | 2,73 Gb Free Space | 67,55% Space Free | Partition Type: FAT32
 
Computer Name: ACER-AB842E1F73 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Programme\Acer GameZone\GameConsole
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.1
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{A0DBDF40-559F-11E0-82E2-001D0926B1BF}" = Google Earth Plug-in
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.5.1
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"pdfsam" = pdfsam
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 25.04.2011 20:13
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.01 17:53:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O4 - HKLM..\Run: [M3000Mnt]  File not found
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~*
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1*
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Seb13 28.04.2011 07:40
Über Hilfe würde ich mich tatsächlich echt freuen.
Fehlen noch irgendwelche Angaben / Daten?

Seb13 28.04.2011 07:45
Vielen Dank für den Tipp.
Aufgrund von Arbeitszeiten werde ich mich erst morgen wieder dransetzen können können.

Aber wie gesagt, schon mal danke im Voraus.
VG
Sebastian

Seb13 28.04.2011 17:09
so, ging doch früher als gedacht.
hier das otl fix log
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ not found.
File E:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\M3000Mnt not found.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~* not found.
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1* not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ** **
->Temp folder emptied: 847868 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ** **
->Temp folder emptied: 798716 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 23528073 bytes
->Flash cache emptied: 434 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 647363207 bytes
 
Total Files Cleaned = 642,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04282011_172729

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Ein paar Probleme hab ich allerdings immer noch:
Mein Desktop ist jetzt wieder blank (keine Icons) und die Dateien sind wieder weg.
Außerdem lässt sich Malware nicht mehr installieren. Am Ende des Installationsprozess gibts ne Fehlermeldung ("Setup - Zugriff verweigert").
Avira meldet immer, dass der Zugriff auf D:\AUTORUN.INF blockiert wird. Zusammenhang erschließt sich mir nicht.

Hier noch mal ein otl scan:
OTL Logfile:
Code:
OTL logfile created on: 24.04.2011 19:52:31 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\** **\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 365,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 135,00 Gb Total Space | 21,00 Gb Free Space | 15,56% Space Free | Partition Type: NTFS
Drive D: | 4,04 Gb Total Space | 2,73 Gb Free Space | 67,55% Space Free | Partition Type: FAT32
 
Computer Name: ACER-AB842E1F73 | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\** **\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
PRC - C:\Programme\Mobile Partner Manager\UIExec.exe ()
PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\WINDOWS\PLFSetI.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\** **\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UI Assistant Service) -- C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Ndisprot) -- C:\WINDOWS\system32\drivers\Ndisprot.sys (Windows (R) 2000 DDK provider)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys ()
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 09:01:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.24 09:01:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.04.08 08:15:27 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.05.15 13:38:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Mozilla\Extensions
[2010.05.15 13:38:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.24 18:01:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Mozilla\Firefox\Profiles\mfv14asg.default\extensions
[2010.05.29 17:26:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Mozilla\Firefox\Profiles\mfv14asg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.15 13:25:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.12 18:33:56 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2011.03.07 11:36:43 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.07 11:36:44 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.07 11:36:44 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.07 11:36:44 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.07 11:36:44 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt]  File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKLM..\Run: [UIExec] C:\Programme\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2387590086-650978795-2170371235-1005..\Run: [ProductReg] C:\Programme\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer VCM.lnk = C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\** **\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\** **\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\** **\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.01 17:53:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.24 18:35:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:35:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:04:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\** **\Recent
[2011.04.24 17:55:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\** **\Desktop\Malwarebytes' Anti-Malware
[2011.04.24 17:40:03 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Malwarebytes
[2011.04.24 17:39:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.24 17:39:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.24 17:39:10 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.24 17:39:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware
[2011.04.21 19:46:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\NtmsData
[2011.04.21 17:38:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Avira
[2011.04.16 01:27:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ServicePackFiles
[2011.04.05 08:08:34 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\elsterformular
[2011.04.05 08:07:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011.04.05 08:07:07 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ElsterFormular
[2011.04.05 08:06:28 | 000,000,000 | -H-D | C] -- C:\Programme\ElsterFormular
[2011.04.03 23:16:36 | 000,014,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010.05.15 13:24:33 | 008,188,856 | -H-- | C] (Mozilla) -- C:\Programme\Firefox_Setup_3.6.3.exe
[2009.08.02 03:33:20 | 000,049,152 | -H-- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[2004.11.24 21:25:52 | 000,335,872 | -H-- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.24 19:43:03 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.24 18:35:34 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 18:12:07 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 18:11:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.24 18:11:27 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.24 17:27:10 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.22 13:55:50 | 000,000,400 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19062580
[2011.04.22 13:53:40 | 000,000,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580
[2011.04.22 13:53:40 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580r
[2011.04.21 17:38:30 | 000,450,556 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.21 17:38:30 | 000,434,032 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.21 17:38:30 | 000,068,318 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.21 17:38:29 | 000,081,178 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.16 12:37:52 | 000,365,712 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.16 01:27:39 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.05 08:07:09 | 000,000,711 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2011.04.02 12:36:48 | 000,001,635 | -H-- | M] () -- C:\Dokumente und Einstellungen\** **\.recently-used.xbel
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.24 18:35:34 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 13:53:40 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580r
[2011.04.22 13:53:39 | 000,000,160 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580
[2011.04.22 13:53:22 | 000,000,400 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19062580
[2011.04.05 08:07:09 | 000,000,711 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2011.04.02 12:36:48 | 000,001,635 | -H-- | C] () -- C:\Dokumente und Einstellungen\** **\.recently-used.xbel
[2011.03.06 19:34:11 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.07.10 23:29:57 | 000,082,432 | -H-- | C] () -- C:\Dokumente und Einstellungen\** **\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.15 13:27:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.15 13:17:03 | 044,151,368 | -H-- | C] () -- C:\Programme\avira_antivir_personal_de1000567.exe
[2009.12.16 16:14:47 | 000,626,688 | -H-- | C] () -- C:\WINDOWS\Image.dll
[2009.12.16 16:14:47 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\PLFSetI.exe
[2009.12.16 16:14:47 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\USB_VIDEO_REG.exe
[2009.12.16 16:14:47 | 000,000,323 | -H-- | C] () -- C:\WINDOWS\PidList.ini
[2009.12.16 16:13:45 | 000,233,472 | -H-- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009.12.16 16:13:45 | 000,145,152 | -H-- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009.12.16 16:13:45 | 000,015,190 | -H-- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.12.16 16:13:40 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\AutosetFrequency.exe
[2009.12.16 16:13:40 | 000,000,639 | -H-- | C] () -- C:\WINDOWS\AutoSetFrequency.ini
[2009.08.02 03:33:11 | 000,450,556 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009.08.02 03:33:11 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009.08.02 03:33:11 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009.08.02 03:33:10 | 000,081,178 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009.08.02 03:32:57 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.08.02 03:32:55 | 000,434,032 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.08.02 03:32:55 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.08.02 03:32:55 | 000,068,318 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.08.02 03:32:55 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.08.02 03:32:54 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.08.02 03:32:54 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.08.02 03:32:53 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.08.02 03:32:49 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.08.02 03:32:49 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.08.02 03:32:43 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.08.02 03:32:40 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009.08.01 20:56:54 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009.08.01 19:46:20 | 000,189,796 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2009.08.01 19:46:20 | 000,001,112 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009.08.01 19:46:20 | 000,000,712 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009.08.01 19:46:20 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009.08.01 19:46:20 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009.08.01 19:45:23 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.08.01 18:48:05 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.08.01 18:47:19 | 000,365,712 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.08.01 17:56:16 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\AMove.exe
[2009.08.01 17:56:16 | 000,007,003 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.08.01 17:55:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.08.01 17:51:12 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.01 17:50:20 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.05.08 16:08:42 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009.02.25 04:20:23 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2008.12.19 17:15:58 | 004,338,246 | -H-- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | -H-- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | -H-- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | -H-- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | -H-- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006.11.02 18:10:16 | 000,080,912 | -H-- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.10.03 19:50:54 | 000,129,024 | -H-- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001.11.14 14:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer GameZone Console
[2011.04.05 08:07:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009.08.01 20:30:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSobi
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Acer GameZone Console
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Super-Cow
[2010.05.08 18:03:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Acer GameZone Console
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Super-Cow
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Acer GameZone Console
[2011.04.05 08:08:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\elsterformular
[2011.03.07 15:17:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\FileZilla
[2011.04.02 12:36:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\gtk-2.0
[2010.05.28 20:02:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\OpenOffice.org
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Super-Cow
[2010.05.15 13:38:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


[/code]OTL Logfile:
Code:
OTL Extras logfile created on: 24.04.2011 19:52:31 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\** **\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 365,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 135,00 Gb Total Space | 21,00 Gb Free Space | 15,56% Space Free | Partition Type: NTFS
Drive D: | 4,04 Gb Total Space | 2,73 Gb Free Space | 67,55% Space Free | Partition Type: FAT32
 
Computer Name: ACER-AB842E1F73 | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Programme\Acer GameZone\GameConsole
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.1
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{A0DBDF40-559F-11E0-82E2-001D0926B1BF}" = Google Earth Plug-in
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.5.1
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"pdfsam" = pdfsam
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

[code]

Ich hatte doch tatsächlich gedacht, ich hätte es endlich hinter mich gebracht...:(

VG
S

cosinus 28.04.2011 18:56
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Seb13 01.05.2011 17:04
Hallo Arne,

hier das Log von Kaspersky. Ging wie Du siehst ziemlich schnell durch. Unhide ebenfalls.

Grüße und einen schönen Sonntag, falls wir uns nicht mehr lesen sollten.
Sebastian

Code:
2011/05/01 17:56:27.0390 0596        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/01 17:56:27.0750 0596        ================================================================================
2011/05/01 17:56:27.0750 0596        SystemInfo:
2011/05/01 17:56:27.0750 0596       
2011/05/01 17:56:27.0750 0596        OS Version: 5.1.2600 ServicePack: 3.0
2011/05/01 17:56:27.0750 0596        Product type: Workstation
2011/05/01 17:56:27.0750 0596        ComputerName: ACER-AB842E1F73
2011/05/01 17:56:27.0750 0596        UserName: ***
2011/05/01 17:56:27.0750 0596        Windows directory: C:\WINDOWS
2011/05/01 17:56:27.0750 0596        System windows directory: C:\WINDOWS
2011/05/01 17:56:27.0750 0596        Processor architecture: Intel x86
2011/05/01 17:56:27.0750 0596        Number of processors: 2
2011/05/01 17:56:27.0750 0596        Page size: 0x1000
2011/05/01 17:56:27.0750 0596        Boot type: Normal boot
2011/05/01 17:56:27.0750 0596        ================================================================================
2011/05/01 17:56:28.0359 0596        Initialize success
2011/05/01 17:57:06.0421 1348        ================================================================================
2011/05/01 17:57:06.0421 1348        Scan started
2011/05/01 17:57:06.0421 1348        Mode: Manual;
2011/05/01 17:57:06.0421 1348        ================================================================================
2011/05/01 17:57:06.0937 1348        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/01 17:57:07.0015 1348        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/01 17:57:07.0046 1348        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/01 17:57:07.0171 1348        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/01 17:57:07.0250 1348        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/01 17:57:07.0343 1348        AFD            (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/01 17:57:07.0421 1348        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/01 17:57:07.0468 1348        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/01 17:57:07.0531 1348        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/01 17:57:07.0578 1348        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/01 17:57:07.0625 1348        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/01 17:57:07.0734 1348        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/01 17:57:07.0781 1348        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/01 17:57:07.0890 1348        Ambfilt        (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/05/01 17:57:08.0093 1348        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/01 17:57:08.0140 1348        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/01 17:57:08.0296 1348        AR5416          (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/05/01 17:57:08.0406 1348        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/01 17:57:08.0453 1348        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/01 17:57:08.0500 1348        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/01 17:57:08.0609 1348        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/01 17:57:08.0656 1348        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/01 17:57:08.0765 1348        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/01 17:57:08.0843 1348        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/01 17:57:09.0015 1348        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/05/01 17:57:09.0062 1348        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/01 17:57:09.0125 1348        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/01 17:57:09.0187 1348        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/01 17:57:09.0296 1348        btaudio        (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
2011/05/01 17:57:09.0437 1348        BTKRNL          (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/05/01 17:57:09.0562 1348        btwhid          (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/05/01 17:57:09.0656 1348        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/01 17:57:09.0687 1348        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/01 17:57:09.0750 1348        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/01 17:57:09.0796 1348        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/01 17:57:09.0843 1348        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/01 17:57:09.0921 1348        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/01 17:57:10.0000 1348        Cdrom          (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/01 17:57:10.0140 1348        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/01 17:57:10.0187 1348        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/01 17:57:10.0234 1348        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/01 17:57:10.0328 1348        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/01 17:57:10.0390 1348        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/01 17:57:10.0453 1348        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/01 17:57:10.0515 1348        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/01 17:57:10.0593 1348        DKbFltr        (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/05/01 17:57:10.0687 1348        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/01 17:57:10.0765 1348        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/01 17:57:10.0828 1348        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/01 17:57:10.0906 1348        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/01 17:57:11.0000 1348        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/01 17:57:11.0140 1348        DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/05/01 17:57:11.0171 1348        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/01 17:57:11.0265 1348        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/01 17:57:11.0390 1348        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/01 17:57:11.0437 1348        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/01 17:57:11.0468 1348        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/01 17:57:11.0531 1348        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/01 17:57:11.0593 1348        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/01 17:57:11.0656 1348        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/01 17:57:11.0718 1348        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/01 17:57:11.0796 1348        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/01 17:57:11.0890 1348        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/01 17:57:11.0984 1348        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/01 17:57:12.0062 1348        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/01 17:57:12.0125 1348        i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/01 17:57:12.0187 1348        i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/01 17:57:12.0250 1348        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/01 17:57:12.0562 1348        ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/01 17:57:12.0906 1348        iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/01 17:57:13.0000 1348        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/01 17:57:13.0140 1348        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/01 17:57:13.0531 1348        IntcAzAudAddService (3fa02c6e3e9ebe8523a2d4e51d0ece1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/01 17:57:13.0953 1348        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/01 17:57:14.0046 1348        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/01 17:57:14.0125 1348        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/01 17:57:14.0171 1348        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/01 17:57:14.0218 1348        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/01 17:57:14.0281 1348        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/01 17:57:14.0328 1348        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/01 17:57:14.0390 1348        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/01 17:57:14.0453 1348        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/01 17:57:14.0500 1348        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/01 17:57:14.0562 1348        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/01 17:57:14.0640 1348        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/01 17:57:14.0718 1348        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/01 17:57:14.0781 1348        L1c            (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/05/01 17:57:14.0984 1348        M3000Srv        (73fd60fda3ff60f0666e4614e93f0aaa) C:\WINDOWS\system32\Drivers\M3000KNT.sys
2011/05/01 17:57:15.0062 1348        massfilter      (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
2011/05/01 17:57:15.0156 1348        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/01 17:57:15.0250 1348        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/01 17:57:15.0359 1348        Monfilt        (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/05/01 17:57:15.0484 1348        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/01 17:57:15.0546 1348        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/01 17:57:15.0609 1348        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/01 17:57:15.0656 1348        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/01 17:57:15.0750 1348        MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/01 17:57:15.0859 1348        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/01 17:57:15.0937 1348        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/01 17:57:15.0968 1348        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/01 17:57:16.0015 1348        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/01 17:57:16.0078 1348        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/01 17:57:16.0109 1348        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/01 17:57:16.0156 1348        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/01 17:57:16.0234 1348        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/01 17:57:16.0281 1348        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/01 17:57:16.0359 1348        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/01 17:57:16.0421 1348        Ndisprot        (e94265636d893314463cb650e43c3eb5) C:\WINDOWS\system32\DRIVERS\ndisprot.sys
2011/05/01 17:57:16.0453 1348        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/01 17:57:16.0500 1348        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/01 17:57:16.0531 1348        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/01 17:57:16.0625 1348        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/01 17:57:16.0671 1348        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/01 17:57:16.0718 1348        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/01 17:57:16.0843 1348        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/01 17:57:16.0937 1348        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/01 17:57:17.0046 1348        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/01 17:57:17.0093 1348        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/01 17:57:17.0140 1348        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/01 17:57:17.0250 1348        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/01 17:57:17.0281 1348        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/01 17:57:17.0359 1348        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/01 17:57:17.0406 1348        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/01 17:57:17.0500 1348        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/01 17:57:17.0546 1348        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/01 17:57:17.0734 1348        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/01 17:57:17.0781 1348        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/01 17:57:17.0906 1348        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/01 17:57:17.0968 1348        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/01 17:57:18.0000 1348        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/01 17:57:18.0062 1348        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/01 17:57:18.0156 1348        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/01 17:57:18.0203 1348        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/01 17:57:18.0265 1348        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/01 17:57:18.0312 1348        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/01 17:57:18.0359 1348        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/01 17:57:18.0421 1348        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/01 17:57:18.0484 1348        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/01 17:57:18.0531 1348        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/01 17:57:18.0578 1348        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/01 17:57:18.0625 1348        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/01 17:57:18.0687 1348        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/01 17:57:18.0765 1348        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/01 17:57:18.0828 1348        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/01 17:57:18.0921 1348        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/01 17:57:19.0062 1348        RSUSBSTOR      (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2011/05/01 17:57:19.0234 1348        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/01 17:57:19.0312 1348        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/01 17:57:19.0406 1348        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/01 17:57:19.0515 1348        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/01 17:57:19.0562 1348        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/01 17:57:19.0625 1348        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/01 17:57:19.0703 1348        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/01 17:57:19.0765 1348        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/01 17:57:19.0859 1348        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/01 17:57:20.0015 1348        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/01 17:57:20.0093 1348        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/01 17:57:20.0156 1348        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/01 17:57:20.0187 1348        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/01 17:57:20.0250 1348        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/01 17:57:20.0328 1348        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/01 17:57:20.0375 1348        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/01 17:57:20.0406 1348        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/01 17:57:20.0500 1348        SynTP          (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/01 17:57:20.0546 1348        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/01 17:57:20.0671 1348        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/01 17:57:20.0765 1348        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/01 17:57:20.0796 1348        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/01 17:57:20.0859 1348        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/01 17:57:20.0937 1348        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/01 17:57:21.0000 1348        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/01 17:57:21.0078 1348        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/01 17:57:21.0140 1348        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/01 17:57:21.0281 1348        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/01 17:57:21.0375 1348        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/01 17:57:21.0406 1348        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/01 17:57:21.0484 1348        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/01 17:57:21.0531 1348        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/01 17:57:21.0593 1348        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/01 17:57:21.0656 1348        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/01 17:57:21.0718 1348        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/01 17:57:21.0765 1348        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/01 17:57:21.0828 1348        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/01 17:57:21.0937 1348        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/01 17:57:22.0015 1348        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/01 17:57:22.0203 1348        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/01 17:57:22.0328 1348        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/01 17:57:22.0453 1348        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/01 17:57:22.0515 1348        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/01 17:57:22.0578 1348        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/01 17:57:22.0734 1348        ZTEusbmdm6k    (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
2011/05/01 17:57:22.0796 1348        ZTEusbnmea      (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
2011/05/01 17:57:22.0843 1348        ZTEusbser6k    (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
2011/05/01 17:57:22.0984 1348        ================================================================================
2011/05/01 17:57:22.0984 1348        Scan finished
2011/05/01 17:57:22.0984 1348        ================================================================================

cosinus 01.05.2011 18:52
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Seb13 16.05.2011 14:27
Hallo!

hier nun endlich das logfile.
[/code]
Combofix Logfile:
Code:
ComboFix 11-05-15.04 - ** ** 16.05.2011  14:57:27.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1014.402 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\** **\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
D:\AUTORUN.INF
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-16 bis 2011-05-16  ))))))))))))))))))))))))))))))
.
.
2011-05-16 12:47 . 2011-05-16 12:47        --------        d-----w-        c:\programme\CCleaner
2011-05-07 10:03 . 2011-05-07 10:03        --------        d-----w-        c:\dokumente und einstellungen\** **\Anwendungsdaten\DVDVideoSoftIEHelpers
2011-05-07 10:03 . 2011-05-07 10:03        --------        d-----w-        c:\programme\Gemeinsame Dateien\Plasmoo
2011-05-07 10:03 . 2011-05-07 10:04        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft
2011-05-07 10:03 . 2011-05-07 10:03        --------        d-----w-        c:\programme\DVDVideoSoft
2011-05-06 22:24 . 2011-05-06 22:24        781272        ----a-w-        c:\programme\Mozilla Firefox\mozsqlite3.dll
2011-05-06 22:24 . 2011-05-06 22:24        1874904        ----a-w-        c:\programme\Mozilla Firefox\mozjs.dll
2011-05-06 22:24 . 2011-05-06 22:24        89048        ----a-w-        c:\programme\Mozilla Firefox\libEGL.dll
2011-05-06 22:24 . 2011-05-06 22:24        465880        ----a-w-        c:\programme\Mozilla Firefox\libGLESv2.dll
2011-05-06 22:24 . 2011-05-06 22:24        15832        ----a-w-        c:\programme\Mozilla Firefox\mozalloc.dll
2011-05-06 22:24 . 2011-05-06 22:24        1892184        ----a-w-        c:\programme\Mozilla Firefox\d3dx9_42.dll
2011-05-06 22:24 . 2011-05-06 22:24        142296        ----a-w-        c:\programme\Mozilla Firefox\components\browsercomps.dll
2011-05-06 22:24 . 2011-05-06 22:24        1974616        ----a-w-        c:\programme\Mozilla Firefox\D3DCompiler_42.dll
2011-04-28 14:51 . 2011-04-28 14:51        --------        d-----w-        C:\_OTL
2011-04-28 14:47 . 2011-04-28 14:47        --------        d-----w-        c:\dokumente und einstellungen\** **\Anwendungsdaten\Malwarebytes
2011-04-24 16:35 . 2011-04-28 15:35        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-04-24 15:40 . 2011-04-24 15:40        --------        d-----w-        c:\dokumente und einstellungen\** **\Anwendungsdaten\Malwarebytes
2011-04-24 15:39 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-24 15:39 . 2011-04-24 15:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-04-24 15:39 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-21 17:46 . 2011-04-21 17:46        --------        d-----w-        c:\windows\system32\NtmsData
2011-04-21 17:45 . 2011-04-21 17:45        --------        d-----w-        c:\dokumente und einstellungen\** **\Anwendungsdaten\Avira
2011-04-21 17:45 . 2011-04-21 17:45        --------        d-----w-        c:\dokumente und einstellungen\** **\Lokale Einstellungen\Anwendungsdaten\PDF24
2011-04-21 15:38 . 2011-04-21 15:38        --------        d-----w-        c:\dokumente und einstellungen\** **\Anwendungsdaten\Avira
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 07:00 . 2010-05-15 11:18        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2009-08-01 15:51        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2009-08-02 01:33        420864        ----a-w-        c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2009-08-02 01:33        1858048        ----a-w-        c:\windows\system32\win32k.sys
2011-02-22 23:05 . 2009-08-02 01:33        916480        ----a-w-        c:\windows\system32\wininet.dll
2011-02-22 23:05 . 2009-08-02 01:32        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-02-22 23:05 . 2009-08-02 01:32        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2009-08-02 01:32        385024        ----a-w-        c:\windows\system32\html.iec
2011-02-17 13:18 . 2009-08-02 01:32        455936        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2009-08-02 01:33        357888        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll
2010-05-15 11:24 . 2010-05-15 11:24        8188856        ----a-w-        c:\programme\Firefox_Setup_3.6.3.exe
2010-05-15 11:17 . 2010-05-15 11:17        44151368        ----a-w-        c:\programme\avira_antivir_personal_de1000567.exe
2011-05-06 22:24 . 2011-05-06 22:24        142296        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\programme\Acer\WR_PopUp\ProductReg.exe" [2009-04-15 135168]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-07 39408]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\programme\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-01 24064]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"iSyncData"="c:\programme\Acer\Android Manager\iSync.exe" [2009-09-16 393320]
"iPatchData"="c:\programme\Acer\Updater\iUpdate.exe" [2009-09-09 487016]
"AndroidManager"="c:\programme\Acer\Android Manager\AML.exe" [2009-08-16 505960]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"UIExec"="c:\programme\Mobile Partner Manager\UIExec.exe" [2010-01-13 133120]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2010-07-12 74752]
"PDFPrint"="c:\programme\pdf24\pdf24.exe" [2011-02-01 220552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\** **\Startmen\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Acer VCM.lnk - c:\programme\Acer\Acer VCM\AcerVCM.exe [2009-8-1 565248]
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R1 Ndisprot;GreenPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [29.05.2010 16:59 21504]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.05.2010 13:18 136360]
R2 RS_Service;Raw Socket Service;c:\programme\Acer\Acer VCM\RS_Service.exe [01.08.2009 20:32 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [02.08.2009 03:33 38912]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [16.12.2009 16:13 145152]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [15.05.2010 13:27 135664]
S2 UI Assistant Service;UI Assistant Service;c:\programme\Mobile Partner Manager\AssistantServices.exe [29.05.2010 16:59 247296]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.08.2009 19:46 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [01.08.2009 19:47 24064]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [15.05.2010 13:27 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [29.05.2010 16:59 9216]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [01.08.2009 19:41 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-05-15 11:27]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-05-15 11:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\** **\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\dokumente und einstellungen\** **\Anwendungsdaten\Mozilla\Firefox\Profiles\mfv14asg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-16 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Windows Media Player\WMPNetwk.exe
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-16  15:17:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-16 13:17
.
Vor Suchlauf: 15 Verzeichnis(se), 24.198.389.760 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 24.234.389.504 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8EC9B78C87031CD94BD97DB084164C77
--- --- ---
[code]

bis hierhin schon mal vielen Dank für Deine Unterstüzung.
Was meinst Du? Computer desinfiziert?
Gibt es eine gute Schutzsoftware, die Du empfehlen würdest? Hab Postives über "Secunia" und "Update Checker" gelesen.

vg
Sebastian

cosinus 16.05.2011 14:40
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Seb13 16.05.2011 16:29
bitte schön
[/code]
GMER Logfile:
GMER Logfile:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-16 16:59:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0
Running: 8fxhnsnw.exe; Driver: C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\kwaoyaoc.sys


---- System - GMER 1.0.15 ----

SSDT            9CD274D6                                    ZwCreateKey
SSDT            9CD274CC                                    ZwCreateThread
SSDT            9CD274DB                                    ZwDeleteKey
SSDT            9CD274E5                                    ZwDeleteValueKey
SSDT            9CD274EA                                    ZwLoadKey
SSDT            9CD274B8                                    ZwOpenProcess
SSDT            9CD274BD                                    ZwOpenThread
SSDT            9CD274F4                                    ZwReplaceKey
SSDT            9CD274EF                                    ZwRestoreKey
SSDT            9CD274E0                                    ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwYieldExecution + 1FE        804E4A58 4 Bytes  JMP E69CD274
?              C:\cofi\catchme.sys                        Das System kann den angegebenen Pfad nicht finden. !
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0    wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1    wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                    fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

--- --- ---


[/code]
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:15:19 on 16.05.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"GreenPacket NDIS Protocol Driver" (Ndisprot) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\ndisprot.sys
"kwaoyaoc" (kwaoyaoc) - ? - C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\kwaoyaoc.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Realtek IR Driver" (Rts516xIR) - ? - C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys  (File not found)
"Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"Zune Bus Enumerator Driver" (zumbus) - ? - C:\WINDOWS\System32\DRIVERS\zumbus.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\Programme\Acer\Acer VCM\Skype4COM.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\BTNEIG~1.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Acer VCM.lnk" - "Acer Incorporated" - C:\Programme\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\** **\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ProductReg" - "Acer" - C:\Programme\Acer\WR_PopUp\ProductReg.exe
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AndroidManager" - ? - C:\Programme\Acer\Android Manager\AML.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"AzMixerSel" - "Realtek Semiconductor Corp." - C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe
"Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"IAAnotif" - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iPatchData" - "Insyde Software Corp." - C:\Programme\Acer\Updater\iUpdate.exe
"iSyncData" - "Insyde Software Corp." - C:\Programme\Acer\Android Manager\iSync.exe
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"PDFPrint" - "Geek Software GmbH" - C:\Programme\pdf24\pdf24.exe
"PLFSetI" - ? - C:\WINDOWS\PLFSetI.exe
"UIExec" - ? - "C:\Programme\Mobile Partner Manager\UIExec.exe"  (File found, but it contains no detailed information)
"WinampAgent" - "Nullsoft, Inc." - C:\Programme\Winamp\winampa.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Google Desktop Manager 5.7.808.7150" (GoogleDesktopManager-080708-050100) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Programme\Acer\Acer VCM\RS_Service.exe
"UI Assistant Service" (UI Assistant Service) - ? - C:\Programme\Mobile Partner Manager\AssistantServices.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Acer" - C:\WINDOWS\system32\Acer.scr
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0xF7B3D000 \WINDOWS\system32\KDCOM.DLL
0xF7A4D000 \WINDOWS\system32\BOOTVID.dll
0xF75ED000 ACPI.sys
0xF7B3F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75DC000 pci.sys
0xF763D000 isapnp.sys
0xF7A51000 compbatt.sys
0xF7A55000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C05000 pciide.sys
0xF78BD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF764D000 MountMgr.sys
0xF75BD000 ftdisk.sys
0xF78C5000 PartMgr.sys
0xF7A59000 ACPIEC.sys
0xF7C06000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF765D000 VolSnap.sys
0xF75A5000 atapi.sys
0xF74D7000 iaStor.sys
0xF766D000 disk.sys
0xF767D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74B7000 fltMgr.sys
0xF74A5000 sr.sys
0xF768D000 PxHelp20.sys
0xF748E000 KSecDD.sys
0xF7401000 Ntfs.sys
0xF73D4000 NDIS.sys
0xF73BA000 Mup.sys
0xF76AD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5B3C000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5B28000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5B00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF76BD000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
0xF7935000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF595B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF793D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF72EC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF76CD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7945000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF794D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF592A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B6B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76DD000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF58B9000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF7955000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF72E8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF57C8000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7C48000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76ED000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF72E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF57B1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76FD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF770D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF795D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF57A0000 \SystemRoot\system32\DRIVERS\psched.sys
0xF771D000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7965000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF796D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF772D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B6D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF577D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF571F000 \SystemRoot\system32\DRIVERS\update.sys
0xF72D4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF622B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF789D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA857A000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA8556000 \SystemRoot\system32\drivers\portcls.sys
0xF78AD000 \SystemRoot\system32\drivers\drmk.sys
0xA7FCB000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7C03000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA2086000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B41000 \SystemRoot\System32\Drivers\Beep.SYS
0xA277A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA2772000 \SystemRoot\System32\drivers\vga.sys
0xF7B43000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B45000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA276A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA1DF9000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA7FC3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA1662000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA1609000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA15E1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA15BB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA1DF1000 \SystemRoot\system32\DRIVERS\ndisprot.sys
0xA1599000 \SystemRoot\System32\drivers\afd.sys
0xA24CC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA1DE9000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA156E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA14FE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA396B000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0xA249C000 \SystemRoot\System32\Drivers\Fips.SYS
0xA14DA000 \SystemRoot\System32\Drivers\M3000KNT.sys
0xA248C000 \SystemRoot\System32\Drivers\STREAM.SYS
0xA14B4000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7BFD000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0x9C1D0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9B600000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9B532000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9C4E6000 \SystemRoot\System32\drivers\Dxapi.sys
0x9BDBB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBF47A000 \SystemRoot\System32\ATMFD.DLL
0x9B51D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA8532000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B4F0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9B437000 \SystemRoot\System32\Drivers\HTTP.sys
0x9B3B7000 \SystemRoot\system32\DRIVERS\srv.sys
0x9B1E2000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9F2E000 \SystemRoot\system32\drivers\sysaudio.sys
0xA18F2000 \??\C:\cofi\catchme.sys
0x9BE28000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x99742000 \??\C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\kwaoyaoc.sys
0x99717000 \SystemRoot\system32\drivers\kmixer.sys
0x99596000 \SystemRoot\system32\DRIVERS\athw.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
700 C:\WINDOWS\system32\smss.exe
756 csrss.exe
780 C:\WINDOWS\system32\winlogon.exe
824 C:\WINDOWS\system32\services.exe
836 C:\WINDOWS\system32\lsass.exe
1020 C:\WINDOWS\system32\svchost.exe
1088 svchost.exe
1128 C:\WINDOWS\system32\svchost.exe
1216 svchost.exe
1260 svchost.exe
1504 C:\WINDOWS\system32\spoolsv.exe
1552 C:\Programme\Avira\AntiVir Desktop\sched.exe
1592 svchost.exe
1648 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1764 C:\WINDOWS\system32\svchost.exe
1780 C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1836 C:\Programme\Acer\Acer VCM\RS_Service.exe
1948 C:\WINDOWS\system32\svchost.exe
144 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
472 wmpnetwk.exe
2348 C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2392 C:\WINDOWS\system32\wscntfy.exe
3148 alg.exe
3972 C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4016 C:\PROGRA~1\LAUNCH~1\LManager.exe
4032 C:\WINDOWS\system32\igfxtray.exe
4044 C:\WINDOWS\system32\hkcmd.exe
4060 C:\WINDOWS\system32\igfxpers.exe
532 C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
564 C:\WINDOWS\system32\igfxsrvc.exe
1320 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
1380 C:\WINDOWS\RTHDCPL.EXE
2104 C:\Programme\Acer\Updater\iUpdate.exe
2124 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2216 C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
1372 C:\Programme\Winamp\winampa.exe
1304 C:\Programme\pdf24\pdf24.exe
2448 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1424 C:\Programme\Windows Media Player\wmpnscfg.exe
2724 C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
2768 C:\WINDOWS\system32\igfxext.exe
2848 C:\Programme\OpenOffice.org 3\program\soffice.exe
2928 C:\Programme\OpenOffice.org 3\program\soffice.bin
3332 C:\WINDOWS\explorer.exe
1432 C:\WINDOWS\system32\ctfmon.exe
3004 C:\Programme\Mozilla Firefox\firefox.exe
3048 C:\Dokumente und Einstellungen\** **\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000024`40500000 (FAT32)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
[code]

cosinus 16.05.2011 20:36
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Seb13 17.05.2011 16:21
neuer Tag, neue Logs.

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6598

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.05.2011 17:16:50
mbam-log-2011-05-17 (17-16-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 221849
Laufzeit: 1 Stunde(n), 6 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 05/17/2011 bei 01:45 AM

Version der Applikation : 4.52.1000

Version der Kern-Datenbank : 7068
Version der Spur-Datenbank : 4880

Scan Art      : kompletter Scann
Totale Scann-Zeit : 01:56:48

Gescannte Speicherelemente  : 594
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 7360
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 69785
Erfasste Datei-Elemente  : 0


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:11 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131