Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/kazy.mekml.1 eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 24.04.2011, 19:19   #1
Seb13
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Hallo liebe Community,

oben genannter Trojaner hält mich seit Freitag auf Trab.
Die Symptome sind wie bereits bei anderen Betroffenen
schwarzer Desktop,
kein Zugriff auf Daten (versteckt)
willkürliches Runterfahren des Netbooks,
div. Festplattenfehlermeldungen


Ich habe als erstes Malware durchlaufen lassen, allerdings quick scan. Danach war der Desktop zumindest wieder blau, die Festplattenfehler werden nicht mehr angezeigt und das Netbook fährt nicht mehr willkührlich runter.
allerdings las ich, das von Euch ein vollständiger Suchlauf empfohlen wird.
Deswegen füge ich beide Logdateien von beiden Malware-Läufen an plus otl. log

Über Unterstützung würde ich mich naturgemäß echt freuen und hoffe, vernünftig in Vorleistung getreten zu sein.

Viele Grüße
Sebastian

PS: ich sehe gerade, dass ich meine emails immer in achtfacher Ausführung im Posteingang habe. Zusammenhang??

Malware quick
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6433

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.04.2011 18:09:09
mbam-log-2011-04-24 (18-08-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156168
Laufzeit: 11 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\dokumente und einstellungen\all users\anwendungsdaten\uvewqxceajwf.exe (Trojan.FakeAlert) -> 3484 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
c:\dokumente und einstellungen\***\startmenü\programme\windows recovery (Trojan.FakeAV) -> No action taken.

Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\uvewqxceajwf.exe (Trojan.FakeAlert) -> No action taken.
c:\dokumente und einstellungen\***\Desktop\windows recovery.lnk (Trojan.FakeAV) -> No action taken.
c:\dokumente und einstellungen\***\startmenü\programme\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> No action taken.
c:\dokumente und einstellungen\***\startmenü\programme\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> No action taken.
         
Malware vollständig
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6433

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.04.2011 19:49:38
mbam-log-2011-04-24 (19-49-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 235717
Laufzeit: 1 Stunde(n), 13 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
otl
Code:
ATTFilter
OTL logfile created on: 24.04.2011 19:52:31 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 365,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 135,00 Gb Total Space | 21,00 Gb Free Space | 15,56% Space Free | Partition Type: NTFS
Drive D: | 4,04 Gb Total Space | 2,73 Gb Free Space | 67,55% Space Free | Partition Type: FAT32
 
Computer Name: ACER-AB842E1F73 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
PRC - C:\Programme\Mobile Partner Manager\UIExec.exe ()
PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\WINDOWS\PLFSetI.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UI Assistant Service) -- C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Ndisprot) -- C:\WINDOWS\system32\drivers\Ndisprot.sys (Windows (R) 2000 DDK provider)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys ()
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 09:01:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.24 09:01:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.04.08 08:15:27 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.05.15 13:38:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.05.15 13:38:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.24 18:01:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mfv14asg.default\extensions
[2010.05.29 17:26:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mfv14asg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.15 13:25:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.12 18:33:56 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2011.03.07 11:36:43 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.07 11:36:44 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.07 11:36:44 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.07 11:36:44 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.07 11:36:44 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt]  File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKLM..\Run: [UIExec] C:\Programme\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2387590086-650978795-2170371235-1005..\Run: [ProductReg] C:\Programme\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer VCM.lnk = C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.01 17:53:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.24 18:35:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:35:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:04:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2011.04.24 17:55:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Malwarebytes' Anti-Malware
[2011.04.24 17:40:03 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011.04.24 17:39:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.24 17:39:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.24 17:39:10 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.24 17:39:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware
[2011.04.21 19:46:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\NtmsData
[2011.04.21 17:38:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
[2011.04.16 01:27:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ServicePackFiles
[2011.04.05 08:08:34 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular
[2011.04.05 08:07:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011.04.05 08:07:07 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ElsterFormular
[2011.04.05 08:06:28 | 000,000,000 | -H-D | C] -- C:\Programme\ElsterFormular
[2011.04.03 23:16:36 | 000,014,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010.05.15 13:24:33 | 008,188,856 | -H-- | C] (Mozilla) -- C:\Programme\Firefox_Setup_3.6.3.exe
[2009.08.02 03:33:20 | 000,049,152 | -H-- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[2004.11.24 21:25:52 | 000,335,872 | -H-- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.24 19:43:03 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.24 18:35:34 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 18:12:07 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 18:11:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.24 18:11:27 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.24 17:27:10 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.22 13:55:50 | 000,000,400 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19062580
[2011.04.22 13:53:40 | 000,000,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580
[2011.04.22 13:53:40 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580r
[2011.04.21 17:38:30 | 000,450,556 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.21 17:38:30 | 000,434,032 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.21 17:38:30 | 000,068,318 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.21 17:38:29 | 000,081,178 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.16 12:37:52 | 000,365,712 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.16 01:27:39 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.05 08:07:09 | 000,000,711 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2011.04.02 12:36:48 | 000,001,635 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.24 18:35:34 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 13:53:40 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580r
[2011.04.22 13:53:39 | 000,000,160 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580
[2011.04.22 13:53:22 | 000,000,400 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19062580
[2011.04.05 08:07:09 | 000,000,711 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2011.04.02 12:36:48 | 000,001,635 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2011.03.06 19:34:11 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.07.10 23:29:57 | 000,082,432 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.15 13:27:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.15 13:17:03 | 044,151,368 | -H-- | C] () -- C:\Programme\avira_antivir_personal_de1000567.exe
[2009.12.16 16:14:47 | 000,626,688 | -H-- | C] () -- C:\WINDOWS\Image.dll
[2009.12.16 16:14:47 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\PLFSetI.exe
[2009.12.16 16:14:47 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\USB_VIDEO_REG.exe
[2009.12.16 16:14:47 | 000,000,323 | -H-- | C] () -- C:\WINDOWS\PidList.ini
[2009.12.16 16:13:45 | 000,233,472 | -H-- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009.12.16 16:13:45 | 000,145,152 | -H-- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009.12.16 16:13:45 | 000,015,190 | -H-- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.12.16 16:13:40 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\AutosetFrequency.exe
[2009.12.16 16:13:40 | 000,000,639 | -H-- | C] () -- C:\WINDOWS\AutoSetFrequency.ini
[2009.08.02 03:33:11 | 000,450,556 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009.08.02 03:33:11 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009.08.02 03:33:11 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009.08.02 03:33:10 | 000,081,178 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009.08.02 03:32:57 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.08.02 03:32:55 | 000,434,032 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.08.02 03:32:55 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.08.02 03:32:55 | 000,068,318 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.08.02 03:32:55 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.08.02 03:32:54 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.08.02 03:32:54 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.08.02 03:32:53 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.08.02 03:32:49 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.08.02 03:32:49 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.08.02 03:32:43 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.08.02 03:32:40 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009.08.01 20:56:54 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009.08.01 19:46:20 | 000,189,796 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2009.08.01 19:46:20 | 000,001,112 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009.08.01 19:46:20 | 000,000,712 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009.08.01 19:46:20 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009.08.01 19:46:20 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009.08.01 19:45:23 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.08.01 18:48:05 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.08.01 18:47:19 | 000,365,712 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.08.01 17:56:16 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\AMove.exe
[2009.08.01 17:56:16 | 000,007,003 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.08.01 17:55:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.08.01 17:51:12 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.01 17:50:20 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.05.08 16:08:42 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009.02.25 04:20:23 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2008.12.19 17:15:58 | 004,338,246 | -H-- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | -H-- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | -H-- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | -H-- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | -H-- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006.11.02 18:10:16 | 000,080,912 | -H-- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.10.03 19:50:54 | 000,129,024 | -H-- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001.11.14 14:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer GameZone Console
[2011.04.05 08:07:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009.08.01 20:30:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSobi
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Acer GameZone Console
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Super-Cow
[2010.05.08 18:03:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rocket Santiago\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rocket Santiago\Anwendungsdaten\Acer GameZone Console
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rocket Santiago\Anwendungsdaten\Super-Cow
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acer GameZone Console
[2011.04.05 08:08:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular
[2011.03.07 15:17:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla
[2011.04.02 12:36:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2010.05.28 20:02:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Super-Cow
[2010.05.15 13:38:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 25.04.2011, 15:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 25.04.2011, 17:06   #3
Seb13
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Hallo Arne,

Nein. Das sind alle.

Ich habe jedoch anscheinend das otl extra log unterschlagen.
VG
Sebastian

OTL EXTRA Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.04.2011 19:52:31 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 365,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 135,00 Gb Total Space | 21,00 Gb Free Space | 15,56% Space Free | Partition Type: NTFS
Drive D: | 4,04 Gb Total Space | 2,73 Gb Free Space | 67,55% Space Free | Partition Type: FAT32
 
Computer Name: ACER-AB842E1F73 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Programme\Acer GameZone\GameConsole
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.1
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{A0DBDF40-559F-11E0-82E2-001D0926B1BF}" = Google Earth Plug-in
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.5.1
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"pdfsam" = pdfsam
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
__________________

Alt 25.04.2011, 20:13   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.01 17:53:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O4 - HKLM..\Run: [M3000Mnt]  File not found
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~*
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1*
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.04.2011, 07:40   #5
Seb13
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Über Hilfe würde ich mich tatsächlich echt freuen.
Fehlen noch irgendwelche Angaben / Daten?


Alt 28.04.2011, 07:45   #6
Seb13
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Vielen Dank für den Tipp.
Aufgrund von Arbeitszeiten werde ich mich erst morgen wieder dransetzen können können.

Aber wie gesagt, schon mal danke im Voraus.
VG
Sebastian

Alt 28.04.2011, 17:09   #7
Seb13
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



so, ging doch früher als gedacht.
hier das otl fix log
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcee-7e29-11df-a557-705ab6067ebd}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\ not found.
File E:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\M3000Mnt not found.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~* not found.
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1* not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ** **
->Temp folder emptied: 847868 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ** **
->Temp folder emptied: 798716 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 23528073 bytes
->Flash cache emptied: 434 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 647363207 bytes
 
Total Files Cleaned = 642,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04282011_172729

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Ein paar Probleme hab ich allerdings immer noch:
Mein Desktop ist jetzt wieder blank (keine Icons) und die Dateien sind wieder weg.
Außerdem lässt sich Malware nicht mehr installieren. Am Ende des Installationsprozess gibts ne Fehlermeldung ("Setup - Zugriff verweigert").
Avira meldet immer, dass der Zugriff auf D:\AUTORUN.INF blockiert wird. Zusammenhang erschließt sich mir nicht.

Hier noch mal ein otl scan:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.04.2011 19:52:31 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\** **\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 365,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 135,00 Gb Total Space | 21,00 Gb Free Space | 15,56% Space Free | Partition Type: NTFS
Drive D: | 4,04 Gb Total Space | 2,73 Gb Free Space | 67,55% Space Free | Partition Type: FAT32
 
Computer Name: ACER-AB842E1F73 | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\** **\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
PRC - C:\Programme\Mobile Partner Manager\UIExec.exe ()
PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\WINDOWS\PLFSetI.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\** **\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UI Assistant Service) -- C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Ndisprot) -- C:\WINDOWS\system32\drivers\Ndisprot.sys (Windows (R) 2000 DDK provider)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys ()
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 09:01:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.24 09:01:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.04.08 08:15:27 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.05.15 13:38:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Mozilla\Extensions
[2010.05.15 13:38:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.24 18:01:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Mozilla\Firefox\Profiles\mfv14asg.default\extensions
[2010.05.29 17:26:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Mozilla\Firefox\Profiles\mfv14asg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.15 13:25:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.12 18:33:56 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2011.03.07 11:36:43 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.07 11:36:44 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.07 11:36:44 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.07 11:36:44 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.07 11:36:44 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt]  File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKLM..\Run: [UIExec] C:\Programme\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2387590086-650978795-2170371235-1005..\Run: [ProductReg] C:\Programme\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer VCM.lnk = C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\** **\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\** **\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\** **\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.01 17:53:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcee-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce84bcf0-7e29-11df-a557-705ab6067ebd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.24 18:35:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:35:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:04:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\** **\Recent
[2011.04.24 17:55:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\** **\Desktop\Malwarebytes' Anti-Malware
[2011.04.24 17:40:03 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Malwarebytes
[2011.04.24 17:39:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.24 17:39:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.24 17:39:10 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.24 17:39:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware
[2011.04.21 19:46:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\NtmsData
[2011.04.21 17:38:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Avira
[2011.04.16 01:27:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ServicePackFiles
[2011.04.05 08:08:34 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\elsterformular
[2011.04.05 08:07:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011.04.05 08:07:07 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ElsterFormular
[2011.04.05 08:06:28 | 000,000,000 | -H-D | C] -- C:\Programme\ElsterFormular
[2011.04.03 23:16:36 | 000,014,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010.05.15 13:24:33 | 008,188,856 | -H-- | C] (Mozilla) -- C:\Programme\Firefox_Setup_3.6.3.exe
[2009.08.02 03:33:20 | 000,049,152 | -H-- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[2004.11.24 21:25:52 | 000,335,872 | -H-- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.24 19:43:03 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.24 18:35:34 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 18:12:07 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 18:11:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.24 18:11:27 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.24 17:27:10 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.22 13:55:50 | 000,000,400 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19062580
[2011.04.22 13:53:40 | 000,000,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580
[2011.04.22 13:53:40 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580r
[2011.04.21 17:38:30 | 000,450,556 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.21 17:38:30 | 000,434,032 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.21 17:38:30 | 000,068,318 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.21 17:38:29 | 000,081,178 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.16 12:37:52 | 000,365,712 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.16 01:27:39 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.05 08:07:09 | 000,000,711 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2011.04.02 12:36:48 | 000,001,635 | -H-- | M] () -- C:\Dokumente und Einstellungen\** **\.recently-used.xbel
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.24 18:35:34 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 13:53:40 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580r
[2011.04.22 13:53:39 | 000,000,160 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062580
[2011.04.22 13:53:22 | 000,000,400 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19062580
[2011.04.05 08:07:09 | 000,000,711 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2011.04.02 12:36:48 | 000,001,635 | -H-- | C] () -- C:\Dokumente und Einstellungen\** **\.recently-used.xbel
[2011.03.06 19:34:11 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.07.10 23:29:57 | 000,082,432 | -H-- | C] () -- C:\Dokumente und Einstellungen\** **\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.15 13:27:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.15 13:17:03 | 044,151,368 | -H-- | C] () -- C:\Programme\avira_antivir_personal_de1000567.exe
[2009.12.16 16:14:47 | 000,626,688 | -H-- | C] () -- C:\WINDOWS\Image.dll
[2009.12.16 16:14:47 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\PLFSetI.exe
[2009.12.16 16:14:47 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\USB_VIDEO_REG.exe
[2009.12.16 16:14:47 | 000,000,323 | -H-- | C] () -- C:\WINDOWS\PidList.ini
[2009.12.16 16:13:45 | 000,233,472 | -H-- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009.12.16 16:13:45 | 000,145,152 | -H-- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009.12.16 16:13:45 | 000,015,190 | -H-- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.12.16 16:13:40 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\AutosetFrequency.exe
[2009.12.16 16:13:40 | 000,000,639 | -H-- | C] () -- C:\WINDOWS\AutoSetFrequency.ini
[2009.08.02 03:33:11 | 000,450,556 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009.08.02 03:33:11 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009.08.02 03:33:11 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009.08.02 03:33:10 | 000,081,178 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009.08.02 03:32:57 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.08.02 03:32:55 | 000,434,032 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.08.02 03:32:55 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.08.02 03:32:55 | 000,068,318 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.08.02 03:32:55 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.08.02 03:32:54 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.08.02 03:32:54 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.08.02 03:32:53 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.08.02 03:32:49 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.08.02 03:32:49 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.08.02 03:32:43 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.08.02 03:32:40 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009.08.01 20:56:54 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009.08.01 19:46:20 | 000,189,796 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2009.08.01 19:46:20 | 000,001,112 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009.08.01 19:46:20 | 000,000,712 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009.08.01 19:46:20 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009.08.01 19:46:20 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009.08.01 19:46:20 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009.08.01 19:45:23 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.08.01 18:48:05 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.08.01 18:47:19 | 000,365,712 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.08.01 17:56:16 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\AMove.exe
[2009.08.01 17:56:16 | 000,007,003 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.08.01 17:55:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.08.01 17:51:12 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.01 17:50:20 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.05.08 16:08:42 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009.02.25 04:20:23 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2008.12.19 17:15:58 | 004,338,246 | -H-- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | -H-- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | -H-- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | -H-- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | -H-- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006.11.02 18:10:16 | 000,080,912 | -H-- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.10.03 19:50:54 | 000,129,024 | -H-- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001.11.14 14:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer GameZone Console
[2011.04.05 08:07:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009.08.01 20:30:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSobi
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Acer GameZone Console
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Super-Cow
[2010.05.08 18:03:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Acer GameZone Console
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Super-Cow
[2009.08.01 20:32:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Acer
[2009.08.01 20:07:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Acer GameZone Console
[2011.04.05 08:08:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\elsterformular
[2011.03.07 15:17:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\FileZilla
[2011.04.02 12:36:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\gtk-2.0
[2010.05.28 20:02:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\OpenOffice.org
[2009.08.01 20:23:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Super-Cow
[2010.05.15 13:38:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\** **\Anwendungsdaten\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


[/code]OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.04.2011 19:52:31 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\** **\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 365,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 135,00 Gb Total Space | 21,00 Gb Free Space | 15,56% Space Free | Partition Type: NTFS
Drive D: | 4,04 Gb Total Space | 2,73 Gb Free Space | 67,55% Space Free | Partition Type: FAT32
 
Computer Name: ACER-AB842E1F73 | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune-Netzwerkfreigabedienst
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Programme\Acer GameZone\GameConsole
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.1
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{A0DBDF40-559F-11E0-82E2-001D0926B1BF}" = Google Earth Plug-in
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.5.1
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"pdfsam" = pdfsam
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2387590086-650978795-2170371235-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

[code]

Ich hatte doch tatsächlich gedacht, ich hätte es endlich hinter mich gebracht...

VG
S

Alt 28.04.2011, 18:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.05.2011, 17:04   #9
Seb13
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Hallo Arne,

hier das Log von Kaspersky. Ging wie Du siehst ziemlich schnell durch. Unhide ebenfalls.

Grüße und einen schönen Sonntag, falls wir uns nicht mehr lesen sollten.
Sebastian

Code:
ATTFilter
2011/05/01 17:56:27.0390 0596	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/01 17:56:27.0750 0596	================================================================================
2011/05/01 17:56:27.0750 0596	SystemInfo:
2011/05/01 17:56:27.0750 0596	
2011/05/01 17:56:27.0750 0596	OS Version: 5.1.2600 ServicePack: 3.0
2011/05/01 17:56:27.0750 0596	Product type: Workstation
2011/05/01 17:56:27.0750 0596	ComputerName: ACER-AB842E1F73
2011/05/01 17:56:27.0750 0596	UserName: ***
2011/05/01 17:56:27.0750 0596	Windows directory: C:\WINDOWS
2011/05/01 17:56:27.0750 0596	System windows directory: C:\WINDOWS
2011/05/01 17:56:27.0750 0596	Processor architecture: Intel x86
2011/05/01 17:56:27.0750 0596	Number of processors: 2
2011/05/01 17:56:27.0750 0596	Page size: 0x1000
2011/05/01 17:56:27.0750 0596	Boot type: Normal boot
2011/05/01 17:56:27.0750 0596	================================================================================
2011/05/01 17:56:28.0359 0596	Initialize success
2011/05/01 17:57:06.0421 1348	================================================================================
2011/05/01 17:57:06.0421 1348	Scan started
2011/05/01 17:57:06.0421 1348	Mode: Manual; 
2011/05/01 17:57:06.0421 1348	================================================================================
2011/05/01 17:57:06.0937 1348	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/01 17:57:07.0015 1348	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/01 17:57:07.0046 1348	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/01 17:57:07.0171 1348	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/01 17:57:07.0250 1348	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/01 17:57:07.0343 1348	AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/01 17:57:07.0421 1348	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/01 17:57:07.0468 1348	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/01 17:57:07.0531 1348	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/01 17:57:07.0578 1348	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/01 17:57:07.0625 1348	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/01 17:57:07.0734 1348	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/01 17:57:07.0781 1348	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/01 17:57:07.0890 1348	Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/05/01 17:57:08.0093 1348	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/01 17:57:08.0140 1348	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/01 17:57:08.0296 1348	AR5416          (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/05/01 17:57:08.0406 1348	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/01 17:57:08.0453 1348	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/01 17:57:08.0500 1348	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/01 17:57:08.0609 1348	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/01 17:57:08.0656 1348	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/01 17:57:08.0765 1348	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/01 17:57:08.0843 1348	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/01 17:57:09.0015 1348	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/05/01 17:57:09.0062 1348	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/01 17:57:09.0125 1348	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/01 17:57:09.0187 1348	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/01 17:57:09.0296 1348	btaudio         (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
2011/05/01 17:57:09.0437 1348	BTKRNL          (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/05/01 17:57:09.0562 1348	btwhid          (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/05/01 17:57:09.0656 1348	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/01 17:57:09.0687 1348	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/01 17:57:09.0750 1348	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/01 17:57:09.0796 1348	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/01 17:57:09.0843 1348	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/01 17:57:09.0921 1348	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/01 17:57:10.0000 1348	Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/01 17:57:10.0140 1348	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/01 17:57:10.0187 1348	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/01 17:57:10.0234 1348	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/01 17:57:10.0328 1348	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/01 17:57:10.0390 1348	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/01 17:57:10.0453 1348	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/01 17:57:10.0515 1348	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/01 17:57:10.0593 1348	DKbFltr         (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/05/01 17:57:10.0687 1348	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/01 17:57:10.0765 1348	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/01 17:57:10.0828 1348	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/01 17:57:10.0906 1348	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/01 17:57:11.0000 1348	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/01 17:57:11.0140 1348	DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/05/01 17:57:11.0171 1348	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/01 17:57:11.0265 1348	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/01 17:57:11.0390 1348	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/01 17:57:11.0437 1348	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/01 17:57:11.0468 1348	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/01 17:57:11.0531 1348	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/01 17:57:11.0593 1348	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/01 17:57:11.0656 1348	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/01 17:57:11.0718 1348	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/01 17:57:11.0796 1348	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/01 17:57:11.0890 1348	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/01 17:57:11.0984 1348	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/01 17:57:12.0062 1348	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/01 17:57:12.0125 1348	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/01 17:57:12.0187 1348	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/01 17:57:12.0250 1348	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/01 17:57:12.0562 1348	ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/01 17:57:12.0906 1348	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/01 17:57:13.0000 1348	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/01 17:57:13.0140 1348	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/01 17:57:13.0531 1348	IntcAzAudAddService (3fa02c6e3e9ebe8523a2d4e51d0ece1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/01 17:57:13.0953 1348	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/01 17:57:14.0046 1348	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/01 17:57:14.0125 1348	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/01 17:57:14.0171 1348	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/01 17:57:14.0218 1348	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/01 17:57:14.0281 1348	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/01 17:57:14.0328 1348	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/01 17:57:14.0390 1348	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/01 17:57:14.0453 1348	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/01 17:57:14.0500 1348	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/01 17:57:14.0562 1348	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/01 17:57:14.0640 1348	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/01 17:57:14.0718 1348	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/01 17:57:14.0781 1348	L1c             (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/05/01 17:57:14.0984 1348	M3000Srv        (73fd60fda3ff60f0666e4614e93f0aaa) C:\WINDOWS\system32\Drivers\M3000KNT.sys
2011/05/01 17:57:15.0062 1348	massfilter      (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
2011/05/01 17:57:15.0156 1348	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/01 17:57:15.0250 1348	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/01 17:57:15.0359 1348	Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/05/01 17:57:15.0484 1348	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/01 17:57:15.0546 1348	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/01 17:57:15.0609 1348	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/01 17:57:15.0656 1348	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/01 17:57:15.0750 1348	MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/01 17:57:15.0859 1348	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/01 17:57:15.0937 1348	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/01 17:57:15.0968 1348	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/01 17:57:16.0015 1348	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/01 17:57:16.0078 1348	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/01 17:57:16.0109 1348	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/01 17:57:16.0156 1348	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/01 17:57:16.0234 1348	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/01 17:57:16.0281 1348	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/01 17:57:16.0359 1348	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/01 17:57:16.0421 1348	Ndisprot        (e94265636d893314463cb650e43c3eb5) C:\WINDOWS\system32\DRIVERS\ndisprot.sys
2011/05/01 17:57:16.0453 1348	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/01 17:57:16.0500 1348	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/01 17:57:16.0531 1348	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/01 17:57:16.0625 1348	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/01 17:57:16.0671 1348	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/01 17:57:16.0718 1348	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/01 17:57:16.0843 1348	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/01 17:57:16.0937 1348	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/01 17:57:17.0046 1348	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/01 17:57:17.0093 1348	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/01 17:57:17.0140 1348	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/01 17:57:17.0250 1348	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/01 17:57:17.0281 1348	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/01 17:57:17.0359 1348	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/01 17:57:17.0406 1348	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/01 17:57:17.0500 1348	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/01 17:57:17.0546 1348	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/01 17:57:17.0734 1348	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/01 17:57:17.0781 1348	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/01 17:57:17.0906 1348	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/01 17:57:17.0968 1348	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/01 17:57:18.0000 1348	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/01 17:57:18.0062 1348	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/01 17:57:18.0156 1348	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/01 17:57:18.0203 1348	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/01 17:57:18.0265 1348	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/01 17:57:18.0312 1348	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/01 17:57:18.0359 1348	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/01 17:57:18.0421 1348	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/01 17:57:18.0484 1348	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/01 17:57:18.0531 1348	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/01 17:57:18.0578 1348	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/01 17:57:18.0625 1348	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/01 17:57:18.0687 1348	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/01 17:57:18.0765 1348	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/01 17:57:18.0828 1348	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/01 17:57:18.0921 1348	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/01 17:57:19.0062 1348	RSUSBSTOR       (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2011/05/01 17:57:19.0234 1348	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/01 17:57:19.0312 1348	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/01 17:57:19.0406 1348	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/01 17:57:19.0515 1348	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/01 17:57:19.0562 1348	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/01 17:57:19.0625 1348	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/01 17:57:19.0703 1348	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/01 17:57:19.0765 1348	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/01 17:57:19.0859 1348	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/01 17:57:20.0015 1348	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/01 17:57:20.0093 1348	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/01 17:57:20.0156 1348	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/01 17:57:20.0187 1348	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/01 17:57:20.0250 1348	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/01 17:57:20.0328 1348	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/01 17:57:20.0375 1348	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/01 17:57:20.0406 1348	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/01 17:57:20.0500 1348	SynTP           (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/01 17:57:20.0546 1348	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/01 17:57:20.0671 1348	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/01 17:57:20.0765 1348	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/01 17:57:20.0796 1348	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/01 17:57:20.0859 1348	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/01 17:57:20.0937 1348	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/01 17:57:21.0000 1348	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/01 17:57:21.0078 1348	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/01 17:57:21.0140 1348	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/01 17:57:21.0281 1348	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/01 17:57:21.0375 1348	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/01 17:57:21.0406 1348	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/01 17:57:21.0484 1348	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/01 17:57:21.0531 1348	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/01 17:57:21.0593 1348	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/01 17:57:21.0656 1348	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/01 17:57:21.0718 1348	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/01 17:57:21.0765 1348	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/01 17:57:21.0828 1348	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/01 17:57:21.0937 1348	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/01 17:57:22.0015 1348	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/01 17:57:22.0203 1348	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/01 17:57:22.0328 1348	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/01 17:57:22.0453 1348	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/01 17:57:22.0515 1348	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/01 17:57:22.0578 1348	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/01 17:57:22.0734 1348	ZTEusbmdm6k     (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
2011/05/01 17:57:22.0796 1348	ZTEusbnmea      (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
2011/05/01 17:57:22.0843 1348	ZTEusbser6k     (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
2011/05/01 17:57:22.0984 1348	================================================================================
2011/05/01 17:57:22.0984 1348	Scan finished
2011/05/01 17:57:22.0984 1348	================================================================================
         

Alt 01.05.2011, 18:52   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.05.2011, 14:27   #11
Seb13
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Hallo!

hier nun endlich das logfile.
[/code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-15.04 - ** ** 16.05.2011  14:57:27.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1014.402 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\** **\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
D:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-16 bis 2011-05-16  ))))))))))))))))))))))))))))))
.
.
2011-05-16 12:47 . 2011-05-16 12:47	--------	d-----w-	c:\programme\CCleaner
2011-05-07 10:03 . 2011-05-07 10:03	--------	d-----w-	c:\dokumente und einstellungen\** **\Anwendungsdaten\DVDVideoSoftIEHelpers
2011-05-07 10:03 . 2011-05-07 10:03	--------	d-----w-	c:\programme\Gemeinsame Dateien\Plasmoo
2011-05-07 10:03 . 2011-05-07 10:04	--------	d-----w-	c:\programme\Gemeinsame Dateien\DVDVideoSoft
2011-05-07 10:03 . 2011-05-07 10:03	--------	d-----w-	c:\programme\DVDVideoSoft
2011-05-06 22:24 . 2011-05-06 22:24	781272	----a-w-	c:\programme\Mozilla Firefox\mozsqlite3.dll
2011-05-06 22:24 . 2011-05-06 22:24	1874904	----a-w-	c:\programme\Mozilla Firefox\mozjs.dll
2011-05-06 22:24 . 2011-05-06 22:24	89048	----a-w-	c:\programme\Mozilla Firefox\libEGL.dll
2011-05-06 22:24 . 2011-05-06 22:24	465880	----a-w-	c:\programme\Mozilla Firefox\libGLESv2.dll
2011-05-06 22:24 . 2011-05-06 22:24	15832	----a-w-	c:\programme\Mozilla Firefox\mozalloc.dll
2011-05-06 22:24 . 2011-05-06 22:24	1892184	----a-w-	c:\programme\Mozilla Firefox\d3dx9_42.dll
2011-05-06 22:24 . 2011-05-06 22:24	142296	----a-w-	c:\programme\Mozilla Firefox\components\browsercomps.dll
2011-05-06 22:24 . 2011-05-06 22:24	1974616	----a-w-	c:\programme\Mozilla Firefox\D3DCompiler_42.dll
2011-04-28 14:51 . 2011-04-28 14:51	--------	d-----w-	C:\_OTL
2011-04-28 14:47 . 2011-04-28 14:47	--------	d-----w-	c:\dokumente und einstellungen\** **\Anwendungsdaten\Malwarebytes
2011-04-24 16:35 . 2011-04-28 15:35	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2011-04-24 15:40 . 2011-04-24 15:40	--------	d-----w-	c:\dokumente und einstellungen\** **\Anwendungsdaten\Malwarebytes
2011-04-24 15:39 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-24 15:39 . 2011-04-24 15:39	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-04-24 15:39 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-21 17:46 . 2011-04-21 17:46	--------	d-----w-	c:\windows\system32\NtmsData
2011-04-21 17:45 . 2011-04-21 17:45	--------	d-----w-	c:\dokumente und einstellungen\** **\Anwendungsdaten\Avira
2011-04-21 17:45 . 2011-04-21 17:45	--------	d-----w-	c:\dokumente und einstellungen\** **\Lokale Einstellungen\Anwendungsdaten\PDF24
2011-04-21 15:38 . 2011-04-21 15:38	--------	d-----w-	c:\dokumente und einstellungen\** **\Anwendungsdaten\Avira
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 07:00 . 2010-05-15 11:18	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2009-08-01 15:51	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2009-08-02 01:33	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2009-08-02 01:33	1858048	----a-w-	c:\windows\system32\win32k.sys
2011-02-22 23:05 . 2009-08-02 01:33	916480	----a-w-	c:\windows\system32\wininet.dll
2011-02-22 23:05 . 2009-08-02 01:32	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-02-22 23:05 . 2009-08-02 01:32	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2009-08-02 01:32	385024	----a-w-	c:\windows\system32\html.iec
2011-02-17 13:18 . 2009-08-02 01:32	455936	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2009-08-02 01:33	357888	----a-w-	c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-05-15 11:24 . 2010-05-15 11:24	8188856	----a-w-	c:\programme\Firefox_Setup_3.6.3.exe
2010-05-15 11:17 . 2010-05-15 11:17	44151368	----a-w-	c:\programme\avira_antivir_personal_de1000567.exe
2011-05-06 22:24 . 2011-05-06 22:24	142296	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\programme\Acer\WR_PopUp\ProductReg.exe" [2009-04-15 135168]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-07 39408]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\programme\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-01 24064]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"iSyncData"="c:\programme\Acer\Android Manager\iSync.exe" [2009-09-16 393320]
"iPatchData"="c:\programme\Acer\Updater\iUpdate.exe" [2009-09-09 487016]
"AndroidManager"="c:\programme\Acer\Android Manager\AML.exe" [2009-08-16 505960]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"UIExec"="c:\programme\Mobile Partner Manager\UIExec.exe" [2010-01-13 133120]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2010-07-12 74752]
"PDFPrint"="c:\programme\pdf24\pdf24.exe" [2011-02-01 220552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\** **\Startmen\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Acer VCM.lnk - c:\programme\Acer\Acer VCM\AcerVCM.exe [2009-8-1 565248]
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R1 Ndisprot;GreenPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [29.05.2010 16:59 21504]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.05.2010 13:18 136360]
R2 RS_Service;Raw Socket Service;c:\programme\Acer\Acer VCM\RS_Service.exe [01.08.2009 20:32 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [02.08.2009 03:33 38912]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [16.12.2009 16:13 145152]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [15.05.2010 13:27 135664]
S2 UI Assistant Service;UI Assistant Service;c:\programme\Mobile Partner Manager\AssistantServices.exe [29.05.2010 16:59 247296]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.08.2009 19:46 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [01.08.2009 19:47 24064]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [15.05.2010 13:27 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [29.05.2010 16:59 9216]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [01.08.2009 19:41 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-05-15 11:27]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-05-15 11:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_one&r=0xph05105725l0384wui5w89123538
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\** **\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\dokumente und einstellungen\** **\Anwendungsdaten\Mozilla\Firefox\Profiles\mfv14asg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-16 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Windows Media Player\WMPNetwk.exe
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-16  15:17:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-16 13:17
.
Vor Suchlauf: 15 Verzeichnis(se), 24.198.389.760 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 24.234.389.504 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8EC9B78C87031CD94BD97DB084164C77
         
--- --- ---
[code]

bis hierhin schon mal vielen Dank für Deine Unterstüzung.
Was meinst Du? Computer desinfiziert?
Gibt es eine gute Schutzsoftware, die Du empfehlen würdest? Hab Postives über "Secunia" und "Update Checker" gelesen.

vg
Sebastian

Alt 16.05.2011, 14:40   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.05.2011, 16:29   #13
Seb13
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



bitte schön
[/code]
GMER Logfile:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-16 16:59:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0
Running: 8fxhnsnw.exe; Driver: C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\kwaoyaoc.sys


---- System - GMER 1.0.15 ----

SSDT            9CD274D6                                    ZwCreateKey
SSDT            9CD274CC                                    ZwCreateThread
SSDT            9CD274DB                                    ZwDeleteKey
SSDT            9CD274E5                                    ZwDeleteValueKey
SSDT            9CD274EA                                    ZwLoadKey
SSDT            9CD274B8                                    ZwOpenProcess
SSDT            9CD274BD                                    ZwOpenThread
SSDT            9CD274F4                                    ZwReplaceKey
SSDT            9CD274EF                                    ZwRestoreKey
SSDT            9CD274E0                                    ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwYieldExecution + 1FE         804E4A58 4 Bytes  JMP E69CD274 
?               C:\cofi\catchme.sys                         Das System kann den angegebenen Pfad nicht finden. !
?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0     wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1     wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                    fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

--- --- ---


[/code]
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:15:19 on 16.05.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"GreenPacket NDIS Protocol Driver" (Ndisprot) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\ndisprot.sys
"kwaoyaoc" (kwaoyaoc) - ? - C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\kwaoyaoc.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Realtek IR Driver" (Rts516xIR) - ? - C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys  (File not found)
"Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"Zune Bus Enumerator Driver" (zumbus) - ? - C:\WINDOWS\System32\DRIVERS\zumbus.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\Programme\Acer\Acer VCM\Skype4COM.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\BTNEIG~1.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Acer VCM.lnk" - "Acer Incorporated" - C:\Programme\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\** **\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ProductReg" - "Acer" - C:\Programme\Acer\WR_PopUp\ProductReg.exe
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AndroidManager" - ? - C:\Programme\Acer\Android Manager\AML.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"AzMixerSel" - "Realtek Semiconductor Corp." - C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe
"Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"IAAnotif" - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iPatchData" - "Insyde Software Corp." - C:\Programme\Acer\Updater\iUpdate.exe
"iSyncData" - "Insyde Software Corp." - C:\Programme\Acer\Android Manager\iSync.exe
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"PDFPrint" - "Geek Software GmbH" - C:\Programme\pdf24\pdf24.exe
"PLFSetI" - ? - C:\WINDOWS\PLFSetI.exe
"UIExec" - ? - "C:\Programme\Mobile Partner Manager\UIExec.exe"  (File found, but it contains no detailed information)
"WinampAgent" - "Nullsoft, Inc." - C:\Programme\Winamp\winampa.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Google Desktop Manager 5.7.808.7150" (GoogleDesktopManager-080708-050100) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Programme\Acer\Acer VCM\RS_Service.exe
"UI Assistant Service" (UI Assistant Service) - ? - C:\Programme\Mobile Partner Manager\AssistantServices.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Acer" - C:\WINDOWS\system32\Acer.scr
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
ATTFilter
         
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0xF7B3D000 \WINDOWS\system32\KDCOM.DLL
0xF7A4D000 \WINDOWS\system32\BOOTVID.dll
0xF75ED000 ACPI.sys
0xF7B3F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75DC000 pci.sys
0xF763D000 isapnp.sys
0xF7A51000 compbatt.sys
0xF7A55000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C05000 pciide.sys
0xF78BD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF764D000 MountMgr.sys
0xF75BD000 ftdisk.sys
0xF78C5000 PartMgr.sys
0xF7A59000 ACPIEC.sys
0xF7C06000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF765D000 VolSnap.sys
0xF75A5000 atapi.sys
0xF74D7000 iaStor.sys
0xF766D000 disk.sys
0xF767D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74B7000 fltMgr.sys
0xF74A5000 sr.sys
0xF768D000 PxHelp20.sys
0xF748E000 KSecDD.sys
0xF7401000 Ntfs.sys
0xF73D4000 NDIS.sys
0xF73BA000 Mup.sys
0xF76AD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5B3C000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5B28000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5B00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF76BD000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
0xF7935000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF595B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF793D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF72EC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF76CD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7945000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF794D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF592A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B6B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76DD000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF58B9000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF7955000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF72E8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF57C8000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7C48000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76ED000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF72E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF57B1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76FD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF770D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF795D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF57A0000 \SystemRoot\system32\DRIVERS\psched.sys
0xF771D000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7965000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF796D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF772D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B6D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF577D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF571F000 \SystemRoot\system32\DRIVERS\update.sys
0xF72D4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF622B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF789D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA857A000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA8556000 \SystemRoot\system32\drivers\portcls.sys
0xF78AD000 \SystemRoot\system32\drivers\drmk.sys
0xA7FCB000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7C03000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA2086000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B41000 \SystemRoot\System32\Drivers\Beep.SYS
0xA277A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA2772000 \SystemRoot\System32\drivers\vga.sys
0xF7B43000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B45000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA276A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA1DF9000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA7FC3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA1662000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA1609000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA15E1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA15BB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA1DF1000 \SystemRoot\system32\DRIVERS\ndisprot.sys
0xA1599000 \SystemRoot\System32\drivers\afd.sys
0xA24CC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA1DE9000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA156E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA14FE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA396B000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0xA249C000 \SystemRoot\System32\Drivers\Fips.SYS
0xA14DA000 \SystemRoot\System32\Drivers\M3000KNT.sys
0xA248C000 \SystemRoot\System32\Drivers\STREAM.SYS
0xA14B4000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7BFD000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0x9C1D0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9B600000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9B532000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9C4E6000 \SystemRoot\System32\drivers\Dxapi.sys
0x9BDBB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBF47A000 \SystemRoot\System32\ATMFD.DLL
0x9B51D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA8532000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B4F0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9B437000 \SystemRoot\System32\Drivers\HTTP.sys
0x9B3B7000 \SystemRoot\system32\DRIVERS\srv.sys
0x9B1E2000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9F2E000 \SystemRoot\system32\drivers\sysaudio.sys
0xA18F2000 \??\C:\cofi\catchme.sys
0x9BE28000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x99742000 \??\C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\kwaoyaoc.sys
0x99717000 \SystemRoot\system32\drivers\kmixer.sys
0x99596000 \SystemRoot\system32\DRIVERS\athw.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
700 C:\WINDOWS\system32\smss.exe
756 csrss.exe
780 C:\WINDOWS\system32\winlogon.exe
824 C:\WINDOWS\system32\services.exe
836 C:\WINDOWS\system32\lsass.exe
1020 C:\WINDOWS\system32\svchost.exe
1088 svchost.exe
1128 C:\WINDOWS\system32\svchost.exe
1216 svchost.exe
1260 svchost.exe
1504 C:\WINDOWS\system32\spoolsv.exe
1552 C:\Programme\Avira\AntiVir Desktop\sched.exe
1592 svchost.exe
1648 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1764 C:\WINDOWS\system32\svchost.exe
1780 C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1836 C:\Programme\Acer\Acer VCM\RS_Service.exe
1948 C:\WINDOWS\system32\svchost.exe
144 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
472 wmpnetwk.exe
2348 C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2392 C:\WINDOWS\system32\wscntfy.exe
3148 alg.exe
3972 C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4016 C:\PROGRA~1\LAUNCH~1\LManager.exe
4032 C:\WINDOWS\system32\igfxtray.exe
4044 C:\WINDOWS\system32\hkcmd.exe
4060 C:\WINDOWS\system32\igfxpers.exe
532 C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
564 C:\WINDOWS\system32\igfxsrvc.exe
1320 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
1380 C:\WINDOWS\RTHDCPL.EXE
2104 C:\Programme\Acer\Updater\iUpdate.exe
2124 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2216 C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
1372 C:\Programme\Winamp\winampa.exe
1304 C:\Programme\pdf24\pdf24.exe
2448 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1424 C:\Programme\Windows Media Player\wmpnscfg.exe
2724 C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
2768 C:\WINDOWS\system32\igfxext.exe
2848 C:\Programme\OpenOffice.org 3\program\soffice.exe
2928 C:\Programme\OpenOffice.org 3\program\soffice.bin
3332 C:\WINDOWS\explorer.exe
1432 C:\WINDOWS\system32\ctfmon.exe
3004 C:\Programme\Mozilla Firefox\firefox.exe
3048 C:\Dokumente und Einstellungen\** **\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000024`40500000 (FAT32)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
[code]

Alt 16.05.2011, 20:36   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.05.2011, 16:21   #15
Seb13
 
TR/kazy.mekml.1 eingefangen - Standard

TR/kazy.mekml.1 eingefangen



neuer Tag, neue Logs.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6598

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.05.2011 17:16:50
mbam-log-2011-05-17 (17-16-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 221849
Laufzeit: 1 Stunde(n), 6 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 05/17/2011 bei 01:45 AM

Version der Applikation : 4.52.1000

Version der Kern-Datenbank : 7068
Version der Spur-Datenbank : 4880

Scan Art       : kompletter Scann
Totale Scann-Zeit : 01:56:48

Gescannte Speicherelemente  : 594
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 7360
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 69785
Erfasste Datei-Elemente   : 0
         

Antwort

Themen zu TR/kazy.mekml.1 eingefangen
.dll, 0x00000001, adobe, antivir, avgntflt.sys, avira, bho, desktop, disabletaskmgr, einstellungen, explorer, festplatte, firefox, format, helper, home, launch, location, logfile, malware, mozilla, mozilla thunderbird, oldtimer, pdf, popup, realtek, registry, sched.exe, searchplugins, senden, services.exe, software, system, trojan.fakeav, trojaner, uiexec.exe



Ähnliche Themen: TR/kazy.mekml.1 eingefangen


  1. Habe mir ebenfalls TR/Kazy.mekml.1 eingefangen
    Log-Analyse und Auswertung - 08.06.2011 (18)
  2. Habe mir u. A. TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (22)
  3. TR/Kazy.mekml.1 eingefangen
    Log-Analyse und Auswertung - 23.05.2011 (35)
  4. Habe mir ebenfalls TR/Kazy.mekml.1 eingefangen
    Log-Analyse und Auswertung - 19.05.2011 (39)
  5. TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (1)
  6. Hab mir auch den TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (23)
  7. TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (9)
  8. Kazy.mekml.1 eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (15)
  9. TR/Kazy.mekml.1 eingefangen
    Log-Analyse und Auswertung - 30.04.2011 (18)
  10. TR/Kazy.mekml.1 eingefangen! Und nun...?
    Log-Analyse und Auswertung - 29.04.2011 (6)
  11. Trojaner TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (5)
  12. TR/Kazy.mekml.1 am 21.4. leider eingefangen
    Log-Analyse und Auswertung - 28.04.2011 (19)
  13. Trojaner TR/kazy.mekml.1 eingefangen :-(
    Log-Analyse und Auswertung - 28.04.2011 (7)
  14. TR/Kazy.mekml.1 eingefangen - Logs erstellt
    Log-Analyse und Auswertung - 26.04.2011 (13)
  15. TR/Kazy.mekml.1 - auf welcher Seite habe ich ihn mir eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (1)
  16. Habe mir TR/Kazy.mekml.1 eingefangen, OTL+Malwarebytes anhängend
    Log-Analyse und Auswertung - 25.04.2011 (1)
  17. Virus TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (13)

Zum Thema TR/kazy.mekml.1 eingefangen - Hallo liebe Community, oben genannter Trojaner hält mich seit Freitag auf Trab. Die Symptome sind wie bereits bei anderen Betroffenen schwarzer Desktop, kein Zugriff auf Daten (versteckt) willkürliches Runterfahren des - TR/kazy.mekml.1 eingefangen...
Archiv
Du betrachtest: TR/kazy.mekml.1 eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.