Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.10.2010, 16:56   #1
Schinzer
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Hallo zusammen!

Ich habe vor ein paar Tagen völlig unvermittelt ohne Vorwarnung auf einmal mehrere Virusmeldungen bekommen (War immer der gleiche Trojaner, habe leider nichts mitgeschrieben). Ab diesem Zeitpunkt stürzt der Windows Explorer immer wieder nach kurzer Zeit ab, der abgesicherte Modus läuft aber noch hervorrgand.
Ich habe natürlich probiert, die Datei zu löschen, aber direkt danach kam die Meldung von Antivir wieder.
Beim nächsten Mal im normalen Modus kamen noch zwei andere Virenmeldungen, die aus der Überschrift oben und Folgende: TR/FakeAV.n/v in C:/Users/***/AppData/Local/Temp/yjcmuyj.exe

Ich habe jetzt die Load.exe-Datei aus dem Tutorial ausgeführt und mit Malwarebytes und OTL einen Check ausgeführt.

Vielen Dank schonmal, unten Folgenden sind die Log-Dateien des Checks!

Gruß, Tim


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4974

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

28.10.2010 16:44:57
mbam-log-2010-10-28 (16-44-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 137034
Laufzeit: 5 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jveji (Trojan.Hiloti) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Tim\AppData\Local\I3atan.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Tim\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.



OTL (1)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.10.2010 17:32:20 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Tim\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 82,86 Gb Free Space | 57,42% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 127,63 Gb Free Space | 88,61% Space Free | Partition Type: NTFS
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tim\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Tim\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\Windows\System32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "bild.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.8
FF - prefs.js..extensions.enabledItems: smoothlyclosetabs@gmail.com:1.3.2
FF - prefs.js..extensions.enabledItems: {1519200d-6633-40c9-a9a1-d60d8d1d0479}:1.0.2
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.12304
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.03.05 00:14:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 13:47:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox\components [2010.09.19 12:59:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox\plugins [2010.10.17 14:36:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Programme\Internet\Mozilla Thunderbird\plugins [2010.10.17 14:36:39 | 000,000,000 | ---D | M]
 
[2008.09.20 15:32:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions
[2010.10.28 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions
[2010.09.06 23:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.09.06 23:49:42 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.09.07 00:57:15 | 000,000,000 | ---D | M] (FaceTweak) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{1519200d-6633-40c9-a9a1-d60d8d1d0479}
[2010.06.24 23:50:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.07 00:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.09.06 23:34:22 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010.09.06 23:34:22 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010.09.11 01:26:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.06 22:58:03 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009.08.07 01:21:26 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\moveplayer@movenetworks.com
[2010.09.06 23:49:42 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\smoothlyclosetabs@gmail.com
[2010.10.13 22:48:27 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\toolbar@ask.com
[2010.10.28 16:33:00 | 000,000,950 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\FireFox\Profiles\if4ijrnv.default\searchplugins\icqplugin-1.xml
[2010.09.02 02:33:46 | 000,001,056 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\FireFox\Profiles\if4ijrnv.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tim\Pictures\♥\Unbenannt.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tim\Pictures\♥\Unbenannt.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{089c3af6-0c56-11dd-9f55-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{089c3af6-0c56-11dd-9f55-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- File not found
O33 - MountPoints2\{70def4b5-2d08-11df-a2d1-001e101fa6db}\Shell - "" = AutoRun
O33 - MountPoints2\{70def4b5-2d08-11df-a2d1-001e101fa6db}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{7bb606ba-287a-11df-a99b-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{7bb606ba-287a-11df-a99b-001e101f21c1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cbbcafa5-2a0a-11df-af5d-001b38dc6472}\Shell - "" = AutoRun
O33 - MountPoints2\{cbbcafa5-2a0a-11df-af5d-001b38dc6472}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d369dbca-222b-11df-b8c6-001b38dc6472}\Shell - "" = AutoRun
O33 - MountPoints2\{d369dbca-222b-11df-b8c6-001b38dc6472}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{d369dc09-222b-11df-b8c6-001e101f4ec0}\Shell - "" = AutoRun
O33 - MountPoints2\{d369dc09-222b-11df-b8c6-001e101f4ec0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.28 16:32:24 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
[2010.10.28 16:32:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.28 16:32:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.28 16:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.10.28 16:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.28 16:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.10.28 16:31:20 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\MFTools
[2010.10.20 17:40:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DVDVideoSoft
[2010.10.19 00:42:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.10.19 00:42:09 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.10.17 14:36:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.13 22:57:13 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.13 22:56:56 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.13 22:56:46 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.13 22:56:45 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.13 22:56:45 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.13 22:56:41 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.13 22:56:40 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.13 22:56:39 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.13 22:56:32 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.13 22:56:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.13 22:56:30 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.10.13 22:56:30 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.13 22:56:30 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.10.13 18:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson USB
[2010.10.13 18:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010.10.13 18:33:06 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\MyPhoneExplorer
[2010.10.13 18:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
[2010.09.29 17:35:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008.04.17 10:25:54 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.04.17 10:25:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.28 17:33:06 | 000,001,356 | ---- | M] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat
[2010.10.28 16:54:27 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\degurenc.sys
[2010.10.28 16:32:20 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.28 16:31:51 | 000,286,404 | ---- | M] () -- C:\Users\Tim\Desktop\Gmer.zip
[2010.10.28 16:31:51 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\defogger.exe
[2010.10.28 16:26:36 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.28 16:26:36 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.28 16:26:36 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.28 16:26:36 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.28 16:21:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.24 02:20:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3E9B3653-6A42-4752-8B40-24CD622C6FEF}.job
[2010.10.24 02:00:02 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.10.24 01:44:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.24 01:40:12 | 000,027,649 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\nvModes.001
[2010.10.24 01:39:24 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.24 01:37:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.24 01:37:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.19 22:54:05 | 000,000,176 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\35649.bat
[2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.18 22:51:35 | 000,027,649 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\nvModes.dat
[2010.10.17 14:36:39 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.10.16 02:48:53 | 000,310,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.16 02:46:54 | 399,941,998 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.13 18:32:59 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
 
========== Files Created - No Company Name ==========
 
[2010.10.28 16:54:27 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\degurenc.sys
[2010.10.28 16:32:20 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.28 16:31:37 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\defogger.exe
[2010.10.28 16:31:27 | 000,286,404 | ---- | C] () -- C:\Users\Tim\Desktop\Gmer.zip
[2010.10.19 22:54:05 | 000,000,176 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\35649.bat
[2010.10.18 15:58:13 | 031,751,295 | ---- | C] () -- C:\Users\Tim\Desktop\Caught between Cultures - deutsche Interpretationshilfe.pdf
[2010.10.13 18:32:59 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2009.11.18 00:43:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.21 13:52:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.26 14:28:18 | 000,001,356 | ---- | C] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat
[2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.05.06 12:11:40 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.10.15 17:37:28 | 000,017,089 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\UserTile.png
[2008.09.21 18:00:18 | 000,020,480 | ---- | C] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.20 16:17:37 | 000,000,590 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\wklnhst.dat
[2008.09.20 16:14:27 | 000,027,649 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\nvModes.001
[2008.09.20 16:10:18 | 000,027,649 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\nvModes.dat
[2008.04.17 19:56:22 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008.04.17 19:56:22 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008.04.17 10:25:54 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2008.04.17 10:25:54 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2008.04.17 10:25:53 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2008.04.17 10:25:06 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.04.04 04:59:21 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008.04.04 02:30:51 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.04.04 02:30:51 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.04.04 02:30:51 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2008.04.03 18:31:05 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.04.03 18:30:15 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008.04.03 18:04:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:96F344DB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54

< End of report >
         
--- --- ---

OTL (2)OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.10.2010 17:32:20 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Tim\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 82,86 Gb Free Space | 57,42% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 127,63 Gb Free Space | 88,61% Space Free | Partition Type: NTFS
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04424D3E-26DC-4100-BDC2-AB81181A02E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{127170F4-3212-44DE-8E9F-F91668AA79AD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2B8EEBE0-C5BF-4FBE-85CF-C7D92C5E6416}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2D7C85A2-93DE-4C68-8980-462827943E9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{34C2309C-9E84-4250-9860-D3A6E1B6C2C8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5025C82E-9504-41F8-9177-D38A84C747D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5F437FF0-1FFA-4409-8A14-57C916D3FD2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{617FF964-AF06-49CF-9ADF-33328D633BED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{86623BFA-7636-441C-8A3A-12EF55E8CDA0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8AC308E3-619C-4C5F-920D-05D99ED5A24A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8FF4AB6F-5183-4E6B-9DF8-7B2DDEB73B0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{91C67A50-7B7A-4901-AF42-FEF59E654876}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{98BF685D-21D2-4164-B29F-75FA9F84EE79}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99775CF4-B44D-4415-8F15-A066CCF0172C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A79EEAE7-5508-4717-A706-B474FACF3F55}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C9F05AA2-5677-4391-8E3C-0A1B768A2A38}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CC5F96FD-E52B-484F-ACED-BBE26C0BA8F2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DE4B0D92-CD41-440A-97DE-79A7FDE05C3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E5978E47-733F-4AAB-A96D-D1BF10E22AE5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E69DC94C-95E1-4049-8B89-8D6880240E4A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EF2481A1-9A59-4993-9832-5035FCF73401}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053D08E9-74EB-4DAC-A670-859A5C43C87F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{0E1B2322-6A6F-4317-9F65-876AAA655361}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{155E7525-7923-471F-BE0E-0ABFF4732E0B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1754F4CE-AB9C-44CF-ADFD-0B472D94A293}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{269B2AAA-6E7A-42C6-9238-CB52627AFF17}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{2761229A-A4E7-4BBE-8210-EF57D00B0208}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4306A98E-46FF-4B40-A1D5-667F18AE8C1F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{509CF9D2-06ED-4AEE-87BC-AE597887598D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{542089DA-11DE-40A7-B9F1-00EBADDBBF8C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{59524373-2A69-4D0F-B283-502B7C710B7C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5A2F9BB5-B60A-493A-A47E-F31CE977710D}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{62480488-6209-4DBA-8B9F-260EFD503E91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{66AC6430-61CE-430D-B2C6-E61C5AB10395}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{66D57415-973D-4A22-BD49-0101E455C3D0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{730131B2-0567-495E-B8F4-D77D301250CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7313303E-A7F6-4926-89B0-1B318AACEDB4}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"{7CDDE2CB-8380-4513-8CB9-14EDD8A325A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E016597-150C-4A00-900E-9F9E0C42B10A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{7EEB33DA-1EE3-486C-85C3-957861B88B0E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{807330B4-0CED-4D02-A17E-544E8F5D4C62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80DACF09-E089-4C2C-880A-2013E6A7B30B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8FD2664C-8968-4A6C-A619-442A225DBFBA}" = protocol=6 | dir=out | app=system | 
"{96336028-65F8-44A1-B498-D969985250B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{99A137CD-FB8D-41A7-8455-E9E34ADC43F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1C952DB-615F-4BB1-A6A4-0D594EEB10C4}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{A4BD15F6-DCFF-479E-BFBD-4B566227021F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AA7B8E2F-E2C5-4FC8-BA02-6EA913E70638}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B1C48CE5-AD61-464B-A57F-C2213B6ABBF7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B32838D0-6135-480C-AB86-6E4328055058}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B501C151-4ACE-4EB1-95A9-323A87664AD3}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{B9869C4F-EB32-4497-BA76-886AF670B58B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BB92EBFB-C25E-4940-851F-EF599F26D9A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BBE6FFD1-9404-43DC-AF05-93C8AB453BB9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{BC7C8535-1F24-45EA-8D98-CE923B97F5D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD62F6FA-544C-4441-8FD1-0725F2A63D37}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{CDA041B1-F8CE-4F23-9CF7-0B4C47F39413}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{D1770D8D-FCF1-48C6-B032-A862E8A9A19C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D3A3C939-2E6D-4ACF-9706-91945922BD5D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{D48214ED-B1FC-4051-8EF1-2663B89F7DDF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E3C5FCB3-1700-42AA-A1D3-C0F0FED9FBA5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F4D69C2D-786C-4014-A3D7-24F1D2B72A55}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F906BE4F-297F-446D-8929-E01C4CD243ED}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F9582830-238E-4271-B776-140BB1108A27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE3C59F8-58AF-4DBD-B817-AF20FA258532}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{02C3BCC8-1054-4B92-8691-797471C79552}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe | 
"TCP Query User{0F72E5D2-62E5-4513-8F55-A11F2D6E9578}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{93F42450-A328-48CD-8EBA-D83387A924D7}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{A1C0E194-D92F-4ED7-A355-9BE1F8BFD19F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{D0318364-D5ED-4DE7-9F13-BC9A6BF92DBC}D:\blobby.volley\volley.exe" = protocol=6 | dir=in | app=d:\blobby.volley\volley.exe | 
"UDP Query User{1C824040-32C7-4E2C-9444-ED45609814E3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{7CB619D1-27FC-422B-A94C-DE63052C18F1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{BA4249AB-D53C-4205-B397-9C449357D03B}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe | 
"UDP Query User{D3F3FEE6-FD62-4A81-B5FE-80F38AFCD138}D:\blobby.volley\volley.exe" = protocol=17 | dir=in | app=d:\blobby.volley\volley.exe | 
"UDP Query User{DA3E74DA-70BB-496B-9FDD-7A86C13653F7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DFB5612F-AF7E-4CB3-00AB-3C0CD2520B29}" = FUSSBALL MANAGER 06
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Photo Commander 6_is1" = Ashampoo Photo Commander 6.40
"AutoHotkey" = AutoHotkey 1.0.47.06
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Disc Burner_is1" = Free Disc Burner version 2.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Tunatic" = Tunatic
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"dfe95292edf57fac" = MiniPLan
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.09.2010 11:54:13 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8315
 
Error - 09.09.2010 11:54:14 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.09.2010 11:54:14 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9360
 
Error - 09.09.2010 11:54:14 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9360
 
Error - 09.09.2010 11:54:15 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.09.2010 11:54:15 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10374
 
Error - 09.09.2010 11:54:15 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10374
 
Error - 09.09.2010 11:54:16 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.09.2010 11:54:16 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11373
 
Error - 09.09.2010 11:54:16 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11373
 
[ System Events ]
Error - 21.10.2010 11:07:13 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.10.2010 19:37:36 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2010 20:03:31 | Computer Name = Tim-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.10.2010 10:21:38 | Computer Name = Tim-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 24.10.2010 um 02:23:08 unerwartet heruntergefahren.
 
Error - 28.10.2010 10:22:10 | Computer Name = Tim-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.10.2010 10:22:17 | Computer Name = Tim-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.10.2010 10:22:20 | Computer Name = Tim-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.10.2010 10:22:21 | Computer Name = Tim-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.10.2010 10:22:26 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 28.10.2010 10:22:26 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von Schinzer (28.10.2010 um 17:35 Uhr)

Alt 28.10.2010, 22:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________

__________________

Alt 28.10.2010, 23:36   #3
Schinzer
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Hallo!

Hier das Ergebnis des Vollscans:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4974

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

28.10.2010 23:34:03
mbam-log-2010-10-28 (23-34-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 258540
Laufzeit: 1 Stunde(n), 10 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jveji (Trojan.Agent.U) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Gruß,

Tim
__________________

Alt 29.10.2010, 13:19   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O33 - MountPoints2\{089c3af6-0c56-11dd-9f55-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{089c3af6-0c56-11dd-9f55-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- File not found
O33 - MountPoints2\{70def4b5-2d08-11df-a2d1-001e101fa6db}\Shell - "" = AutoRun
O33 - MountPoints2\{70def4b5-2d08-11df-a2d1-001e101fa6db}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{7bb606ba-287a-11df-a99b-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{7bb606ba-287a-11df-a99b-001e101f21c1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cbbcafa5-2a0a-11df-af5d-001b38dc6472}\Shell - "" = AutoRun
O33 - MountPoints2\{cbbcafa5-2a0a-11df-af5d-001b38dc6472}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d369dbca-222b-11df-b8c6-001b38dc6472}\Shell - "" = AutoRun
O33 - MountPoints2\{d369dbca-222b-11df-b8c6-001b38dc6472}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{d369dc09-222b-11df-b8c6-001e101f4ec0}\Shell - "" = AutoRun
O33 - MountPoints2\{d369dc09-222b-11df-b8c6-001e101f4ec0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
[2010.10.19 00:42:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.10.19 00:42:09 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.10.28 16:54:27 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\degurenc.sys
[2010.10.19 22:54:05 | 000,000,176 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\35649.bat
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:96F344DB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.10.2010, 16:31   #5
Schinzer
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Hat alles geklappt, Rechner ist neu gestartet worden. Er läuft jetzt auch schon wieder stabil und ohne Virusmeldungen im normalen Modus.

Log von Fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{089c3af6-0c56-11dd-9f55-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{089c3af6-0c56-11dd-9f55-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{089c3af6-0c56-11dd-9f55-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{089c3af6-0c56-11dd-9f55-806e6f6e6963}\ not found.
File move failed. E:\Install.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70def4b5-2d08-11df-a2d1-001e101fa6db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70def4b5-2d08-11df-a2d1-001e101fa6db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70def4b5-2d08-11df-a2d1-001e101fa6db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70def4b5-2d08-11df-a2d1-001e101fa6db}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bb606ba-287a-11df-a99b-001e101f21c1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bb606ba-287a-11df-a99b-001e101f21c1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bb606ba-287a-11df-a99b-001e101f21c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bb606ba-287a-11df-a99b-001e101f21c1}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbbcafa5-2a0a-11df-af5d-001b38dc6472}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbbcafa5-2a0a-11df-af5d-001b38dc6472}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbbcafa5-2a0a-11df-af5d-001b38dc6472}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbbcafa5-2a0a-11df-af5d-001b38dc6472}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d369dbca-222b-11df-b8c6-001b38dc6472}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d369dbca-222b-11df-b8c6-001b38dc6472}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d369dbca-222b-11df-b8c6-001b38dc6472}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d369dbca-222b-11df-b8c6-001b38dc6472}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d369dc09-222b-11df-b8c6-001e101f4ec0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d369dc09-222b-11df-b8c6-001e101f4ec0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d369dc09-222b-11df-b8c6-001e101f4ec0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d369dc09-222b-11df-b8c6-001e101f4ec0}\ not found.
File F:\setup_vmc_lite.exe not found.
C:\Users\Public\Documents\Windows folder moved successfully.
C:\Users\Public\Documents\Server folder moved successfully.
File C:\Windows\System32\drivers\degurenc.sys not found.
C:\Users\Tim\AppData\Roaming\35649.bat moved successfully.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:96F344DB deleted successfully.
ADS C:\ProgramData\TEMP:2B99FE60 deleted successfully.
ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tim
->Temp folder emptied: 450110 bytes
->Temporary Internet Files folder emptied: 1116111 bytes
->Java cache emptied: 7140 bytes
->FireFox cache emptied: 73915092 bytes
->Flash cache emptied: 1544 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 532778 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 73,00 mb
 
 
OTL by OldTimer - Version 3.2.17.1 log created on 10292010_162300

Files\Folders moved on Reboot...
File move failed. E:\Install.exe scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000001A8C9DA1ABD609234E not found!

Registry entries deleted on Reboot...
         


Alt 30.10.2010, 21:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere

Alt 31.10.2010, 11:24   #7
Schinzer
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Guten Morgen!

CCleaner ausgeführt und alles bereinigen lassen, anbei der Log von Combofix.

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-10-30.01 - Tim 31.10.2010  11:10:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1537 [GMT 1:00]
ausgeführt von:: c:\users\Tim\Desktop\cofi.exe.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera 
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk
c:\users\Tim\AppData\Roaming\.#
c:\users\Tim\AppData\Roaming\.#\MBX@130C@17B2990.###
c:\users\Tim\AppData\Roaming\.#\MBX@130C@17B29C0.###
c:\users\Tim\AppData\Roaming\.#\MBX@130C@17B29F0.###
c:\users\Tim\AppData\Roaming\.#\MBX@4FC@17B2990.###
c:\users\Tim\AppData\Roaming\.#\MBX@4FC@17B29C0.###
c:\users\Tim\AppData\Roaming\.#\MBX@4FC@17B29F0.###
c:\windows\system32\spool\prtprocs\w32x86\CNMPP87.DLL

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-28 bis 2010-10-31  ))))))))))))))))))))))))))))))
.

2010-10-31 10:19 . 2010-10-31 10:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-31 10:05 . 2010-10-31 10:05	--------	d-----w-	c:\program files\CCleaner
2010-10-30 18:15 . 2010-10-30 18:15	--------	d-----w-	c:\users\Tim\AppData\Roaming\QipGuard
2010-10-30 18:15 . 2010-10-30 18:15	--------	d-----w-	c:\users\Tim\AppData\Roaming\QIP
2010-10-30 18:15 . 2010-10-25 16:01	149968	----a-w-	c:\users\Tim\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2010-10-30 18:15 . 2010-10-30 18:15	--------	d-----w-	c:\program files\QIP 2010
2010-10-30 00:14 . 2010-10-07 23:21	6146896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A3EF50A-F1ED-4B79-8E2A-2954E4F5297D}\mpengine.dll
2010-10-29 14:23 . 2010-10-29 14:23	--------	d-----w-	C:\_OTL
2010-10-28 20:33 . 2010-10-28 20:33	--------	d-----w-	c:\programdata\WindowsSearch
2010-10-28 20:18 . 2010-08-26 16:34	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-10-28 20:18 . 2010-08-26 16:33	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-10-28 20:18 . 2010-08-26 14:23	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-28 14:32 . 2010-10-28 14:45	--------	d-----w-	c:\users\Tim\AppData\Roaming\Malwarebytes
2010-10-28 14:32 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 14:32 . 2010-10-28 14:32	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-10-28 14:32 . 2010-10-28 14:32	--------	d-----w-	c:\programdata\Malwarebytes
2010-10-28 14:32 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-28 14:31 . 2010-10-28 14:31	--------	d-----w-	c:\program files\7-Zip
2010-10-20 15:40 . 2010-10-20 15:40	--------	d-----w-	c:\users\Tim\AppData\Roaming\DVDVideoSoft
2010-10-13 20:57 . 2010-09-13 13:56	168960	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 20:57 . 2010-09-13 13:56	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2010-10-13 16:43 . 2010-10-13 17:14	--------	d-----w-	c:\program files\Sony Ericsson USB
2010-10-13 16:33 . 2010-10-13 17:13	--------	d-----w-	c:\users\Tim\AppData\Roaming\MyPhoneExplorer
2010-10-13 16:32 . 2010-10-13 16:33	--------	d-----w-	c:\program files\MyPhoneExplorer

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 09:49	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-08-26 16:33 . 2010-10-28 20:18	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-28 20:18	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-28 20:18	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-28 20:18	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-14 21:18	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-10 03:15 . 2010-08-10 03:15	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-08-10 03:15 . 2010-08-10 03:15	69632	----a-w-	c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00	39472	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-22 133432]
"Infium"="c:\program files\QIP 2010\qip.exe" [2010-10-25 5828560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 4710400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 768520]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-3 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9ea8e35287020;Google Update Service (gupdate1c9ea8e35287020);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 133104]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-10-31 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 12:14]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 12:14]

2010-10-31 c:\windows\Tasks\User_Feed_Synchronization-{3E9B3653-6A42-4752-8B40-24CD622C6FEF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
LSP: bmnet.dll
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\if4ijrnv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://bild.de/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\Internet\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\if4ijrnv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Internet\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Internet\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Internet\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-31 11:19
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-4069624544-1120613395-1313819990-1000\Software\SecuROM\License information*]
"datasecu"=hex:6d,0c,69,9a,2e,dc,f9,b6,09,8d,65,77,85,76,88,8e,4f,41,c3,30,3a,
   d3,52,c1,57,51,7c,b8,99,9c,03,28,01,ae,5e,84,1e,03,5d,e3,c8,08,2f,45,88,1c,\
"rkeysecu"=hex:23,00,5d,5b,4f,1a,70,3d,9a,a3,db,26,a0,93,49,69

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\bmnet.dll
.
Zeit der Fertigstellung: 2010-10-31  11:21:45
ComboFix-quarantined-files.txt  2010-10-31 10:21

Vor Suchlauf: 13 Verzeichnis(se), 81.461.534.720 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 81.401.995.264 Bytes frei

- - End Of File - - A0E9B65D59126EA5F0C3C743050B972F
         
--- --- ---

Vielen Dank schonmal für die Hilfe...

Gruß, Tim

Alt 31.10.2010, 13:18   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.11.2010, 13:55   #9
Schinzer
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Hallo!

GMER-File:
Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-11-03 13:46:22
Windows 6.0.6002 Service Pack 2
Running: y5ibl8rg.exe; Driver: C:\Users\Tim\AppData\Local\Temp\kxrdipow.sys


---- System - GMER 1.0.15 ----

SSDT            9E5B374C                                                                                                                               ZwCreateThread
SSDT            9E5B3738                                                                                                                               ZwOpenProcess
SSDT            9E5B373D                                                                                                                               ZwOpenThread
SSDT            9E5B3747                                                                                                                               ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                                          82ABB984 4 Bytes  [4C, 37, 5B, 9E] {DEC ESP; AAA ; POP EBX; SAHF }
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                                          82ABBB54 4 Bytes  [38, 37, 5B, 9E] {CMP [EDI], DH; POP EBX; SAHF }
.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                                                          82ABBB70 4 Bytes  [3D, 37, 5B, 9E]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                                          82ABBD84 4 Bytes  [47, 37, 5B, 9E] {INC EDI; AAA ; POP EBX; SAHF }
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                               section is writeable [0x8EC07340, 0x39E007, 0xE8000020]
                C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl                                                                                 entry point in "" section [0x9E1F9000]
.clc            C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl                                                                                 unknown last section [0x9E1FA000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet\Mozilla Firefox\firefox.exe[4136] ntdll.dll!LdrLoadDll                                                       77BD9390 5 Bytes  JMP 012C13F0 C:\Program Files\Internet\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\Internet\Mozilla Firefox\firefox.exe[4136] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                               76E6B37C 4 Bytes  [F0, 1F, FF, 00]
.text           C:\Program Files\Internet\Mozilla Firefox\plugin-container.exe[5776] USER32.dll!TrackPopupMenu                                         768814F3 5 Bytes  JMP 6543DDE0 C:\Program Files\Internet\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\tdx.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                  [8ABCEFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT             \SystemRoot\system32\DRIVERS\smb.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                  [8ABCEFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT             \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                [8ABCEFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                  [74707817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                   [7475A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                               [7470BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                         [746FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                   [747075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                [746FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                    [74738395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                       [7470DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                               [746FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                [746FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                 [746F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                         [7478CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                            [7472C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                               [746FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                         [746F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                        [746F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                           [74702AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                            [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                          [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[3372] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                            [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Internet\Mozilla Firefox\firefox.exe[4136] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]            [00FF2690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Internet\Mozilla Firefox\firefox.exe[4136] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]              [00FF1290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Internet\Mozilla Firefox\firefox.exe[4136] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]              [00FF2300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Internet\Mozilla Firefox\firefox.exe[4136] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]  [00FF1B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:53:24 on 03.11.2010
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.10

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

  	Risk 	Name 	Publisher 	Full Path 	Status
Common
%SystemRoot%\Tasks
	||||   	"GoogleUpdateTaskMachineCore.job" 	"Google Inc." 	C:\Program Files\Google\Update\GoogleUpdate.exe 	File exists
	||||   	"GoogleUpdateTaskMachineUA.job" 	"Google Inc." 	C:\Program Files\Google\Update\GoogleUpdate.exe 	File exists
	||||   	"1-Klick-Wartung.job" 	"TuneUp Software GmbH" 	C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe 	File exists
Control Panel Objects
%SystemRoot%\system32
	|||||| 	"ISUSPM.cpl" 	"Macrovision Corporation" 	C:\Windows\system32\ISUSPM.cpl 	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
	|||||| 	"QuickTime" 	"Apple Inc." 	C:\Program Files\QuickTime\QTSystem\QuickTime.cpl 	File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
	|||||| 	"avgio" (avgio) 	"Avira GmbH" 	C:\Program Files\Avira\AntiVir Desktop\avgio.sys 	File exists
	|||||| 	"avgntflt" (avgntflt) 	"Avira GmbH" 	C:\Windows\System32\DRIVERS\avgntflt.sys 	File exists
	|||||| 	"avipbb" (avipbb) 	"Avira GmbH" 	C:\Windows\System32\DRIVERS\avipbb.sys 	File exists
	|||||| 	"Bytemobile Boot Time Load Driver" (BMLoad) 	"Bytemobile, Inc." 	C:\Windows\System32\drivers\BMLoad.sys 	File exists
	|||||| 	"Bytemobile Kernel Network Provider" (tcpipBM) 	"Bytemobile, Inc." 	C:\Windows\system32\drivers\tcpipBM.sys 	File exists
	       	"catchme" (catchme) 		C:\Users\Tim\AppData\Local\Temp\catchme.sys 	File not found
	|||||| 	"Dritek General Port I/O" (DritekPortIO) 	"Dritek System Inc." 	C:\PROGRA~1\LAUNCH~1\DPortIO.sys 	File exists
	|||||| 	"int15" (int15) 	"Acer, Inc." 	C:\Acer\Empowering Technology\eRecovery\int15.sys 	File exists
	       	"IP in IP Tunnel Driver" (IpInIp) 		C:\Windows\System32\DRIVERS\ipinip.sys 	File not found
	       	"IPX Traffic Filter Driver" (NwlnkFlt) 		C:\Windows\System32\DRIVERS\nwlnkflt.sys 	File not found
	       	"IPX Traffic Forwarder Driver" (NwlnkFwd) 		C:\Windows\System32\DRIVERS\nwlnkfwd.sys 	File not found
	       	"kxrdipow" (kxrdipow) 		C:\Users\Tim\AppData\Local\Temp\kxrdipow.sys 	Hidden registry entry, rootkit activity | File not found
	|||||| 	"PSDFilter" (PSDFilter) 	"Egis Incorporated" 	C:\Windows\System32\DRIVERS\psdfilter.sys 	File exists
	|||||| 	"PSDNServ" (PSDNServ) 	"Egis Incorporated" 	C:\Windows\System32\DRIVERS\PSDNServ.sys 	File exists
	|||||| 	"PSDVdisk" (psdvdisk) 	"Egis Incorporated" 	C:\Windows\System32\DRIVERS\PSDVdisk.sys 	File exists
	|||||| 	"ssmdrv" (ssmdrv) 	"Avira GmbH" 	C:\Windows\System32\DRIVERS\ssmdrv.sys 	File exists
	|||||| 	"Upper Class Filter Driver" (NTIDrvr) 	"NewTech Infosystems, Inc." 	C:\Windows\System32\DRIVERS\NTIDrvr.sys 	File exists
	|||||| 	"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) 	"Cyberlink Corp." 	C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl 	File exists
Explorer
HKCU\Software\Classes\Folder\shellex\ColumnHandlers
	       	{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" 			File not found | COM-object registry key not found
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
	|||||| 	{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" 	"Adobe Systems, Inc." 	C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 	File exists
HKLM\Software\Classes\Protocols\Handler
	|||||| 	{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" 	"Skype Technologies" 	C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL 	File exists
	||||   	{828030A1-22C1-4009-854F-8E305202313F} "livecall" 	"Microsoft Corporation" 	C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL 	File exists
	|||||| 	{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" 	"Microsoft Corporation" 	C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll 	File exists
	||||   	{828030A1-22C1-4009-854F-8E305202313F} "msnim" 	"Microsoft Corporation" 	C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL 	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
	       	{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" 			File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
	       	{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" 			File not found | COM-object registry key not found
	|||||| 	{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" 	"Igor Pavlov" 	C:\Program Files\7-Zip\7-zip.dll 	File exists
	       	{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" 			File not found | COM-object registry key not found
	       	{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" 			File not found | COM-object registry key not found
	       	{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" 			File not found | COM-object registry key not found
	|||||| 	{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" 	"Egis Incorporated" 	C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll 	File exists
	       	{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" 		epm-po.dll 	File not found
	       	{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" 			File not found | COM-object registry key not found
	|||||| 	{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" 	"Apple Inc." 	C:\Program Files\iTunes\iTunesMiniPlayer.dll 	File exists
	       	{00020d75-0000-0000-c000-000000000046} "lnkfile" 			File not found | COM-object registry key not found
	       	{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" 			File not found | COM-object registry key not found
	       	{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" 			File not found | COM-object registry key not found
	       	{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" 			File not found | COM-object registry key not found
	       	{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" 			File not found | COM-object registry key not found
	       	{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" 			File not found | COM-object registry key not found
	       	{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" 			File not found | COM-object registry key not found
	|||||| 	{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" 	"Avira GmbH" 	C:\Program Files\Avira\AntiVir Desktop\shlext.dll 	File exists
	|||||| 	{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" 	"TuneUp Software" 	C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll 	File exists
	|||||| 	{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" 	"TuneUp Software" 	C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll 	File exists
	|||||| 	{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" 	"TuneUp Software" 	C:\Windows\System32\uxtuneup.dll 	File exists
	       	{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" 			File not found | COM-object registry key not found
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
	       	"ITBar7Layout" 			File not found | COM-object registry key not found
	       	"ITBarLayout" 			File not found | COM-object registry key not found
	       	"{D4027C7F-154A-4066-A1AD-4243D8127440}" 			File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
	||||   	{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab 	"Sun Microsystems, Inc." 	C:\Program Files\Java\jre6\bin\jp2iexp.dll 	File exists
	||||   	{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab 	"Sun Microsystems, Inc." 	C:\Program Files\Java\jre6\bin\jp2iexp.dll 	File exists
	||||   	{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab 	"Sun Microsystems, Inc." 	C:\Program Files\Java\jre6\bin\jp2iexp.dll 	File exists
	||||   	{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab 	"Sun Microsystems, Inc." 	C:\Program Files\Java\jre6\bin\npjpi160_17.dll 	File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
	||||   	{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" 	"Google Inc." 	C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll 	File exists
	|||||| 	{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" 	"Safer Networking Limited" 	C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 	File exists
	||||   	"ICQ7.2" 	"ICQ, LLC." 	C:\Program Files\ICQ7.2\ICQ.exe 	File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
	|||||| 	"Acer eDataSecurity Management" 	"Egis Incorporated." 	C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll 	File exists
	       	{0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" 			File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
	|||||| 	{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" 	"Adobe Systems Incorporated" 	C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 	File exists
	||||   	{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" 	"Google Inc." 	C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll 	File exists
	||||   	{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" 	"Sun Microsystems, Inc." 	C:\Program Files\Java\jre6\bin\jp2ssv.dll 	File exists
	||     	{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" 	"qip.ru" 	C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll 	File exists
	|||||| 	{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" 	"Safer Networking Limited" 	C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 	File exists
	|||||| 	{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" 	"Microsoft Corporation" 	C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 	File exists
Logon
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
	|||||| 	"desktop.ini" 		C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini 	File exists
	||||   	"Empowering Technology Launcher.lnk" 	"Acer Inc." 	C:\Acer\Empowering Technology\eAPLauncher.exe 	Shortcut exists | File exists
%SystemDrive%\_OTL\MovedFiles\10292010_162300\C_Users\Public\Documents\Windows
	|||||| 	"desktop.ini" 		C:\_OTL\MovedFiles\10292010_162300\C_Users\Public\Documents\Windows\desktop.ini 	File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	||||   	"ICQ" 	"ICQ, LLC." 	"C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 	File exists
	||||   	"Infium" 	"QIP" 	"C:\Program Files\QIP 2010\qip.exe" /autorun 	File exists
	||||   	"msnmsgr" 	"Microsoft Corporation" 	"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background 	File exists
	||||   	"Skype" 	"Skype Technologies S.A." 	"C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized 	File exists
	|||||| 	"SpybotSD TeaTimer" 	"Safer Networking Limited" 	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 	File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
	       	"StartupPrograms" 		rdpclip 	File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
	||||   	"Adobe ARM" 	"Adobe Systems Incorporated" 	"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 	File exists
	       	"Adobe Reader Speed Launcher" 	"Adobe Systems Incorporated" 	"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 	File exists
	|||||| 	"avgnt" 	"Avira GmbH" 	"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min 	File exists
	||||   	"eAudio" 	"CyberLink" 	"C:\Acer\Empowering Technology\eAudio\eAudio.exe" 	File exists
	|||||| 	"eDataSecurity Loader" 	"Egis Incorporated" 	C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe 	File exists
	||||   	"iTunesHelper" 	"Apple Inc." 	"C:\Program Files\iTunes\iTunesHelper.exe" 	File exists
	|||||| 	"LManager" 	"Dritek System Inc." 	C:\PROGRA~1\LAUNCH~1\LManager.exe 	File exists
	|||||| 	" Malwarebytes Anti-Malware  (reboot)" 	"Malwarebytes Corporation" 	"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript 	File exists
	||||   	"MobileConnect" 	"Vodafone" 	%programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent 	File exists
	||     	"PLFSetI" 		C:\Windows\PLFSetI.exe 	File exists
	||||   	"QuickTime Task" 	"Apple Inc." 	"C:\Program Files\QuickTime\QTTask.exe" -atboottime 	File exists
	||||   	"WarReg_PopUp" 	"Acer Incorporated" 	C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe 	File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
	|||||| 	"Canon BJ Language Monitor MP600" 	"CANON INC." 	C:\Windows\system32\CNMLM87.DLL 	File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
	|||||| 	"@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) 	"TuneUp Software" 	C:\Windows\System32\TuneUpDefragService.exe 	File exists
	|||||| 	"@%SystemRoot%\System32\TUProgSt.exe,-1" (TuneUp.ProgramStatisticsSvc) 	"TuneUp Software" 	C:\Windows\System32\TUProgSt.exe 	File exists
	|||||| 	"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) 	"TuneUp Software" 	C:\Windows\System32\uxtuneup.dll 	File exists
	|||||| 	"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) 	"Microsoft Corporation" 	C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 	File exists
	|||||| 	"ALaunch Service" (ALaunchService) 		C:\Acer\ALaunch\ALaunchSvc.exe 	File exists
	|||||| 	"Apple Mobile Device" (Apple Mobile Device) 	"Apple Inc." 	C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 	File exists
	|||||| 	"Avira AntiVir Guard" (AntiVirService) 	"Avira GmbH" 	C:\Program Files\Avira\AntiVir Desktop\avguard.exe 	File exists
	|||||| 	"Avira AntiVir Planer" (AntiVirSchedulerService) 	"Avira GmbH" 	C:\Program Files\Avira\AntiVir Desktop\sched.exe 	File exists
	|||||| 	"Cyberlink RichVideo Service(CRVS)" (RichVideo) 		C:\Program Files\CyberLink\Shared Files\RichVideo.exe 	File exists
	|||||| 	"Dienst "Bonjour"" (Bonjour Service) 	"Apple Inc." 	C:\Program Files\Bonjour\mDNSResponder.exe 	File exists
	|||||| 	"eDataSecurity Service" (eDataSecurity Service) 	"Egis Incorporated" 	C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 	File exists
	|||||| 	"eLock Service" (eLockService) 	"Acer Inc." 	C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 	File exists
	|||||| 	"eNet Service" (eNet Service) 	"Acer Inc." 	C:\Acer\Empowering Technology\eNet\eNet Service.exe 	File exists
	|||||| 	"ePower Service" (WMIService) 	"acer" 	C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 	File exists
	|||||| 	"eRecovery Service" (eRecoveryService) 	"Acer Inc." 	C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 	File exists
	|||||| 	"eSettings Service" (eSettingsService) 		C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 	File exists
	||||   	"Google Update Service (gupdate1c9ea8e35287020)" (gupdate1c9ea8e35287020) 	"Google Inc." 	C:\Program Files\Google\Update\GoogleUpdate.exe 	File exists
	||||   	"InstallDriver Table Manager" (IDriverT) 	"Macrovision Corporation" 	C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 	File exists
	|||||| 	"iPod-Dienst" (iPod Service) 	"Apple Inc." 	C:\Program Files\iPod\bin\iPodService.exe 	File exists
	|||||| 	"LightScribeService Direct Disc Labeling Service" (LightScribeService) 	"Hewlett-Packard Company" 	C:\Program Files\Common Files\LightScribe\LSSrvc.exe 	File exists
	|||||| 	"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) 	"Microsoft Corporation" 	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 	File exists
	|||||| 	"MobilityService" (MobilityService) 		C:\Acer\Mobility Center\MobilityService.exe 	File exists
	|||||| 	"PnkBstrA" (PnkBstrA) 		C:\Windows\system32\PnkBstrA.exe 	File found, but it contains no detailed information
	|||||| 	"SBSD Security Center Service" (SBSDWSCService) 	"Safer Networking Ltd." 	C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 	File exists
	|||||| 	"Vodafone Mobile Connect Service" (VMCService) 	"Vodafone" 	C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe 	File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
	|||||| 	"mdnsNSP" 	"Apple Inc." 	C:\Program Files\Bonjour\mdnsNSP.dll 	File exists
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
	|||||| 	"BMI over [MSAFD-Tcpip [RAW/IP]]" 	"Bytemobile, Inc." 	C:\Windows\system32\bmnet.dll 	File exists
	|||||| 	"BMI over [MSAFD-Tcpip [TCP/IP]]" 	"Bytemobile, Inc." 	C:\Windows\system32\bmnet.dll 	File exists
	|||||| 	"BMI over [MSAFD-Tcpip [UDP/IP]]" 	"Bytemobile, Inc." 	C:\Windows\system32\bmnet.dll 	File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         


Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Acer
BIOS Manufacturer:		Acer
System Manufacturer:		Acer
System Product Name:		Aspire 5520
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 167):
  0x82A0F000 \SystemRoot\system32\ntkrnlpa.exe
  0x82DC8000 \SystemRoot\system32\hal.dll
  0x80404000 \SystemRoot\system32\kdcom.dll
  0x8040B000 \SystemRoot\system32\PSHED.dll
  0x8041C000 \SystemRoot\system32\BOOTVID.dll
  0x80424000 \SystemRoot\system32\CLFS.SYS
  0x80465000 \SystemRoot\system32\CI.dll
  0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x805C1000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8060E000 \SystemRoot\system32\drivers\acpi.sys
  0x80654000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8065D000 \SystemRoot\system32\drivers\msisadrv.sys
  0x80665000 \SystemRoot\system32\drivers\pci.sys
  0x8068C000 \SystemRoot\System32\drivers\partmgr.sys
  0x8069B000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8069E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x806A8000 \SystemRoot\system32\drivers\volmgr.sys
  0x806B7000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80701000 \SystemRoot\system32\drivers\pciide.sys
  0x80708000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x80716000 \SystemRoot\System32\drivers\mountmgr.sys
  0x80726000 \SystemRoot\system32\drivers\atapi.sys
  0x8072E000 \SystemRoot\system32\drivers\ataport.SYS
  0x8074C000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8077E000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8078E000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x80C0A000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x80C7B000 \SystemRoot\system32\drivers\ndis.sys
  0x80D86000 \SystemRoot\system32\drivers\msrpc.sys
  0x80DB1000 \SystemRoot\system32\drivers\NETIO.SYS
  0x80E0F000 \SystemRoot\System32\drivers\tcpip.sys
  0x80EF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8AA0C000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8AB1C000 \SystemRoot\system32\drivers\volsnap.sys
  0x8AB55000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AB5D000 \SystemRoot\System32\Drivers\mup.sys
  0x8AB6C000 \SystemRoot\System32\drivers\ecache.sys
  0x8AB93000 \SystemRoot\system32\drivers\disk.sys
  0x8ABA4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8ABC5000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8ABCE000 \SystemRoot\system32\drivers\BMLoad.sys
  0x8ABF4000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8AA00000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x80F14000 \SystemRoot\system32\DRIVERS\amdk8.sys
  0x80F24000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x80F2D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x80F31000 \SystemRoot\system32\DRIVERS\enecir.sys
  0x80F43000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x80F56000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x80F60000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x80F6B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x80F97000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8AA09000 \SystemRoot\system32\DRIVERS\nvsmu.sys
  0x80FA2000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x80FAC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x80FEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x80797000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x80FF9000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x80E00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8E60E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8E69B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8E6AB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8E6B9000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x8E6D3000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
  0x8E6E2000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
  0x8E6F6000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x8EA0F000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
  0x8EC07000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8EB0C000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F3E4000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F605000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8F6C0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8F6EF000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8F730000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F73B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F752000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8F75D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F780000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8F78F000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8F7A3000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8F7B8000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F7C8000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F7CA000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F3F0000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8F7F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8EBAD000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8EBBA000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8EBEF000 \SystemRoot\System32\drivers\vga.sys
  0x8E747000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8E768000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x91A0E000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8E779000 \SystemRoot\system32\drivers\portcls.sys
  0x8E7A6000 \SystemRoot\system32\drivers\drmk.sys
  0x807AF000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x92609000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x9270C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x927C1000 \SystemRoot\system32\drivers\modem.sys
  0x927CE000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x927D9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x927E9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x927F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x92600000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x91A00000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x927F9000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x929C7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x929D0000 \SystemRoot\System32\Drivers\Null.SYS
  0x929D7000 \SystemRoot\System32\Drivers\Beep.SYS
  0x929DE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x929E6000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x929EE000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8E7CB000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8E7D9000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8E7E2000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x929F9000 \SystemRoot\System32\Drivers\tcpipBM.SYS
  0x80DEC000 \SystemRoot\system32\DRIVERS\smb.sys
  0x93E0C000 \SystemRoot\system32\drivers\afd.sys
  0x93E54000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x93E86000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x93E8F000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x93EA5000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x93EB3000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x93EC6000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x93ECC000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x93F08000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
  0x93F0C000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x93F16000 \SystemRoot\System32\Drivers\dfsc.sys
  0x93F2D000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x93F49000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x93F4B000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x93F86000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x93F93000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x93F9E000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x9BEC0000 \SystemRoot\System32\win32k.sys
  0x93FA6000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9C0E0000 \SystemRoot\System32\TSDDD.dll
  0x9C100000 \SystemRoot\System32\cdd.dll
  0x93FB0000 \SystemRoot\system32\drivers\luafv.sys
  0x93FCB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9E000000 \SystemRoot\system32\drivers\spsys.sys
  0x9E0B0000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9E0C0000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9E0EA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9E0F4000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9E107000 \SystemRoot\system32\drivers\HTTP.sys
  0x9E174000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9E191000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9E1AA000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9E1BF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9FC00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9FC39000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9FC51000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9FC79000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9FCDF000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0x9FCE6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0x9FCEA000 \SystemRoot\system32\drivers\peauth.sys
  0x9FDC8000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0x9FDD1000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0x9FDE3000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9FDED000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9FCC7000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0x9E1DE000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
  0x92800000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
  0x9FCCF000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x9FDF9000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
  0x929AC000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x93FDF000 \??\C:\Users\Tim\AppData\Local\Temp\kxrdipow.sys
  0x77BB0000 \Windows\System32\ntdll.dll

Processes (total 87):
       0 System Idle Process
       4 System
     460 C:\Windows\System32\smss.exe
     592 csrss.exe
     632 C:\Windows\System32\wininit.exe
     640 csrss.exe
     676 C:\Windows\System32\services.exe
     688 C:\Windows\System32\lsass.exe
     696 C:\Windows\System32\lsm.exe
     832 C:\Windows\System32\winlogon.exe
     892 C:\Windows\System32\svchost.exe
     972 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1140 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\audiodg.exe
    1256 C:\Windows\System32\SLsvc.exe
    1300 C:\Windows\System32\svchost.exe
    1420 C:\Windows\System32\svchost.exe
    1640 C:\Windows\System32\spoolsv.exe
    1708 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1736 C:\Windows\System32\svchost.exe
    1980 C:\Acer\ALaunch\ALaunchSvc.exe
    2004 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2020 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     184 C:\Program Files\Bonjour\mDNSResponder.exe
     336 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
     668 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    1152 C:\Acer\Empowering Technology\eNet\eNet Service.exe
    1840 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
     240 C:\Acer\Mobility Center\MobilityService.exe
    2088 C:\Windows\System32\PnkBstrA.exe
    2132 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2208 C:\Windows\System32\svchost.exe
    2252 C:\Windows\System32\TUProgSt.exe
    2288 C:\Windows\System32\svchost.exe
    2332 C:\Windows\System32\SearchIndexer.exe
    2416 C:\Windows\System32\drivers\XAudio.exe
    2452 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    2512 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    2572 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    2604 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    2856 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    2996 WmiPrvSE.exe
    3132 WmiPrvSE.exe
    3280 C:\Windows\System32\dwm.exe
    3372 C:\Windows\explorer.exe
    3692 C:\Program Files\Windows Defender\MSASCui.exe
    3724 C:\Windows\RtHDVCpl.exe
    3800 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    3820 C:\Acer\Empowering Technology\eAudio\eAudio.exe
    3852 C:\Windows\System32\rundll32.exe
    4060 C:\Windows\System32\rundll32.exe
    3492 C:\Users\Tim\AppData\Local\Temp\RtkBtMnt.exe
    1684 C:\Windows\System32\wbem\unsecapp.exe
    1584 unsecapp.exe
    3760 C:\Program Files\Launch Manager\LManager.exe
    1756 C:\Windows\PLFSetI.exe
    3560 C:\Program Files\Apoint2K\Apoint.exe
    3868 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2340 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    3244 C:\Program Files\iTunes\iTunesHelper.exe
    3068 C:\Program Files\Windows Sidebar\sidebar.exe
     888 C:\Program Files\Apoint2K\ApMsgFwd.exe
    3716 C:\Program Files\Apoint2K\ApntEx.exe
    2568 C:\Windows\ehome\ehtray.exe
    2640 C:\Windows\System32\taskeng.exe
    3844 C:\Windows\System32\taskeng.exe
    4104 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4200 C:\Windows\ehome\ehmsas.exe
    4224 C:\Acer\Empowering Technology\eNet\eNMTray.exe
    4340 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    4352 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    4392 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    5572 C:\Program Files\iPod\bin\iPodService.exe
    2196 C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
    4856 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    5732 C:\Program Files\Windows Media Player\wmpnetwk.exe
     392 C:\Users\Tim\Desktop\y5ibl8rg.exe
    1060 C:\Program Files\Internet\Mozilla Firefox\firefox.exe
    1320 C:\Program Files\Internet\Mozilla Firefox\plugin-container.exe
    5072 C:\Windows\System32\SearchProtocolHost.exe
    4140 C:\Windows\System32\SearchFilterHost.exe
    1972 C:\Users\Tim\Desktop\MBRCheck.exe
    5004 C:\Windows\System32\conime.exe
    3344 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`83700000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
         

So, großer Beitrag...

Gruß Tim

Alt 03.11.2010, 14:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Sind noch andere Betriebssysteme außer Vista installiert?

Wenn nicht => Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

(Statt dieser Rescue-Disc kannst Du auch eine normale Vista-DVD benutzen)

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.11.2010, 14:54   #11
Schinzer
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



So, habe alles nach deiner Anleitung erledigt, habe die Datei von Dr. Windows benutzt. Als ich bootrec.exe/fixboot eingegeben habe, kam eine Fehlermeldung (Auf dem Datenträger sind keine erkannten Dateisysteme. Stellen Sie sicher, alle Treiber geladen sind oder ob der Datenträger beschädigt ist (sinngemäße Wiedergabe der Meldung, kein Wortlaut)). Bei bootrec.exe/fixmbr kam jedoch keine Fehlermeldung, sondern der Vorgang wurde als erfolgreich gemeldet. Wie geht es nun weiter?

Gruß Tim

Alt 03.11.2010, 15:04   #12
Schinzer
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Sorry, dachte meine letzte Antworthat nicht geklappt, ist aber auf Seite 2 -.-

*editiert

Alt 03.11.2010, 15:29   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Dann mach mal ein neues Log mit mbrcheck
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.11.2010, 19:20   #14
Schinzer
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Acer
BIOS Manufacturer:		Acer
System Manufacturer:		Acer
System Product Name:		Aspire 5520
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 167):
  0x82A39000 \SystemRoot\system32\ntkrnlpa.exe
  0x82A06000 \SystemRoot\system32\hal.dll
  0x80402000 \SystemRoot\system32\kdcom.dll
  0x80409000 \SystemRoot\system32\PSHED.dll
  0x8041A000 \SystemRoot\system32\BOOTVID.dll
  0x80422000 \SystemRoot\system32\CLFS.SYS
  0x80463000 \SystemRoot\system32\CI.dll
  0x80543000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80604000 \SystemRoot\system32\drivers\acpi.sys
  0x8064A000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80653000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8065B000 \SystemRoot\system32\drivers\pci.sys
  0x80682000 \SystemRoot\System32\drivers\partmgr.sys
  0x80691000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80694000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8069E000 \SystemRoot\system32\drivers\volmgr.sys
  0x806AD000 \SystemRoot\System32\drivers\volmgrx.sys
  0x806F7000 \SystemRoot\system32\drivers\pciide.sys
  0x806FE000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8070C000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8071C000 \SystemRoot\system32\drivers\atapi.sys
  0x80724000 \SystemRoot\system32\drivers\ataport.SYS
  0x80742000 \SystemRoot\system32\drivers\fltmgr.sys
  0x80774000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80784000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x8078D000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x80C0E000 \SystemRoot\system32\drivers\ndis.sys
  0x80D19000 \SystemRoot\system32\drivers\msrpc.sys
  0x80D44000 \SystemRoot\system32\drivers\NETIO.SYS
  0x80E0F000 \SystemRoot\System32\drivers\tcpip.sys
  0x80EF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8AA03000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8AB13000 \SystemRoot\system32\drivers\volsnap.sys
  0x8AB4C000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AB54000 \SystemRoot\System32\Drivers\mup.sys
  0x8AB63000 \SystemRoot\System32\drivers\ecache.sys
  0x8AB8A000 \SystemRoot\system32\drivers\disk.sys
  0x8AB9B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8ABBC000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8ABC5000 \SystemRoot\system32\drivers\BMLoad.sys
  0x8ABEB000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8ABF6000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x80F14000 \SystemRoot\system32\DRIVERS\amdk8.sys
  0x80F24000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x80F2D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x80F31000 \SystemRoot\system32\DRIVERS\enecir.sys
  0x80F43000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x80F56000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x80F60000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x80F6B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x80F97000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8AA00000 \SystemRoot\system32\DRIVERS\nvsmu.sys
  0x80FA2000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x80FAC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x80FEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x80D7F000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x80FF9000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x80E00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8E80B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8E898000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8E8A8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8E8B6000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x8E8D0000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
  0x8E8DF000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
  0x8E8F3000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x8EA06000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
  0x8EE01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8EB03000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F5DE000 \SystemRoot\System32\drivers\watchdog.sys
  0x8E944000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8EBA4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x80D97000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8F5EA000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8EBD3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F5F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x80DD8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8EBEA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x805CC000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x805E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8F801000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F811000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F813000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F83D000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8F84B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8F855000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F862000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8F897000 \SystemRoot\System32\drivers\vga.sys
  0x8F8A3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8F8D3000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x9240A000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F8E4000 \SystemRoot\system32\drivers\portcls.sys
  0x8F911000 \SystemRoot\system32\drivers\drmk.sys
  0x8F936000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x92602000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x92705000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x927BA000 \SystemRoot\system32\drivers\modem.sys
  0x927C7000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x927D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x927E2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x927E9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x927F2000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x92400000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x925F8000 \SystemRoot\System32\Drivers\Null.SYS
  0x8F973000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8F97A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8F982000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8F98A000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8F995000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8F9A3000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8F9AC000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x927FA000 \SystemRoot\System32\Drivers\tcpipBM.SYS
  0x8F9C2000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92A09000 \SystemRoot\system32\drivers\afd.sys
  0x92A51000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92A83000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x92A8C000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92AA2000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92AB0000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92AC3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x92AC9000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92B05000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
  0x92B09000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92B13000 \SystemRoot\System32\Drivers\dfsc.sys
  0x92B2A000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x92B46000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x92B4F000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x92B51000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x92E0B000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
  0x92FB7000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x92FC4000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
  0x92FCB000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x92FD8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x92FE3000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x9BE90000 \SystemRoot\System32\win32k.sys
  0x92FEB000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9C0B0000 \SystemRoot\System32\TSDDD.dll
  0x9C0D0000 \SystemRoot\System32\cdd.dll
  0x92B53000 \SystemRoot\system32\drivers\luafv.sys
  0x92B6E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9E207000 \SystemRoot\system32\drivers\spsys.sys
  0x9E2B7000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9E2C7000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9E2F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9E2FB000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9E30E000 \SystemRoot\system32\drivers\HTTP.sys
  0x9E37B000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9E398000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9E3B1000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9E3C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x92B82000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9E3E5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x92BBB000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9FA0D000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9FA73000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0x9FA7A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0x9FA7E000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x9FA94000 \SystemRoot\system32\drivers\peauth.sys
  0x9FB72000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0x9FB7B000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0x9FB8D000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9FB97000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9FBA3000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0x9FBAB000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
  0xBA002000 \SystemRoot\system32\DRIVERS\udfs.sys
  0xBA050000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x77330000 \Windows\System32\ntdll.dll

Processes (total 88):
       0 System Idle Process
       4 System
     456 C:\Windows\System32\smss.exe
     592 csrss.exe
     632 C:\Windows\System32\wininit.exe
     644 csrss.exe
     676 C:\Windows\System32\services.exe
     688 C:\Windows\System32\lsass.exe
     696 C:\Windows\System32\lsm.exe
     832 C:\Windows\System32\svchost.exe
     916 C:\Windows\System32\svchost.exe
     956 C:\Windows\System32\winlogon.exe
    1020 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\audiodg.exe
    1240 C:\Windows\System32\SLsvc.exe
    1272 C:\Windows\System32\svchost.exe
    1400 C:\Windows\System32\svchost.exe
    1596 C:\Windows\System32\spoolsv.exe
    1620 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1632 C:\Windows\System32\svchost.exe
    1944 C:\Acer\ALaunch\ALaunchSvc.exe
    2008 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
     184 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     240 C:\Program Files\Bonjour\mDNSResponder.exe
     344 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
     480 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    1368 C:\Acer\Empowering Technology\eNet\eNet Service.exe
    1816 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2060 C:\Acer\Mobility Center\MobilityService.exe
    2124 C:\Windows\System32\PnkBstrA.exe
    2164 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2188 C:\Windows\System32\svchost.exe
    2308 C:\Windows\System32\TUProgSt.exe
    2416 C:\Windows\System32\svchost.exe
    2452 C:\Windows\System32\SearchIndexer.exe
    2492 C:\Windows\System32\drivers\XAudio.exe
    2540 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    2588 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    2636 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    2680 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    3012 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    3060 C:\Windows\System32\taskeng.exe
    3220 WmiPrvSE.exe
    3228 WmiPrvSE.exe
    3404 unsecapp.exe
    3596 C:\Windows\System32\dwm.exe
    3636 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    3664 C:\Windows\System32\taskeng.exe
    3732 C:\Windows\explorer.exe
    3888 C:\Program Files\Windows Defender\MSASCui.exe
    3904 C:\Windows\RtHDVCpl.exe
    3928 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    3944 C:\Acer\Empowering Technology\eAudio\eAudio.exe
    2120 C:\Windows\System32\rundll32.exe
    3496 C:\Windows\System32\wbem\unsecapp.exe
    2344 C:\Windows\System32\rundll32.exe
    3940 C:\Users\Tim\AppData\Local\Temp\RtkBtMnt.exe
    2412 C:\Program Files\Launch Manager\LManager.exe
    1920 C:\Windows\PLFSetI.exe
    1940 C:\Program Files\Apoint2K\Apoint.exe
    3884 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3872 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    2300 C:\Program Files\iTunes\iTunesHelper.exe
    2980 C:\Program Files\Windows Sidebar\sidebar.exe
    3172 C:\Windows\ehome\ehtray.exe
    3452 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    3824 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    3580 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4048 C:\Acer\Empowering Technology\eNet\eNMTray.exe
    4044 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3308 C:\Windows\ehome\ehmsas.exe
    2000 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    1068 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    1928 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    5080 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    5364 C:\Program Files\Apoint2K\ApMsgFwd.exe
    5580 C:\Program Files\Apoint2K\ApntEx.exe
    5604 C:\Windows\System32\conime.exe
    4152 C:\Program Files\iPod\bin\iPodService.exe
    4824 C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
    1800 C:\Program Files\Java\jre6\bin\jusched.exe
    4716 C:\Program Files\Internet\Mozilla Firefox\firefox.exe
    3208 C:\Program Files\Internet\Mozilla Firefox\plugin-container.exe
    4520 C:\Program Files\QIP 2010\qip.exe
    5360 C:\Users\Tim\Desktop\Trojaner-Board\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`83700000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
         
Kann man schon etwas sagen, wie es aussieht mit meinem PC?

Gruß Tim

Alt 03.11.2010, 19:26   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere
.dll, 0 bytes, adblock, alternate, anti-malware, antivir, avgntflt.sys, check, components, corp./icp, datei, dateien, explorer, firefox.exe, folge, grand theft auto, hallo zusammen, home premium, install.exe, location, löschen, malwarebytes, microsoft, modus, mozilla thunderbird, need for speed, nichts, nvlddmkm.sys, nvstor.sys, oldtimer, otl logfile, otl.exe, programdata, roaming, safer networking, saver, sched.exe, searchplugins, server, service, service pack 2, shell32.dll, skype.exe, software, trojan.fakealert, trojaner, tutorial, version, vodafone, windows, windows explorer



Ähnliche Themen: TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere


  1. Public-box.ru entfernen
    Anleitungen, FAQs & Links - 06.11.2015 (2)
  2. Public Preview von Application Insights
    Nachrichten - 15.05.2015 (0)
  3. Windows 7: Trojaner z.B. in C:\Users\Admin\AppData\Local
    Log-Analyse und Auswertung - 14.02.2015 (20)
  4. Avast gibt Alarm URL: hxxps://securityguard1.net/public/AddOn2/static/gc.js
    Log-Analyse und Auswertung - 28.11.2014 (9)
  5. Windows 8: Verdacht auf Virus, c:\users\*******\appdata\roaming\newnext.me\nenginge.dll
    Log-Analyse und Auswertung - 07.04.2014 (9)
  6. Malwarebytes findet einen Rougelink : C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (10)
  7. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  8. Wieder Da! Trojaner chydo in c:/user/public
    Log-Analyse und Auswertung - 14.11.2012 (9)
  9. Trojan.chydo in C:\Users\Public
    Log-Analyse und Auswertung - 30.10.2012 (11)
  10. Fanmeile: Public Viewing der Build-Keynote
    Nachrichten - 24.10.2012 (0)
  11. AVG findet Trojaner generic_r.tt in C:\Users\Public
    Log-Analyse und Auswertung - 21.10.2012 (1)
  12. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)
  13. akhdfiusdf.exe+TR/Oficla.AV
    Plagegeister aller Art und deren Bekämpfung - 18.11.2010 (4)
  14. Winhelp.exe System jetzt sauber?
    Log-Analyse und Auswertung - 13.11.2010 (1)
  15. Backdoor:Win32/IRCbot.gen!M und Win32/Oficla.V
    Plagegeister aller Art und deren Bekämpfung - 27.10.2010 (1)
  16. winhelp.exe Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.08.2010 (9)
  17. Winhelp legal spinnt unter win 98II
    Alles rund um Windows - 23.09.2005 (1)

Zum Thema TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Hallo zusammen! Ich habe vor ein paar Tagen völlig unvermittelt ohne Vorwarnung auf einmal mehrere Virusmeldungen bekommen (War immer der gleiche Trojaner, habe leider nichts mitgeschrieben). Ab diesem Zeitpunkt stürzt - TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere...
Archiv
Du betrachtest: TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.