Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Schriften verschwinden, System reagiert nicht mehr

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.11.2010, 21:40   #1
kaya83
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Hallo,
Nach 30min-1h verschwindet die Schrift aus Taskleiste, von Browsertabs und Dateien am Desktop, innerhalb von 10 Sekunden reagiert das gesamte System nicht mehr. Ich surfte zu diesem Zeitpunkt immer mit Firefox oder Internet Explorer. Ein Neustart ist nur durch Drücken des Ausschalt-Knopfs am Laptop möglich.
Das Problem besteht seit ich Avira Virenschutz letzte Woche upgedated habe. Quick Scan mit Avira hat nichts gezeigt. Quick Scan mit Malwarebytes brachte 3 schädliche Dateien, die jetzt seit gestern in Quarantäne sind. Das Problem besteht allerdings noch immer. Aufgrund meiner unspezifischen Beschreibung konnte ich durch Recherche nichts rausfinden.

Weiß hier jemand Rat?
Danke im Voraus, Kaya

Mir gelang es noch einen Screenshot zu machen: h**p://yfrog.com/48bildvdj
HiJackThis und Malwarebytes Logs sind angehängt.

Die angesprochenen infected files (Auszug Malwarebytes):

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Files Infected:
C:\Dokumente und Einstellungen\***\Anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\fvgqad.dat (Malware.Trace) -> No action taken.
Angehängte Dateien
Dateityp: txt mbam-log-2010-11-21 (21-20-15).txt (1,2 KB, 205x aufgerufen)
Dateityp: txt hijackthis.txt (15,9 KB, 201x aufgerufen)

Alt 23.11.2010, 10:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Zitat:
Scan type: Quick scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 23.11.2010, 23:06   #3
kaya83
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Hallo,
erstmal danke für die Antwort, hier die gewünschten Infos:

1. Malwarebytes:
Ich habe es geschafft einen vollen Scan mit Malwarebytes durchzuführen.
Da System aber immer recht bald und unangekündigt abstürzt, habe ich bei den Einstellungen nur C: dann nur D: angehakt, und so 2 Scanfiles erzeugt. Hoffe es passt so.

Malwarebytes Voller Scan C:
HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5173

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.11.2010 21:06:50
mbam-log-2010-11-23 (21-06-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 332348
Time elapsed: 2 hour(s), 9 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Malwarebytes Voller Scan D:
HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5173

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.11.2010 21:40:33
mbam-log-2010-11-23 (21-40-33).txt

Scan type: Full scan (D:\|)
Objects scanned: 197454
Time elapsed: 32 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


2. OTL:

OTL - File 1 - OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.11.2010 21:53:00 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 127,00 Mb Available Physical Memory | 12,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 3106 3299 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 44,37 Gb Total Space | 0,35 Gb Free Space | 0,78% Space Free | Partition Type: FAT32
Drive D: | 44,86 Gb Total Space | 1,77 Gb Free Space | 3,95% Space Free | Partition Type: FAT32
Drive F: | 6,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ACER-917A74570E | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\3ConnectivityWizard\Drivers\Automatic\Option Globesurfer Icon\GtFlashSwitch.exe (OptionNV)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\3DataManager\3DataManager.exe (WebToGo Mobile Internet GmbH)
PRC - C:\Programme\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\BlazeVideo\BlazeDTV2.1\MediaDetector.exe (BlazeVideo Company)
PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
PRC - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programme\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
PRC - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\BlazeVideo\BlazeDTV2.1\MMKeyboardHook.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST)
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\WINDOWS\system32\MSNChatHook.dll ()
MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\MFC71u.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\MFC71DEU.DLL (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LVPrcSrv) -- c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (GoogleDesktopManager-090809-085438) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GTFlashSwitch) -- C:\Programme\3ConnectivityWizard\Drivers\Automatic\Option Globesurfer Icon\GtFlashSwitch.exe (OptionNV)
SRV - (vsmon) -- C:\WINDOWS\System32\ZONELABS\vsmon.exe (Zone Labs, LLC)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS3) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (NTGUARD) -- C:\Programme\a1internetsecurity\bin\NTGUARD.SYS File not found
DRV - (LVPr2Mon) -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys File not found
DRV - (LVMVDrv) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys File not found
DRV - (LVcKap) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (AF05BDA) -- C:\WINDOWS\system32\drivers\AF05BDA.sys (AfaTech                  )
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys ()
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.93
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000004
FF - prefs.js..extensions.enabledItems: pencil@evolus.vn:1.0.6
FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:14.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programme\Real\RealPlayer\browserrecord [2007.12.15 11:14:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2007.12.06 22:41:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2007.12.06 22:41:02 | 000,000,000 | ---D | M]
 
[2008.09.16 08:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.09.04 13:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2007.12.06 22:45:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions
[2010.07.29 17:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.03 08:12:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.09.24 00:30:58 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.29 18:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.02 19:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2009.11.23 18:51:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.18 19:22:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.01.19 20:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009.02.21 22:40:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.03.08 10:41:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\moveplayer@movenetworks.com
[2009.08.30 12:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\pencil@evolus.vn
[2010.07.29 17:47:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\qtl.co.il@gmail.com
[2010.07.29 17:47:40 | 000,002,101 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\searchplugins\qtl.xml
[2010.09.24 15:55:28 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\searchplugins\conduit.xml
[2007.12.06 22:41:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.11.03 17:23:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.03 17:23:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.03 17:23:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.03 17:23:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.03 17:23:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Web Accessibility Toolbar) - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Programme\Accessibility_Toolbar\Accessibility_Toolbar.dll (Web Accessibility Tools Consortium)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Web Accessibility Toolbar) - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Programme\Accessibility_Toolbar\Accessibility_Toolbar.dll (Web Accessibility Tools Consortium)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ACER-917A74570E] C:\WINDOWS\System32\ACER-917A74570E.vbs File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Google Desktop Search] C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Programme\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Sample Toolband Serach - C:\WINDOWS\System32\ToolBand.dll (HiTRUST)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.02.15 03:06:22 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.01.03 18:40:11 | 000,000,051 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{021c1105-4f98-11dd-b896-00038a000015}\Shell\AutoRun\command - "" = K:\Setup.exe -- File not found
O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0bc77210-03ad-11df-bbe5-001302078cf7}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell - "" = AutoRun
O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\Shell - "" = Autorun
O33 - MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\Shell\downloadsb\command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{6b708f58-f88b-11de-bbd4-001302078cf7}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell - "" = AutoRun
O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.22 20:45:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp
[2010.11.22 18:54:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.11.21 20:41:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.11.21 20:41:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.21 20:41:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.11.21 20:41:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.21 20:40:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.21 20:22:53 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe
[2010.11.21 12:42:28 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2010.11.19 18:46:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
[2010.11.07 17:35:06 | 063,363,736 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\PowerPointViewer2010.exe
[2010.11.07 12:55:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\anhaenge_05_11_2010
[2010.11.03 18:03:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.23 21:29:10 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.23 18:55:38 | 000,000,494 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010.11.23 18:55:16 | 000,002,321 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2010.11.23 18:54:28 | 000,043,805 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.11.23 18:54:08 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.23 18:54:06 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.11.23 18:53:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.23 18:53:06 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.23 08:44:58 | 000,440,352 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010.11.23 08:44:58 | 000,007,280 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010.11.23 08:44:46 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010.11.22 18:55:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.11.21 20:41:18 | 000,000,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 20:26:46 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe
[2010.11.21 19:59:06 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\virus.jpg
[2010.11.21 19:58:32 | 000,041,897 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bildv.jpg
[2010.11.20 16:05:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.11.19 19:06:24 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.11.19 19:06:24 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.19 11:02:50 | 044,151,368 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\avira_antivir_personal_de.exe
[2010.11.17 12:38:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.09 20:15:56 | 000,166,912 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.08 20:07:04 | 000,191,342 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\nur10.jpg
[2010.11.08 08:15:06 | 001,606,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.08 01:16:48 | 000,058,727 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Konzept Veranstaltungskalender_v0.3(at).docx
[2010.11.07 17:54:38 | 063,363,736 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\PowerPointViewer2010.exe
[2010.11.06 21:26:58 | 000,008,535 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Daten-DVDanamusic.cdm
[2010.11.06 20:47:46 | 004,065,408 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\(Track- 01) Yeah Yeah Yeahs - Phenomena.mp3
[2010.11.06 19:19:44 | 003,657,856 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\(Track- 14) Little Big Town - Bones.mp3
[2010.11.06 19:15:56 | 002,781,312 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\(Track- 02) Beck - Timebomb.mp3
[2010.11.06 19:13:04 | 004,024,448 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\(Track- 09) Johnny Hazzard - Deeper Into You.mp3
[2010.11.06 17:13:38 | 002,218,112 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube        - 'OMG' - Usher Acoustic (cover).mp3
[2010.11.06 17:11:20 | 002,910,336 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube        - M ward- howlin for my baby- true blood soundtrack season 2.mp3
[2010.11.06 17:08:20 | 003,287,168 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube        - Vallejo-Snake in the grass.mp3
[2010.11.06 17:04:56 | 003,278,976 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube        - True Blood Snake In the Grass Vampires.mp3
[2010.11.06 17:01:32 | 003,674,240 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube        - True Blood ~ Bones.mp3
[2010.11.06 16:57:42 | 006,563,968 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube        - True Blood - Sookie_Bill_Eric - Knock me out.mp3
[2010.11.06 16:32:40 | 003,086,464 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube        - The Datsuns - Harmonic Generator.mp3
[2010.11.06 16:29:28 | 003,596,416 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube        - OneRepublic - Secrets (Official Music video).mp3
[2010.11.06 16:27:52 | 009,805,952 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube        - Best House Music & Electro Music 1.mp3
[2010.11.06 16:04:12 | 006,919,741 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\15 Radioactive (Choir Remix).mp3
[2010.11.06 15:56:26 | 008,273,433 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\01 The End.mp3
[2010.11.06 15:52:02 | 006,761,146 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\02 Radioactive.mp3
[2010.11.06 15:48:36 | 008,390,715 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\13 Pickup Truck.mp3
[2010.11.06 15:43:50 | 009,491,381 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\14 Celebration.mp3
[2010.11.06 15:38:38 | 005,613,263 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\10 Pony Up.mp3
[2010.11.06 15:32:04 | 003,627,136 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Far East Movement - Like A G6 ft. The Cataracs. Dev.mp3
[2010.11.06 11:18:02 | 003,780,736 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\'Bad Romance' - Lady Gaga Acoustic (cover).mp3
[2010.11.05 19:09:40 | 000,400,889 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\anhaenge_05_11_2010.zip
[2010.11.05 18:09:44 | 000,395,223 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Scribbles UI Veranstaltungskalender v2.pptx
[2010.11.05 18:09:44 | 000,059,683 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Konzept Veranstaltungskalender_v0.3.docx
[2010.10.27 01:07:52 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Urlaubsliste(businesstrip).xls
[2010.10.26 00:33:02 | 007,346,552 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\07 Back Down South.mp3
[2010.10.26 00:32:38 | 005,857,165 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\09 No Money.mp3
[2010.10.26 00:30:02 | 006,485,651 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\05 The Face.mp3
[2010.10.26 00:29:26 | 006,015,161 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\11 Birthday.mp3
[2010.10.26 00:20:18 | 006,738,406 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\06 The Immortals.mp3
[2010.10.26 00:20:12 | 007,084,425 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\04 Mary.mp3
[2010.10.26 00:17:42 | 007,308,487 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\03 Pyro.mp3
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.21 20:41:17 | 000,000,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 19:59:05 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\virus.jpg
[2010.11.21 19:58:30 | 000,041,897 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bildv.jpg
[2010.11.19 10:45:01 | 044,151,368 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\avira_antivir_personal_de.exe
[2010.11.08 20:07:03 | 000,191,342 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\nur10.jpg
[2010.11.07 12:56:57 | 000,058,727 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Konzept Veranstaltungskalender_v0.3(at).docx
[2010.11.07 12:56:23 | 000,395,223 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Scribbles UI Veranstaltungskalender v2.pptx
[2010.11.07 12:56:23 | 000,059,683 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Konzept Veranstaltungskalender_v0.3.docx
[2010.11.06 21:26:56 | 000,008,535 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Daten-DVDanamusic.cdm
[2010.11.06 16:26:06 | 009,805,952 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube        - Best House Music & Electro Music 1.mp3
[2010.11.06 11:25:45 | 003,627,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Far East Movement - Like A G6 ft. The Cataracs. Dev.mp3
[2010.11.06 11:20:42 | 002,218,112 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\YouTube        - 'OMG' - Usher Acoustic (cover).mp3
[2010.11.06 11:17:13 | 003,780,736 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\'Bad Romance' - Lady Gaga Acoustic (cover).mp3
[2010.11.05 19:09:39 | 000,400,889 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\anhaenge_05_11_2010.zip
[2010.10.26 00:37:06 | 008,390,715 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\13 Pickup Truck.mp3
[2010.10.26 00:32:29 | 006,919,741 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\15 Radioactive (Choir Remix).mp3
[2010.10.26 00:31:55 | 005,613,263 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\10 Pony Up.mp3
[2010.10.26 00:30:50 | 009,491,381 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\14 Celebration.mp3
[2010.10.26 00:30:31 | 005,857,165 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\09 No Money.mp3
[2010.10.26 00:30:14 | 007,346,552 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\07 Back Down South.mp3
[2010.10.26 00:29:27 | 006,485,651 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\05 The Face.mp3
[2010.10.26 00:28:44 | 006,015,161 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\11 Birthday.mp3
[2010.10.26 00:19:16 | 006,738,406 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\06 The Immortals.mp3
[2010.10.26 00:19:03 | 007,084,425 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\04 Mary.mp3
[2010.10.26 00:16:45 | 007,308,487 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\03 Pyro.mp3
[2010.10.25 23:29:38 | 006,761,146 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\02 Radioactive.mp3
[2010.10.25 23:29:33 | 008,273,433 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\01 The End.mp3
[2010.05.19 20:57:26 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\plugcach.fon
[2009.03.26 19:56:34 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.01.19 08:12:01 | 004,762,112 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
[2009.01.19 08:12:01 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.01.19 08:12:01 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009.01.12 00:15:01 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.03.20 22:17:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008.01.20 15:41:18 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007.12.15 15:45:25 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2007.12.15 15:45:24 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2007.12.15 15:44:42 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007.12.13 02:07:52 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.12.09 23:34:44 | 000,000,356 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2007.12.06 23:11:36 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2007.12.06 23:11:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.12.06 22:00:32 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007.12.03 23:49:16 | 000,166,912 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.03 22:42:57 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.12.03 15:04:08 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2007.12.03 14:58:57 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007.12.03 14:58:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2007.12.03 14:52:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2007.12.03 14:52:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2007.12.03 14:52:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2007.12.03 14:52:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2007.12.03 14:52:11 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2007.12.03 14:51:37 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.12.03 14:42:12 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2007.12.03 14:42:03 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.12.03 14:42:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.12.03 14:42:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.12.03 14:41:59 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.12.03 14:41:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.12.14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005.12.02 14:14:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.11.29 13:12:38 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.10.31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005.03.27 23:45:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2005.02.15 03:57:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.02.15 03:06:48 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.02.15 03:05:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.02.15 03:05:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.02.15 03:05:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.02.15 03:05:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.02.14 12:07:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.12.17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004.08.04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.02.13 13:49:44 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

< End of report >
         
--- --- ---


OTL - File 2 - Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.11.2010 21:53:00 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 127,00 Mb Available Physical Memory | 12,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 3106 3299 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 44,37 Gb Total Space | 0,35 Gb Free Space | 0,78% Space Free | Partition Type: FAT32
Drive D: | 44,86 Gb Total Space | 1,77 Gb Free Space | 3,95% Space Free | Partition Type: FAT32
Drive F: | 6,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ACER-917A74570E | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Acer\Acer Arcade\PCMService.exe" = C:\Programme\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Programme\CREEO\IcyTV Trial\IcyTV.exe" = C:\Programme\CREEO\IcyTV Trial\IcyTV.exe:*:Enabled:Watch digital television -- File not found
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\WINDOWS\System32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\System32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner -- ()
"C:\Programme\Joost\xulrunner\tvprunner.exe" = C:\Programme\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner -- File not found
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player  -- File not found
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9811A185-3D3D-11D6-9E14-00036D172B00}" = Adobe MPEG Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"3ConnectivityWizard" = 3 Connectivity Wizard
"3DataManager" = Mein 3DataManager
"3GP Player_is1" = 3GP Player 2008
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"Accessibility Toolbar_is1" = Web Accessibility Toolbar 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Premiere 6.5" = Adobe Premiere 6.5
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"America Online de" = AOL Deutschland
"AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner
"AOLCoach de" = AOL Coach Version 1.0(Build:20040229.1 de)
"Ask Toolbar_is1" = Ask Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlazeDTV 2.1_is1" = BlazeDTV 2.1
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 5.0.0.594
"CamStudio" = CamStudio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ePresentation" = Acer ePresentation Management
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"FreePDF_XP" = FreePDF XP (Remove only)
"Freez FLV to MP3 Converter V1.2_is1" = Freez FLV to MP3 Converter
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.61
"GridVista" = Acer GridVista
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikogo" = Mikogo
"Mobiola Screen Capture for S60_is1" = Mobiola Screen Capture for S60 3.0.7
"morpher" = Morpher
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSNINST" = MSN
"MWSnap 3" = MWSnap 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ORA 1.9.4.4" = ORA
"Picasa 3" = Picasa 3
"ProInst" = Intel(R) PROSet/Wireless Software
"QcDrv" = Logitech® Camera-Treiber
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"SequoiaView" = SequoiaView
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SWFPlayer_is1" = SWFPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Task Killer" = Task Killer (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Xfire" = Xfire (remove only)
"XMind" = XMind
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"HappyFoto Bestellsoftware" = HappyFoto Bestellsoftware
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.11.2010 03:13:12 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description = 
 
Error - 23.11.2010 03:29:29 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description = 
 
Error - 23.11.2010 13:53:37 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description = 
 
Error - 23.11.2010 14:03:40 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description = 
 
Error - 23.11.2010 14:29:09 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description = 
 
Error - 23.11.2010 15:03:39 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description = 
 
Error - 23.11.2010 15:29:10 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description = 
 
Error - 23.11.2010 16:03:41 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description = 
 
Error - 23.11.2010 16:29:09 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description = 
 
Error - 23.11.2010 17:03:39 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 21.11.2010 17:49:18 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   abp480n5  adpu160m  agp440  agpCPQ  Aha154x  aic78u2  aic78xx  AliIde  alim1541  amdagp  amsint  asc  asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
 
Error - 22.11.2010 12:38:08 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 22.11.2010 12:38:21 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 22.11.2010 16:07:17 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 22.11.2010 16:07:32 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 22.11.2010 17:15:14 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 22.11.2010 17:15:30 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 22.11.2010 18:26:09 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 23.11.2010 02:59:31 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 23.11.2010 13:53:38 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
 
< End of report >
         
--- --- ---


Was meint ihr dazu?
Danke für die Antwort
LG Kaya
__________________

Alt 24.11.2010, 09:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Hat Malwarebytes tatsächlich nichts mehr gefunden nach dem ersten Quickscan?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.11.2010, 18:12   #5
kaya83
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Nein, der erfolgreiche Full Scan hat nichts mehr gezeigt.

Was mir allerdings aufgefallen ist, bevor der Full Scan gelang:
Bei einem versuchten Full Scan Durchlauf ist das typische Problem wieder aufgetreten, dass alles einfriert, Teile verschwinden und nichts funktioniert.
Ich konnte allerdings noch sehen, dass eine infizierte Datei namens faxsetup.log im Verzeichnis c/windows als infected angezeigt wurde, musste Laptop aber neu starten und im Log war nichts zu sehen, vermutlich da Scan nicht ganz ausgeführt wurde.
Habe daraufhin diese Datei im Explorer nochmal einzeln mit Rechtsklick und Malwarebytes gescannt, hier gab es dann aber keine infected Ergebnisse dazu. Habe es dennoch unten im Code gepostet.

Welche Möglichkeiten habe ich jetzt noch?
Danke fürs Antworten und ansehen,
LG Kaya





HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5173

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.11.2010 08:06:09
mbam-log-2010-11-23 (08-06-09).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Alt 24.11.2010, 19:41   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.02.15 03:06:22 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.01.03 18:40:11 | 000,000,051 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{021c1105-4f98-11dd-b896-00038a000015}\Shell\AutoRun\command - "" = K:\Setup.exe -- File not found
O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0bc77210-03ad-11df-bbe5-001302078cf7}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell - "" = AutoRun
O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\Shell - "" = Autorun
O33 - MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\Shell\downloadsb\command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{6b708f58-f88b-11de-bbd4-001302078cf7}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell - "" = AutoRun
O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.04.04 20:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
[2010.11.21 12:42:28 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2010.11.03 18:03:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> Schriften verschwinden, System reagiert nicht mehr

Alt 25.11.2010, 07:07   #7
kaya83
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Hallo,
Danke für das OTL File.
Ich habe die Anweisungen durchgeführt. Unten der Log.

Zusätzliche Infos:
1) Bei Abschluss öffnete sich ein Fenster zum Bestätigen, darin war nur ein Bindestrich "-" zu sehen und der OK Button. (dh. Vorgang wurde evtl. nicht beendet oder unterbrochen?), nach Bestätigung wurde neu gestartet und ich erhielt das Log-File.
2) Ich habe gestern auch selbst aus windows/temp ordner die größten Dateien gelöscht und einige Programme, weil fast kein Platz mehr auf Festplatte war.

Danke, LG Kaya

HTML-Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{021c1105-4f98-11dd-b896-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{021c1105-4f98-11dd-b896-00038a000015}\ not found.
File K:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0609c264-8c22-11dd-b902-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0609c264-8c22-11dd-b902-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0609c264-8c22-11dd-b902-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0609c264-8c22-11dd-b902-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bc77210-03ad-11df-bbe5-001302078cf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bc77210-03ad-11df-bbe5-001302078cf7}\ not found.
File G:\Get_Started_for_Win.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d4-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d4-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d4-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d4-11e7-11dd-b836-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d5-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d5-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd175d5-11e7-11dd-b836-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bd175d5-11e7-11dd-b836-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a9eee66-81bd-11dd-b8ea-001302078cf7}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e00-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e00-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e00-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e00-8703-11dd-b8f7-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e01-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e01-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f590e01-8703-11dd-b8f7-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f590e01-8703-11dd-b8f7-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{389c63ae-b816-11df-bd0e-001302078cf7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{389c63ae-b816-11df-bd0e-001302078cf7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{389c63ae-b816-11df-bd0e-001302078cf7}\ not found.
Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b708f58-f88b-11de-bbd4-001302078cf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b708f58-f88b-11de-bbd4-001302078cf7}\ not found.
File F:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98d3c6b6-11e1-11dd-b834-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98d3c6b6-11e1-11dd-b834-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98d3c6b6-11e1-11dd-b834-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98d3c6b6-11e1-11dd-b834-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3e0e3b-8c80-11dd-b903-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad1d7710-2224-11de-ba12-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad1d7710-2224-11de-ba12-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad1d7710-2224-11de-ba12-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad1d7710-2224-11de-ba12-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae6ccc46-56cd-11de-ba76-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae6ccc46-56cd-11de-ba76-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae6ccc46-56cd-11de-ba76-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae6ccc46-56cd-11de-ba76-00038a000015}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfbe4a48-23a3-11de-ba19-ad4408af79f8}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7aa2781-8caa-11dd-b904-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7aa2781-8caa-11dd-b904-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7aa2781-8caa-11dd-b904-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7aa2781-8caa-11dd-b904-00038a000015}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
C:\FOUND.003 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong\Data folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 500224 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2931590 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14471998 bytes
 
User: ***
->Temp folder emptied: 387768552 bytes
->Temporary Internet Files folder emptied: 244823989 bytes
->Java cache emptied: 116325213 bytes
->FireFox cache emptied: 87060064 bytes
->Opera cache emptied: 3373558 bytes
->Flash cache emptied: 70233 bytes
 
User: Gast
 
User: ***
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 289905 bytes
%systemroot%\System32 .tmp files removed: 5933959 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Windows Temp folder emptied: 58053680 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 879,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 11242010_234102

Files\Folders moved on Reboot...
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 25.11.2010, 12:28   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.11.2010, 21:33   #9
kaya83
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Hi,
Danke für super Anleitung, Anweisungen hab ich ausgeführt.
Anbei das Logfile unten.

Zusätzliche Infos:
2 Fehlermeldungen tauchten auf gegen Ende des Scans:
FM 1) hab nicht genau aufgeschrieben, etwas mit: unable to create registry file log
FM 2) lautete: "Error restoring C:/Windows/erdnt/subs software to C:WINDOWS/System32/config/Software
Continue with next file?
RegReplaceKey: 1450-Nicht genügend Systemressourcen um angeforderten Dienst auszuführen"

LG Kaya

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-11-24.04 - *** 25.11.2010  21:23:53.1.2 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.586 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programme\WinPCap
c:\programme\WinPCap\daemon_mgm.exe
c:\programme\WinPCap\npf_mgm.exe
c:\programme\WinPCap\rpcapd.exe
c:\windows\fix.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


(((((((((((((((((((((((   Dateien erstellt von 2010-10-25 bis 2010-11-25  ))))))))))))))))))))))))))))))
.

2010-11-25 18:17 . 2010-11-25 18:17	--------	d-----w-	c:\programme\CCleaner
2010-11-24 22:41 . 2010-11-24 22:41	--------	d-----w-	C:\_OTL
2010-11-24 19:45 . 2010-11-24 19:45	--------	d-----w-	c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Apple
2010-11-22 19:45 . 2010-11-22 19:45	--------	d-----w-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp
2010-11-21 19:41 . 2010-11-21 19:41	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-11-21 19:41 . 2010-04-29 11:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-21 19:41 . 2010-11-21 19:41	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-11-21 19:41 . 2010-04-29 11:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-21 19:40 . 2010-11-21 19:41	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-11-19 17:46 . 2010-11-19 17:46	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Avira

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 18:15 . 2009-12-18 07:56	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-19 18:06 . 2009-12-18 07:56	126856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-09-18 11:22 . 2004-08-04 04:00	974848	----a-w-	c:\windows\system32\mfc42u.dll
2010-09-18 07:52 . 2004-08-04 04:00	974848	----a-w-	c:\windows\system32\mfc42.dll
2010-09-18 07:52 . 2004-08-04 04:00	954368	----a-w-	c:\windows\system32\mfc40.dll
2010-09-18 07:52 . 2004-08-04 04:00	953856	----a-w-	c:\windows\system32\mfc40u.dll
2010-09-10 06:47 . 2004-08-04 04:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-09-10 06:47 . 2004-08-04 04:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-10 06:47 . 2004-08-04 04:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2010-09-01 12:50 . 2004-08-04 04:00	285824	----a-w-	c:\windows\system32\atmfd.dll
2010-09-01 08:54 . 2004-08-04 04:00	1852928	----a-w-	c:\windows\system32\win32k.sys
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\programme\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\programme\mozilla firefox\plugins\ssldivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\programme\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\programme\opera\program\plugins\ssldivx.dll
2009-10-03 14:39 . 2009-10-03 14:39	119808	----a-w-	c:\programme\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-11-03 17:04	2735200	----a-w-	c:\programme\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-11-03 2735200]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 02:19	94208	----a-w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 02:19	94208	----a-w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 02:19	94208	----a-w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\programme\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\programme\Acer\Acer Arcade\PCMService.exe" [2005-12-13 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-03 7393280]
"nwiz"="nwiz.exe" [2006-01-03 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-01-03 86016]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-01-09 589824]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2010-03-27 149280]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-12-15 185896]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-11-10 417792]
"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-03 30192]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-19 281768]
"HTC Sync Loader"="c:\programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-08-18 249856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-24 113664]
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-3-23 295606]
Adobe Reader Synchronizer.lnk - c:\programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 13:44	196608	----a-w-	c:\programme\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 14:24	458752	----a-w-	c:\programme\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 14:14	217088	----a-w-	c:\programme\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08	417792	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-12-19 13:52	15797248	----a-w-	c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-12-15 10:14	185896	----a-w-	c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"AWService"=2 (0x2)
"WLSetupSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Dokumente und Einstellungen\\***\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.12.2009 08:56 135336]
R2 GTFlashSwitch;GtFlashSwitch Service;c:\programme\3ConnectivityWizard\Drivers\Automatic\Option Globesurfer Icon\GtFlashSwitch.exe [28.09.2008 21:34 123208]
S2 gupdate1ca5cc4eb1b22d0;Google Update Service (gupdate1ca5cc4eb1b22d0);c:\programme\Google\Update\GoogleUpdate.exe [03.11.2009 21:31 133104]
S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [20.01.2008 12:40 133504]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [03.10.2009 15:39 30192]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [16.10.2010 10:01 24576]
S3 NTGUARD;NTGUARD;\??\c:\programme\a1internetsecurity\bin\NTGUARD.SYS --> c:\programme\a1internetsecurity\bin\NTGUARD.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-03 20:31]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-03 20:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandenes PDF anfügen - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {7875C5B7-79D3-4F12-9113-346355AC6FB9} = 213.94.78.17 213.94.78.16
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\675o74a3.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000004.dll
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programme\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programme\Opera\program\plugins\np_gp.dll
FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-ACER-917A74570E - c:\windows\SYSTEM32\ACER-917A74570E.vbs
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AOLDialer - c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
MSConfigStartUp-mRouterConfig - c:\programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
MSConfigStartUp-PC Suite for Smartphones - c:\programme\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
MSConfigStartUp-swg - c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-25 21:51
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3392460284-2625656429-3545236937-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:86,96,36,f5,7d,3e,2a,0d,46,f2,fa,2d,b1,14,58,89,60,8e,01,3b,76,50,e9,
   2a,4e,5a,1f,65,0c,d0,30,41,12,24,ed,37,d8,1c,1d,a9,16,15,e2,55,ae,28,43,c0,\
"??"=hex:f5,9e,f5,2c,44,71,79,ea,6e,0a,ab,98,d0,e1,76,8d
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(1520)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSDE.DLL
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\dokumente und einstellungen\***\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-25  22:00:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-11-25 21:00

Vor Suchlauf: 8.906.178.560 Bytes frei
Nach Suchlauf: 8.865.382.400 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - C3A0CFDD9B1745A6FB9C7B73869DF520
         
--- --- ---

Alt 26.11.2010, 18:14   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Zitat:
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
ZA bringt nichts, deinstalliert es und verwende die Windows-Firewall. Sag Bescheid wenn ZA deinstalliert wurde.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.11.2010, 14:53   #11
kaya83
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Hi,
Ja, danke. Zonealarm ist deinstalliert, Windows Firewall aktiviert,
Das Problem, dass Schriften verschwinden, danach Interface-Teile verschwinden und das System kurz darauf gar nicht mehr reagiert, ist noch immer vorhanden.
LG, Kaya

Alt 27.11.2010, 16:11   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.11.2010, 22:44   #13
kaya83
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Hi,
Vielen Dank alle Scans durchgeführt.
Anbei die 3 Logfiles,

thx, lg Kaya

Zusätzliche Infos:

ad GER: habe scan durchgeführt.
hier wurden im Abschnitt Files alte dateien aus einem Ordner angezeigt (ein Studien-Projekt aus 2008 ca 50 KB bestehend aus jpgs, gifs, css-files)
Da nicht mehr benötigt, wollte ich sie löschen,
was vorerst nicht gelang (zu langer oder unzulässiger Dateiname). Habe sie dann mit Programm "unlocker" entfernt.
Das Log des zweiten Scans nach der Löschung habe ich gepostet. Hier befindet sich kein Abschnitt Files mehr.

ad MRBCheck.exe:
Auf die Meldung "Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: " habe ich mit N geantwortet.


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-27 22:25:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS021G
Running: ik6zw7k6.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\kgnyraow.sys


---- System - GMER 1.0.15 ----

SSDT            F7AB605E                                                                                         ZwCreateKey
SSDT            F7AB6054                                                                                         ZwCreateThread
SSDT            F7AB6063                                                                                         ZwDeleteKey
SSDT            F7AB606D                                                                                         ZwDeleteValueKey
SSDT            F7AB6072                                                                                         ZwLoadKey
SSDT            F7AB6040                                                                                         ZwOpenProcess
SSDT            F7AB6045                                                                                         ZwOpenThread
SSDT            F7AB607C                                                                                         ZwReplaceKey
SSDT            F7AB6077                                                                                         ZwRestoreKey
SSDT            F7AB6068                                                                                         ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                         section is writeable [0xF6D56380, 0x216F6D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\Explorer.EXE[2460] SHELL32.dll!SHFileOperationW                                       7E7208E4 5 Bytes  JMP 02BC1102 C:\Programme\Unlocker\UnlockerHook.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\Cdrom \Device\CdRom0                                                                     OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device          \Driver\Cdrom \Device\CdRom1                                                                     OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                         OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a48efb47                      
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0014a48efb47 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
--- --- ---


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:38:41 on 27.11.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BTCPL.CPL" - "Broadcom Corporation." - C:\WINDOWS\system32\BTCPL.CPL
"CAMCPL.CPL" - "Logitech Inc." - C:\WINDOWS\system32\CAMCPL.CPL
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"JAVACPL.CPL" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\JAVACPL.CPL
"NVTUICPL.CPL" - "NVIDIA Corporation" - C:\WINDOWS\system32\NVTUICPL.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Version Cue CS3" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer EPM Power Scheme Driver" (EpmPsd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-psd.sys
"Acer EPM System Hardware Driver" (EpmShd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-shd.sys
"Acer NetMonitor Protocol" (NETMNT) - ? - C:\WINDOWS\System32\DRIVERS\NETMNT.sys  (File found, but it contains no detailed information)
"AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys
"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys
"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"Intel(R) PRO/Wireless 3945ABG Adapter Driver" (w39n51) - "Intel® Corporation" - C:\WINDOWS\System32\DRIVERS\w39n51.sys
"kgnyraow" (kgnyraow) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\kgnyraow.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Logitech AEC Driver" (LVcKap) - ? - C:\WINDOWS\System32\DRIVERS\LVcKap.sys  (File not found)
"Logitech LVPr2Mon Driver" (LVPr2Mon) - ? - C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys  (File not found)
"Logitech Machine Vision Engine Loader" (LVMVDrv) - ? - C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys  (File not found)
"NTGUARD" (NTGUARD) - ? - C:\Programme\a1internetsecurity\bin\NTGUARD.SYS  (File not found)
"OSA NdisFilter Protocol" (NdisFilt) - "OSA Technologies" - C:\WINDOWS\System32\Drivers\NdisFilt.sys
"OsaFsLoc" (OsaFsLoc) - "OSA Technologies" - C:\WINDOWS\system32\drivers\OsaFsLoc.sys
"osaio" (osaio) - "OSA Technologies, An Avocent Company" - C:\WINDOWS\system32\drivers\osaio.sys
"osanbm" (osanbm) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\osanbm.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - ? - "C:\Programme\WinPcap\rpcapd.exe" -d -f "C:\Programme\WinPcap\rpcapd.ini"  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"UBHelper" (UBHelper) - ? - C:\WINDOWS\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Datei-Manager" - ? -   (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "Eigene Logitech-Bilder" - "Logitech Inc." - C:\Programme\Logitech\Video\Namespc2.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - "Acer Labs USA" - C:\WINDOWS\system32\epm-po.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? -   (File not found | COM-object registry key not found)
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Web Accessibility Toolbar" - "Web Accessibility Tools Consortium" - C:\Programme\Accessibility_Toolbar\Accessibility_Toolbar.dll
<binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} "Java Plug-in 1.4.2_15" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\Java\j2re1.4.2_15\bin\npjpi142_15.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\WINDOWS\system32\ToolBand.dll
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
<binary data> "Web Accessibility Toolbar" - "Web Accessibility Tools Consortium" - C:\Programme\Accessibility_Toolbar\Accessibility_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe  (Shortcut exists | File exists)
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"Adobe Reader Synchronizer.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe  (Shortcut exists | File exists)
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\DESKTOP.INI
"Dropbox.lnk" - ? - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Value Labs, Taiwan" - C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"ADMTray.exe" - "Avocent Inc." - "C:\Acer\Empowering Technology\admtray.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe_ID0EYTHM" - "Adobe Systems Incorporated" - C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"AzMixerSel" - "Realtek Semiconductor Corp." - C:\Programme\Realtek\InstallShield\AzMixerSel.exe
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"ePower_DMC" - "Acer Incorporated" - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
"eRecoveryService" - "acer Inc." - C:\Acer\Empowering Technology\eRecovery\Monitor.exe
"FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe
"Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HTC Sync Loader" - ? - "C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"LVCOMSX" - "Logitech Inc." - C:\WINDOWS\system32\LVCOMSX.EXE
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"PCMService" - "CyberLink Corp." - "C:\Programme\Acer\Acer Arcade\PCMService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"UnlockerAssistant" - ? - "C:\Programme\Unlocker\UnlockerAssistant.exe"  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Bullzip PDF Print Monitor" - "BullZip" - C:\WINDOWS\system32\bzpdf.dll
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Version Cue CS3 {de_DE} " (Adobe Version Cue CS3) - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca5cc4eb1b22d0)" (gupdate1ca5cc4eb1b22d0) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GtFlashSwitch Service" (GTFlashSwitch) - "OptionNV" - C:\Programme\3ConnectivityWizard\Drivers\Automatic\Option Globesurfer Icon\GTFlashSwitch.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"Process Monitor" (LVPrcSrv) - ? - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe  (File not found)
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/HTML]

HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Home Edition
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000003c

Kernel Drivers (total 195):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xF7992000 \WINDOWS\system32\KDCOM.DLL
  0xF78A2000 \WINDOWS\system32\BOOTVID.dll
  0xF7362000 ACPI.sys
  0xF7994000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF7351000 pci.sys
  0xF7492000 isapnp.sys
  0xF74A2000 ohci1394.sys
  0xF74B2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF78A6000 compbatt.sys
  0xF78AA000 \WINDOWS\system32\DRIVERS\BATTC.SYS
  0xF7A5A000 pciide.sys
  0xF7712000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7996000 aliide.sys
  0xF7998000 intelide.sys
  0xF799A000 toside.sys
  0xF799C000 viaide.sys
  0xF799E000 cmdide.sys
  0xF7333000 pcmcia.sys
  0xF74C2000 MountMgr.sys
  0xF7314000 ftdisk.sys
  0xF78AE000 ACPIEC.sys
  0xF7A5B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
  0xF771A000 PartMgr.sys
  0xF78B2000 UBHelper.sys
  0xF74D2000 VolSnap.sys
  0xF78B6000 cpqarray.sys
  0xF72FC000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
  0xF72E4000 atapi.sys
  0xF78BA000 aha154x.sys
  0xF7722000 sparrow.sys
  0xF78BE000 symc810.sys
  0xF74E2000 aic78xx.sys
  0xF78C2000 dac960nt.sys
  0xF74F2000 ql10wnt.sys
  0xF78C6000 amsint.sys
  0xF772A000 asc.sys
  0xF78CA000 asc3550.sys
  0xF7732000 mraid35x.sys
  0xF773A000 i2omp.sys
  0xF78CE000 ini910u.sys
  0xF7502000 ql1240.sys
  0xF7512000 aic78u2.sys
  0xF7742000 symc8xx.sys
  0xF774A000 sym_hi.sys
  0xF7752000 sym_u3.sys
  0xF775A000 ABP480N5.SYS
  0xF7762000 asc3350p.sys
  0xF79A0000 cd20xrnt.sys
  0xF7522000 ultra.sys
  0xF72CB000 adpu160m.sys
  0xF776A000 dpti2o.sys
  0xF7532000 ql1080.sys
  0xF7542000 ql1280.sys
  0xF7552000 ql12160.sys
  0xF7772000 perc2.sys
  0xF79A2000 perc2hib.sys
  0xF777A000 hpn.sys
  0xF78D2000 cbidf2k.sys
  0xF729F000 dac2w2k.sys
  0xF7562000 disk.sys
  0xF7572000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF727F000 fltmgr.sys
  0xF726D000 sr.sys
  0xF7582000 PxHelp20.sys
  0xF7249000 Fastfat.sys
  0xF7232000 KSecDD.sys
  0xF7205000 NDIS.sys
  0xF7592000 sisagp.sys
  0xF75A2000 viaagp.sys
  0xF71EB000 Mup.sys
  0xF75B2000 agp440.sys
  0xF75C2000 alim1541.sys
  0xF75D2000 amdagp.sys
  0xF75E2000 agpCPQ.sys
  0xF7602000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF7956000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0xF6D56000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF6D42000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF6D1A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF6CF7000 \SystemRoot\system32\DRIVERS\b57xp32.sys
  0xF6B9A000 \SystemRoot\system32\DRIVERS\w39n51.sys
  0xF77EA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF6B76000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF77F2000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF7612000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xF7622000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
  0xF6B62000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0xF6B4F000 \SystemRoot\system32\DRIVERS\ESM7SK.sys
  0xF7632000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
  0xF796A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0xF7642000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF77FA000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0xF7802000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF6AF8000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0xF79A6000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF780A000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7652000 \SystemRoot\system32\DRIVERS\smcirda.sys
  0xF796E000 \SystemRoot\system32\DRIVERS\irenum.sys
  0xF7662000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF7672000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF7682000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF6A35000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF79A8000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0xF6968000 \SystemRoot\system32\DRIVERS\btkrnl.sys
  0xF7BBC000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF7812000 \SystemRoot\system32\DRIVERS\rasirda.sys
  0xF781A000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF76E2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF797E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF6951000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF76F2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF7702000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF6940000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF71DB000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF7822000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF782A000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF71CB000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF79AA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF68E2000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7986000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF71BB000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF44AC000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xF4488000 \SystemRoot\system32\drivers\portcls.sys
  0xF719B000 \SystemRoot\system32\drivers\drmk.sys
  0xF4452000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
  0xF435E000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
  0xF42AD000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xF7832000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF717B000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF70FF000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xF784A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7852000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xF79B0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7AAA000 \SystemRoot\System32\Drivers\Null.SYS
  0xF79B2000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7862000 \SystemRoot\System32\drivers\vga.sys
  0xF79B4000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF79B6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF786A000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7872000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF70EB000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF4162000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF4109000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF40E1000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF40BB000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF4099000 \SystemRoot\System32\drivers\afd.sys
  0xF6AE8000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF787A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xF406E000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF6B43000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
  0xF3FD6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF6AD8000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF6AC8000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF6AB8000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xF3FB3000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF3F9D000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
  0xF79BA000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xF7882000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xF6A98000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xF3F85000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF79BC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF68CA000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF788A000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7AFB000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xBA573000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xBA534000 \SystemRoot\system32\DRIVERS\WudfPf.sys
  0xF7892000 \SystemRoot\system32\DRIVERS\AegisP.sys
  0xBA42E000 \SystemRoot\system32\DRIVERS\irda.sys
  0xBA588000 \SystemRoot\system32\DRIVERS\s24trans.sys
  0xBA553000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB99D1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xF789A000 \??\C:\WINDOWS\system32\drivers\btserial.sys
  0xF7B9B000 \??\C:\WINDOWS\system32\drivers\epm-psd.sys
  0xB97DD000 \??\C:\WINDOWS\system32\drivers\epm-shd.sys
  0xB9728000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB98A9000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB98F1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xB9685000 \SystemRoot\system32\DRIVERS\srv.sys
  0xF7A26000 \??\C:\WINDOWS\system32\drivers\osaio.sys
  0xF7B41000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
  0xB89BF000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB88E6000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xB74A8000 \??\C:\DOKUME~1\***\LOKALE~1\Temp\kgnyraow.sys
  0xB747D000 \SystemRoot\system32\drivers\kmixer.sys
  0xB92A6000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xB6C3B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xB9446000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xB87F8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x7C910000 \WINDOWS\System32\ntdll.dll

Processes (total 66):
       0 System Idle Process
       4 System
     796 C:\WINDOWS\System32\SMSS.EXE
     856 CSRSS.EXE
     884 C:\WINDOWS\System32\WINLOGON.EXE
     932 C:\WINDOWS\System32\SERVICES.EXE
     944 C:\WINDOWS\System32\LSASS.EXE
    1132 C:\WINDOWS\System32\SVCHOST.EXE
    1212 SVCHOST.EXE
    1256 C:\WINDOWS\System32\SVCHOST.EXE
    1300 C:\WINDOWS\System32\SVCHOST.EXE
    1344 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    1396 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    1520 SVCHOST.EXE
    1596 SVCHOST.EXE
    1960 C:\WINDOWS\System32\SPOOLSV.EXE
    2004 C:\Programme\Avira\AntiVir Desktop\SCHED.EXE
     140 SVCHOST.EXE
     276 C:\Programme\Avira\AntiVir Desktop\AVGUARD.EXE
     300 C:\Programme\Bonjour\mDNSResponder.exe
     344 SVCHOST.EXE
     388 C:\Programme\WIDCOMM\Bluetooth Software\BIN\BTWDINS.EXE
     412 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
     576 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
     628 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
     652 C:\Programme\3ConnectivityWizard\Drivers\Automatic\Option Globesurfer Icon\GtFlashSwitch.exe
     708 C:\Programme\Avira\AntiVir Desktop\AVSHADOW.EXE
     752 C:\Programme\Java\JRE6\BIN\JQS.EXE
     108 C:\WINDOWS\System32\NVSVC32.EXE
    1164 C:\WINDOWS\System32\HPZipm12.exe
    1308 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    1464 C:\Programme\CyberLink\Shared Files\RichVideo.exe
    1720 C:\WINDOWS\System32\SVCHOST.EXE
     956 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    2264 wmiprvse.exe
    2460 C:\WINDOWS\EXPLORER.EXE
    2796 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    2864 C:\Programme\Acer\Acer Arcade\PCMService.exe
    3044 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    3056 C:\WINDOWS\System32\RUNDLL32.EXE
    3068 C:\WINDOWS\System32\RUNDLL32.EXE
    3080 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    3108 C:\Programme\Launch Manager\LManager.exe
    3160 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    3212 C:\WINDOWS\System32\LVCOMSX.EXE
    3244 C:\Programme\Java\JRE6\BIN\jusched.exe
    3404 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    3420 C:\Programme\QuickTime\QTTask.exe
    3464 C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    3536 C:\Programme\FreePDF_XP\fpassist.exe
    3552 C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
    3564 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    3600 C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    3632 C:\Programme\Unlocker\UnlockerAssistant.exe
    3644 C:\Programme\Skype\Phone\Skype.exe
    3900 wmiprvse.exe
     536 C:\WINDOWS\System32\WBEM\unsecapp.exe
    2728 ALG.EXE
    2808 C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    2868 C:\WINDOWS\System32\WBEM\wmiapsrv.exe
     996 C:\WINDOWS\System32\RUNDLL32.EXE
    2372 C:\WINDOWS\System32\wscntfy.exe
    3660 C:\Programme\Mozilla Firefox\firefox.exe
    2336 C:\Programme\3DataManager\3DataManager.exe
    1864 C:\WINDOWS\System32\notepad.exe
     192 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00  (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`1223be00  (FAT32)

PhysicalDrive0 Model Number: TOSHIBAMK1032GSX, Rev: AS021G  

      Size  Device Name          MBR Status
  --------------------------------------------
     93 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

Alt 27.11.2010, 23:16   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



Hast Du noch andere Betriebssystem außer WinXP drauf?

Wenn nicht, also WinXP das einzige installierte System ist: Starte den Rechner neu und wähle im Bootmenü die Wiederherstellungskonsole aus.
Tipp dort den Befehl fixmbr ein (dann Enter, mit j bestätigen) danach den Befehl fixboot (dann Enter, mit j bestätigen)
Mit exit (dann enter drücken) wird der Rechner neu gestartet. Führe im normalen Windowsmodus den Bootkit Remover nochmals aus und poste das neue Log.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.11.2010, 23:22   #15
kaya83
 
Schriften verschwinden, System reagiert nicht mehr - Standard

Schriften verschwinden, System reagiert nicht mehr



hi,
Nein, hab ich nicht. Werd das fixmbr mal machen.
noch ne Frage: welches ist der Bootkit Remover?
LG Kaya

Antwort

Themen zu Schriften verschwinden, System reagiert nicht mehr
avira, browser, browsertabs, center, dateien, desktop, einstellungen, firefox, infected, internet, laptop, malwarebytes, microsoft, neustart, problem, reagiert nicht, reagiert nicht mehr, scan, schrift-verschwindet, schutz, screenshot, security, sekunden, software, system, system reagiert nicht, system32, taskleiste, virenschutz, windows



Ähnliche Themen: Schriften verschwinden, System reagiert nicht mehr


  1. Strg/Alt/Ent reagiert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (5)
  2. Windows 7 Reagiert nicht mehr
    Alles rund um Windows - 19.12.2014 (11)
  3. Desktop reagiert nicht mehr
    Log-Analyse und Auswertung - 11.03.2014 (7)
  4. Windows Sicherheitscenter reagiert nicht mehr.Bereinigen nicht möglich
    Log-Analyse und Auswertung - 08.12.2013 (15)
  5. Ständige Ruckler im System - OS reagiert nicht
    Log-Analyse und Auswertung - 06.11.2013 (7)
  6. PC reagiert nicht mehr
    Log-Analyse und Auswertung - 07.10.2013 (3)
  7. tchbn.exe reagiert nicht mehr.
    Log-Analyse und Auswertung - 20.04.2013 (4)
  8. Sicherheitsupdate für Windows lässt Schriften verschwinden
    Nachrichten - 18.12.2012 (0)
  9. PC reagiert ständig nicht mehr ...
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (27)
  10. [doppelt] Gmer Scanner funktioniert nicht! (Fehlermeldung: Programm reagiert nicht mehr...)
    Mülltonne - 10.10.2011 (3)
  11. Laptop reagiert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 31.08.2009 (1)
  12. CD - Rom Laufwerk reagiert nicht mehr
    Alles rund um Windows - 24.05.2008 (2)
  13. Programme verschwinden / lassen sich nicht mehr starten
    Log-Analyse und Auswertung - 15.06.2007 (1)
  14. Windows System Alert will einfach nicht verschwinden
    Log-Analyse und Auswertung - 13.06.2007 (8)
  15. PC reagiert nicht mehr! Virus kann nicht entfernt werden! -WICHTIG-
    Plagegeister aller Art und deren Bekämpfung - 12.02.2007 (9)
  16. PC friert ein und reagiert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 12.02.2007 (8)
  17. Toolbar will nicht mehr verschwinden
    Log-Analyse und Auswertung - 25.02.2005 (2)

Zum Thema Schriften verschwinden, System reagiert nicht mehr - Hallo, Nach 30min-1h verschwindet die Schrift aus Taskleiste, von Browsertabs und Dateien am Desktop, innerhalb von 10 Sekunden reagiert das gesamte System nicht mehr. Ich surfte zu diesem Zeitpunkt immer - Schriften verschwinden, System reagiert nicht mehr...
Archiv
Du betrachtest: Schriften verschwinden, System reagiert nicht mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.