Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojan.BHO C:\ProgramData\Partner\partner.dll hijackthis & mbam logfile (https://www.trojaner-board.de/90769-trojan-bho-c-programdata-partner-partner-dll-hijackthis-mbam-logfile.html)

sir_neromani 14.09.2010 15:18
Trojan.BHO C:\ProgramData\Partner\partner.dll hijackthis & mbam logfile
 
Hallo, ich habe wahrscheinlich den Trojan.BHO drauf. Hab schon einiges gelesen, aber immer sehr individuelle Lösungsansätze gefunden. Daher bitte ich um individuelle Hilfe.

Hier mein MBAM logfile:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4613

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

14.09.2010 16:11:05
mbam-log-2010-09-14 (16-11-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142054
Laufzeit: 14 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Hier mein HIjackthis logfile:

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:26:40, on 14.09.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Users\hkreich\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Acer\WR_PopUp\ProductReg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Acer\WR_PopUp\AcerRegTool.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\hkreich\Downloads\HiJackThis204.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate1ca0b70d1255c3a) (gupdate1ca0b70d1255c3a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9462 bytes
Bitte um schnelle Hilfe, da dies nicht mein Rechner ist und ich 30 km dahinfahren muss.

Vielen Dank

cosinus 14.09.2010 21:23
Gibt es noch mehr Logs von malwarebytes? Wenn ja bitte alle posten.

sir_neromani 14.09.2010 21:56
Hallo, ich habs jetzt nochmal gemacht. Dass der wahrscheinlich nicht sehr vielsagend ist, denk ich mir auch. Ich hab nen Quick Scan gemacht, aber des steht da ja. Ich weis nicht warum da nix zu sehn ist. Ich hab auch davor Upgedated. Ich habs übrigens als Administrator gemacht. ( der Rechner is nicht von mir und da is nur ein Adminkonto drauf)

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4616

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

14.09.2010 22:53:57
mbam-log-2010-09-14 (22-53-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141631
Laufzeit: 11 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Nochmal aktuelles Hijack Log:

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:02:01, on 14.09.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\hkreich\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Acer\WR_PopUp\ProductReg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Acer\WR_PopUp\AcerRegTool.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\hkreich\Downloads\HiJackThis204.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate1ca0b70d1255c3a) (gupdate1ca0b70d1255c3a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9364 bytes

cosinus 15.09.2010 11:20
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

sir_neromani 15.09.2010 14:47
Alles klar, hier die logs:

Code:
OTL logfile created on: 15.09.2010 15:50:37 - Run 2
OTL by OldTimer - Version 3.2.12.0    Folder = C:\Users\hkreich\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 235,00 Mb Available Physical Memory | 25,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 34,18 Gb Free Space | 49,08% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 69,46 Gb Free Space | 99,74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HKREICH-PC
Current User Name: hkreich
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\hkreich\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Users\hkreich\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\hkreich\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.07.21 17:33:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.14 13:23:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\hkreich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.15 12:41:57 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\hkreich\Desktop\OTL.exe
[2010.09.14 15:54:13 | 000,000,000 | ---D | C] -- C:\Users\hkreich\AppData\Roaming\Malwarebytes
[2010.09.14 15:53:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.14 15:53:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.14 15:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.14 15:53:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.14 14:51:45 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.09.14 14:51:45 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.09.14 14:51:43 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.09.14 14:51:41 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.09.14 14:51:38 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.09.14 14:50:03 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.09.14 14:50:01 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010.09.14 14:49:21 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software
[2010.09.14 14:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.09.06 19:54:29 | 000,000,000 | ---D | C] -- C:\Users\hkreich\.assistant
[2008.12.26 21:10:04 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.15 15:50:10 | 002,097,152 | -HS- | M] () -- C:\Users\hkreich\NTUSER.DAT
[2010.09.15 15:46:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.15 15:06:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.15 14:40:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.15 14:40:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.15 14:20:21 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.09.15 14:00:52 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C967D5E2-CDAE-4CA2-84DD-ADBC5CF5A5DC}.job
[2010.09.15 12:42:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\hkreich\Desktop\OTL.exe
[2010.09.15 09:23:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.09.15 09:22:45 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.15 09:21:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.15 09:21:30 | 999,157,760 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.14 23:26:54 | 000,524,288 | -HS- | M] () -- C:\Users\hkreich\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 23:26:54 | 000,065,536 | -HS- | M] () -- C:\Users\hkreich\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.09.14 23:26:24 | 003,565,359 | -H-- | M] () -- C:\Users\hkreich\AppData\Local\IconCache.db
[2010.09.14 19:51:05 | 000,646,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.14 19:51:04 | 001,606,426 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.14 19:51:04 | 000,690,550 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.14 19:51:04 | 000,152,516 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.14 19:51:04 | 000,123,536 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.14 14:57:54 | 167,578,094 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.14 14:51:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.09.12 18:40:39 | 000,002,577 | ---- | M] () -- C:\Users\hkreich\Desktop\Microsoft Office Picture Manager.lnk
[2010.09.12 18:09:07 | 000,164,883 | ---- | M] () -- C:\Users\hkreich\Elster-Formular.elfo
[2010.09.11 10:45:25 | 000,002,631 | ---- | M] () -- C:\Users\hkreich\Desktop\Microsoft Office Word 2007.lnk
[2010.09.07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.09.07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010.09.07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.09.07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.09.07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.09.07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.09.07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.09.06 20:59:53 | 000,015,787 | ---- | M] () -- C:\Users\hkreich\Eink. St 2009.elfo
[2010.09.05 20:36:09 | 000,010,752 | ---- | M] () -- C:\Users\hkreich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2010.09.06 16:57:23 | 000,015,787 | ---- | C] () -- C:\Users\hkreich\Eink. St 2009.elfo
[2009.09.17 11:51:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.23 11:07:58 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.07.21 18:02:49 | 000,010,752 | ---- | C] () -- C:\Users\hkreich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.21 17:23:19 | 000,000,773 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.07.21 17:13:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.07.21 17:12:36 | 000,000,821 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.07.21 17:12:36 | 000,000,162 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.07.21 17:08:39 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009.07.21 17:07:20 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.07.21 17:07:17 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.07.21 17:05:07 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.12.26 20:52:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.12.26 20:52:58 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.12.26 11:24:11 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
< End of report >
Code:
OTL Extras logfile created on: 15.09.2010 15:50:37 - Run 2
OTL by OldTimer - Version 3.2.12.0    Folder = C:\Users\hkreich\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 235,00 Mb Available Physical Memory | 25,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 34,18 Gb Free Space | 49,08% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 69,46 Gb Free Space | 99,74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HKREICH-PC
Current User Name: hkreich
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0547B9C1-6AC8-42F2-A76F-EDD6749D77CB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BEE93628-4B4C-44F6-A9E7-199254CC090B}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13E97DBD-BE15-4BFC-B39D-C3795E713F0E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1DBE9FAD-B084-4447-93AA-BE2DDBF60462}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3A9CFDD2-91FB-412A-948B-75AD4DF64A83}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{41256C73-A66B-4227-8DB4-E4D9E8D368D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{5552D1FC-211D-4799-8FB3-983DDC55EF5E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5583BBF1-26E9-492D-9C61-009E36314EAF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{63ABE73C-BB3F-45CD-8C96-E6131EF9339C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6609A989-AA32-4C4E-8C1A-9B439ADF7AA1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8330DBE3-E8E8-4B3D-A6B0-FE297EF97EA5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{8F9FC7F5-1C26-452D-830B-983A671BBCA9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8FB0A0B6-B553-418F-855A-55D4C4390656}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{9A86178F-FB9B-4571-9483-7290D597E0FE}" = protocol=6 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{A1F0A157-58DB-44C7-9B6A-61705B11B760}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{A365457A-E4FE-460F-B978-1E98396650AA}" = protocol=17 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{BB3A3287-35F3-45DA-A9B6-734D9CBB4A4D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{C7B42F14-88F0-4C25-9120-9C553657D0E7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{CEC1190F-12C3-45C8-A642-BC5211F23031}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{EE0CDAD3-CAB7-442E-821E-09889AC6BA13}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F19A2DB8-ACEA-48BF-982B-94562B1DC81C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{F89C37F8-5622-4FC9-94F2-195CF23DDC52}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{FBD88422-4C49-4F8B-81F7-E6FAA4E2000F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"TCP Query User{91C51AC0-A9C6-441F-9979-D53B49CC988E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9F9E53EB-B923-4DE5-AAB6-7548C2E952B8}C:\program files\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"UDP Query User{12386E41-6FF8-4CC4-AA1D-2332E34B5F4C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8FF5EEDF-2650-4E92-80BF-C7CB89133226}C:\program files\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0BF1CA46-3974-45D6-8F33-EA27EA7E1E8D}" = ArcSoft Print Creations
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}" = O2Micro Flash Memory Card Reader Driver (x86)
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A40B26-5B56-4D5D-944C-7D82D1F3555D}" = ArcSoft MediaImpression
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8C85F55C-8EE2-4F16-A3A1-672C9596A2A8}" = PC-VAB
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E5BA962C-631A-464B-AA8C-B1CED01D2E93}" = ArcSoft Panorama Maker 4
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4220_Help
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"avast5" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digital Camera Driver" = Digital Camera Driver
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Thunderbird (2.0.0.14)" = Mozilla Thunderbird (2.0.0.14)
"PixelNet Foto Client" = PixelNet Foto Client 4.7
"PROHYBRIDR" = 2007 Microsoft Office system
"TeamViewer 5" = TeamViewer 5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2010 14:43:20 | Computer Name = hkreich-PC | Source = Avira AntiVir | ID = 4118
Description =
 
Error - 29.08.2010 14:47:30 | Computer Name = hkreich-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 29.08.2010 14:48:27 | Computer Name = hkreich-PC | Source = Avira AntiVir | ID = 4118
Description =
 
Error - 29.08.2010 14:51:56 | Computer Name = hkreich-PC | Source = Avira AntiVir | ID = 4118
Description =
 
Error - 29.08.2010 14:53:23 | Computer Name = hkreich-PC | Source = Avira AntiVir | ID = 4118
Description =
 
Error - 29.08.2010 14:55:23 | Computer Name = hkreich-PC | Source = Avira AntiVir | ID = 4118
Description =
 
Error - 29.08.2010 14:58:04 | Computer Name = hkreich-PC | Source = Avira AntiVir | ID = 4118
Description =
 
Error - 29.08.2010 15:02:37 | Computer Name = hkreich-PC | Source = Avira AntiVir | ID = 4118
Description =
 
Error - 29.08.2010 15:03:35 | Computer Name = hkreich-PC | Source = Avira AntiVir | ID = 4118
Description =
 
Error - 29.08.2010 15:35:41 | Computer Name = hkreich-PC | Source = Application Hang | ID = 1002
Description = Programm PhotoViewer.exe, Version 1.0.0.2 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 14c4  Anfangszeit: 01cb47ad544dd30c  Zeitpunkt der
 Beendigung: 47
 
[ System Events ]
Error - 22.12.2009 09:37:16 | Computer Name = hkreich-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 23.12.2009 05:18:26 | Computer Name = hkreich-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 23.12.2009 05:20:00 | Computer Name = hkreich-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.12.2009 05:20:07 | Computer Name = hkreich-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 23.12.2009 09:27:45 | Computer Name = hkreich-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 23.12.2009 09:29:20 | Computer Name = hkreich-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.12.2009 09:29:42 | Computer Name = hkreich-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 24.12.2009 05:15:51 | Computer Name = hkreich-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 24.12.2009 05:17:24 | Computer Name = hkreich-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.12.2009 05:17:32 | Computer Name = hkreich-PC | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >

Ich glaub des MBAM hab ich nicht mit "als Admin ausfürhren" gemacht, aber ich hab ja sowieso nur nen Admin Account, von dem her macht des wohl nix oder?

cosinus 15.09.2010 16:08
Ok, für OTL gibt es nix zu fixen. Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

sir_neromani 15.09.2010 17:06
Ok, hab alles versucht so zu machen, Avast hab ich extra deinstalliert.

Log:

Code:
ComboFix 10-09-14.04 - hkreich 15.09.2010  17:39:59.1.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.952.254 [GMT 2:00]
ausgeführt von:: c:\users\hkreich\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-08-15 bis 2010-09-15  ))))))))))))))))))))))))))))))
.

2010-09-15 15:58 . 2010-09-15 15:58        --------        d-----w-        c:\users\hkreich\AppData\Local\temp
2010-09-15 15:58 . 2010-09-15 15:58        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-09-15 15:14 . 2010-09-15 15:14        --------        d-----w-        c:\program files\CCleaner
2010-09-14 13:54 . 2010-09-14 13:54        --------        d-----w-        c:\users\hkreich\AppData\Roaming\Malwarebytes
2010-09-14 13:53 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 13:53 . 2010-09-14 13:53        --------        d-----w-        c:\programdata\Malwarebytes
2010-09-14 13:53 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-14 13:53 . 2010-09-14 13:54        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-09-14 12:49 . 2010-09-14 12:49        --------        d-----w-        c:\programdata\Alwil Software
2010-09-14 12:49 . 2010-09-14 12:49        --------        d-----w-        c:\program files\Alwil Software
2010-09-06 17:54 . 2010-09-06 17:54        --------        d-----w-        c:\users\hkreich\.assistant

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 17:51 . 2008-05-26 08:41        690550        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-14 17:51 . 2008-05-26 08:41        152516        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-14 12:39 . 2009-07-14 16:15        --------        d-----w-        c:\program files\Google
2010-08-29 17:36 . 2010-06-11 18:04        --------        d-----w-        c:\users\hkreich\AppData\Roaming\TeamViewer
2010-08-13 16:38 . 2008-05-25 22:50        --------        d-----w-        c:\programdata\Microsoft Help
2010-08-13 16:34 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-06-26 06:05 . 2010-08-13 10:11        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 10:11        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-13 10:11        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-13 10:11        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-13 10:11        2037760        ----a-w-        c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-13 10:11        36864        ----a-w-        c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-13 10:10        302080        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-13 10:10        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2008-12-26 18:55 . 2008-12-26 18:55        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-07-14 16:15        157168        ----a-w-        c:\programdata\Partner\partner.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-14 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

c:\users\hkreich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-14 08:36]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 08:37]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 08:37]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{C967D5E2-CDAE-4CA2-84DD-ADBC5CF5A5DC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-15 17:58
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2336)
c:\windows\System32\SysHook.dll
.
Zeit der Fertigstellung: 2010-09-15  18:04:44
ComboFix-quarantined-files.txt  2010-09-15 16:04

Vor Suchlauf: 11 Verzeichnis(se), 37.641.977.856 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 36.104.134.656 Bytes frei

- - End Of File - - 8BD4FF5715A1E884B9BB61FE04B44AD7

cosinus 15.09.2010 17:51
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

sir_neromani 16.09.2010 09:50
Also, GMER ist denk ich öfter abgekackt, einmal hats ewig gedauert und auch über nacht wars noch nicht fertig, beim nächsten mal kam ein bluescreen und automatischer reboot. OSAM kann ich leider nicht installieren, da kommt immer ne Meldung:

Beim Entpacken: ...\CRC-Fehler in osam-gui.dll. Datei ist fehlerhaft.
...\Unerwartetes Archivende.

Beim Installieren: osam_gui.dll nicht gefunden. <-- wegen dem Fehler oben, denk ich

Ich hab OSAM schon 3 mal neu runtergeladen und es versucht.

cosinus 16.09.2010 10:07
Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden!

sir_neromani 16.09.2010 10:08
Ich habs jetzt doch geschafft. Hab des rar von am anderen Rechner downloaded und mim stick auf den Rechner. Allerdings war nach den 2x Next nur noch die Möglichkeit "close", im gegensatz zur Anleitung von hier.

Hier das Logfile:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:06:46 on 16.09.2010

OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\Users\hkreich\AppData\Local\Temp\catchme.sys  (File not found)
"int15" (int15) - "Acer, Inc." - C:\Windows\system32\drivers\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} "Partner BHO Class" - "Google Inc." - C:\ProgramData\Partner\partner.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\hkreich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"avast5" - "AVAST Software" - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
"BkupTray" - ? - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
"PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"avast! Mail Scanner" (avast! Mail Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"avast! Web Scanner" (avast! Web Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca0b70d1255c3a)" (gupdate1ca0b70d1255c3a) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe  (File found, but it contains no detailed information)
"O2Micro Flash Memory Card Service" (o2flash) - "O2Micro International" - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 16.09.2010 11:41
Ok. Bitte das Log vom Bootkit Remover posten.

sir_neromani 16.09.2010 11:59
Jetzt hat GMER doch noch funktioniert glaub ich. Dann mach ich jetzt noch des mim Bootkit Remover.

GMER log:

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-16 12:04:48
Windows 6.0.6002 Service Pack 2
Running: znqqr95g.exe; Driver: C:\Users\hkreich\AppData\Local\Temp\afrdifow.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                        ZwCreateProcessEx [0x8B93DBAE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                        ZwCreateSection [0x8B93D9D2]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                        ZwLoadDriver [0x8B93DB0C]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                        NtCreateSection
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                        ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                        ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE            ntkrnlpa.exe!ZwLoadDriver                                                                                    82583DF0 7 Bytes  JMP 8B93DB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                            825EF28F 5 Bytes  JMP 8B9395D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject                                                                                  82648063 5 Bytes  JMP 8B93AFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!NtCreateSection                                                                                  82649905 7 Bytes  JMP 8B93D9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                826A990A 7 Bytes  JMP 8B93DBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!SetUnhandledExceptionFilter            776BA84F 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\system32\services.exe[616] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  00130002
IAT            C:\Windows\system32\services.exe[616] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW]        00130000
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                        [745A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                          [745FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                      [745ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                [7459F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                          [745A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                      [7459E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]          [745D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]              [745ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                      [7459FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                      [7459FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                        [745971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                [7462CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                  [745CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                      [7459D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                [74596853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                              [7459687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                  [745A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                        aswSP.SYS (avast! self protection module/AVAST Software)
Device          \FileSystem\fastfat \FatCdrom                                                                                aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \FileSystem\fastfat \Fat                                                                                      aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

sir_neromani 16.09.2010 12:06
Hier die Ausgabe vom Bootkit Remover:

Code:
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
2), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`71100000
Boot sector MD5 is: 26062c4eb9a0e14db5e0d0ba52a0aa93

    Size  Device Name          MBR Status
 --------------------------------------------
  149 GB  \\.\PhysicalDrive0  Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

cosinus 16.09.2010 12:33
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

sir_neromani 16.09.2010 12:36
MBRCheck log:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Basic Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        Acer
BIOS Manufacturer:                Phoenix Technologies LTD
System Manufacturer:                Acer
System Product Name:                Extensa 5230
Logical Drives Mask:                0x0000001c

Kernel Drivers (total 156):
  0x8244D000 \SystemRoot\system32\ntkrnlpa.exe
  0x8241A000 \SystemRoot\system32\hal.dll
  0x8040C000 \SystemRoot\system32\kdcom.dll
  0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80483000 \SystemRoot\system32\PSHED.dll
  0x80494000 \SystemRoot\system32\BOOTVID.dll
  0x8049C000 \SystemRoot\system32\CLFS.SYS
  0x804DD000 \SystemRoot\system32\CI.dll
  0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80689000 \SystemRoot\system32\drivers\acpi.sys
  0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E0000 \SystemRoot\system32\drivers\pci.sys
  0x80707000 \SystemRoot\System32\drivers\partmgr.sys
  0x80716000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80719000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x80723000 \SystemRoot\system32\drivers\volmgr.sys
  0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8077C000 \SystemRoot\system32\DRIVERS\pcmcia.sys
  0x807A9000 \SystemRoot\System32\drivers\mountmgr.sys
  0x807B9000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x807C1000 \SystemRoot\system32\drivers\atapi.sys
  0x807C9000 \SystemRoot\system32\drivers\ataport.SYS
  0x807E7000 \SystemRoot\system32\drivers\msahci.sys
  0x807F1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x805BD000 \SystemRoot\system32\drivers\fltmgr.sys
  0x805EF000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82A0D000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x82A7E000 \SystemRoot\system32\drivers\ndis.sys
  0x82B89000 \SystemRoot\system32\drivers\msrpc.sys
  0x82BB4000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8660A000 \SystemRoot\System32\drivers\tcpip.sys
  0x866F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x86804000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x86914000 \SystemRoot\system32\drivers\volsnap.sys
  0x8694D000 \SystemRoot\System32\Drivers\spldr.sys
  0x86955000 \SystemRoot\System32\Drivers\mup.sys
  0x86964000 \SystemRoot\System32\drivers\ecache.sys
  0x8698B000 \SystemRoot\system32\drivers\disk.sys
  0x8699C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x869BD000 \SystemRoot\system32\drivers\crcdisk.sys
  0x869E8000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x869F3000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8AC0F000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8B2F3000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8B394000 \SystemRoot\System32\drivers\watchdog.sys
  0x8B3A0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8B3AB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8B3E9000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8670F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8679C000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
  0x8A606000 \SystemRoot\system32\DRIVERS\netr28.sys
  0x8A66D000 \SystemRoot\system32\DRIVERS\o2sd.sys
  0x8A677000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x8A69D000 \SystemRoot\system32\DRIVERS\o2media.sys
  0x8A6A9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8A6AD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8A6C0000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8A6CA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8A6D5000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x8A701000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8A70C000 \SystemRoot\system32\drivers\Afc.sys
  0x8A714000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8A72C000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8A734000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8A73D000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8A74C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8A77B000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8A7BC000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8A7C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8A7DE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x867D3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8A7E9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8B402000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8B416000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8B42B000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8B43B000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8B43D000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8B467000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8B471000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8B47E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8B4B3000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8B606000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8B810000 \SystemRoot\system32\drivers\portcls.sys
  0x8B83D000 \SystemRoot\system32\drivers\drmk.sys
  0x8B862000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8B89F000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8B4C4000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8B9A2000 \SystemRoot\system32\drivers\modem.sys
  0x8B9AF000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x8B9D0000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8B9D9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8B9E9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8B9F0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8B9F2000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8B578000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8B581000 \SystemRoot\System32\Drivers\Null.SYS
  0x8B588000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8B58F000 \SystemRoot\System32\drivers\vga.sys
  0x8B59B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8B5BC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8B5C4000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8B5CC000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8B5D7000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8B5E5000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8BA08000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8BA1E000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x8BA28000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8BA3C000 \SystemRoot\system32\drivers\afd.sys
  0x8BA84000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x8BA89000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8BABB000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8BAD1000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8BADF000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8BAF2000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8BB2E000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8BB38000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8BB4F000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x8BB76000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8BB9E000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8BBAB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8BBB6000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x92E40000 \SystemRoot\System32\win32k.sys
  0x8BBC0000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8BBCA000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x93060000 \SystemRoot\System32\TSDDD.dll
  0x93080000 \SystemRoot\System32\cdd.dll
  0x8BBD9000 \SystemRoot\system32\drivers\luafv.sys
  0xA4C0E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0xA4C45000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0xA4C48000 \SystemRoot\system32\DRIVERS\irda.sys
  0xA4C66000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA4C76000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xA4CA0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA4CAA000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA4CBD000 \SystemRoot\system32\drivers\spsys.sys
  0xA4D6D000 \SystemRoot\system32\drivers\HTTP.sys
  0xA4DDA000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x869C6000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA780E000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA7823000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA7844000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA7863000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA789C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA78B4000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA78DB000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA7941000 \??\C:\Windows\system32\drivers\int15.sys
  0xA7948000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xAC402000 \SystemRoot\system32\drivers\peauth.sys
  0xAC4E0000 \SystemRoot\system32\drivers\regi.sys
  0xAC4E2000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAC4EC000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAC4F8000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xAC500000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x76E80000 \Windows\System32\ntdll.dll

Processes (total 94):
      0 System Idle Process
      4 System
    420 C:\Windows\System32\smss.exe
    488 csrss.exe
    532 C:\Windows\System32\wininit.exe
    540 csrss.exe
    588 C:\Windows\System32\winlogon.exe
    616 C:\Windows\System32\services.exe
    636 C:\Windows\System32\lsass.exe
    644 C:\Windows\System32\lsm.exe
    816 C:\Windows\System32\svchost.exe
    912 C:\Windows\System32\svchost.exe
    948 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1184 C:\Windows\System32\audiodg.exe
    1208 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\SLsvc.exe
    1260 C:\Windows\System32\svchost.exe
    1396 C:\Windows\System32\svchost.exe
    1540 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1888 C:\Windows\System32\spoolsv.exe
    1912 C:\Windows\System32\svchost.exe
    464 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
      12 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    608 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    716 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    1572 C:\Windows\System32\svchost.exe
    1548 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    1920 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    200 C:\Acer\Mobility Center\MobilityService.exe
    2016 C:\Windows\System32\svchost.exe
    2052 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2128 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2156 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    2208 C:\Windows\System32\svchost.exe
    2260 C:\Windows\System32\svchost.exe
    2284 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    2320 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    2348 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2372 C:\Windows\System32\svchost.exe
    2416 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    2476 C:\Windows\System32\svchost.exe
    2532 C:\Windows\System32\SearchIndexer.exe
    2600 C:\Windows\System32\drivers\XAudio.exe
    3020 C:\Windows\System32\taskeng.exe
    3068 C:\Windows\System32\dwm.exe
    3108 C:\Windows\System32\taskeng.exe
    3208 C:\Windows\explorer.exe
    3344 C:\Program Files\Windows Defender\MSASCui.exe
    3352 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    3376 C:\Windows\System32\igfxtray.exe
    3392 C:\Windows\System32\hkcmd.exe
    3400 C:\Windows\System32\igfxpers.exe
    3492 C:\Windows\RtHDVCpl.exe
    3580 C:\Program Files\Apoint2K\Apoint.exe
    3664 C:\Windows\System32\igfxsrvc.exe
    4044 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2856 C:\Program Files\Internet Explorer\iexplore.exe
    2968 C:\Program Files\Internet Explorer\iexplore.exe
    2948 C:\Users\hkreich\AppData\Local\temp\RtkBtMnt.exe
    3460 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    3848 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3508 WmiPrvSE.exe
    3244 C:\Program Files\Launch Manager\LManager.exe
    1092 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    3056 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    2244 C:\Program Files\Apoint2K\ApMsgFwd.exe
    3568 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    2336 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    2588 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    3000 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1804 C:\Program Files\Acer\WR_PopUp\ProductReg.exe
    3384 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3572 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    3676 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    812 C:\Windows\System32\igfxext.exe
    3840 C:\Windows\System32\igfxsrvc.exe
    4108 C:\Program Files\Apoint2K\ApntEx.exe
    4172 C:\Program Files\Apoint2K\Hidfind.exe
    4452 C:\Program Files\Acer\WR_PopUp\AcerRegTool.exe
    4460 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    4484 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    4560 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    4776 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    4820 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    4864 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    5072 C:\Windows\System32\wbem\unsecapp.exe
    6096 C:\Windows\System32\wuauclt.exe
    5640 C:\Windows\System32\conime.exe
    3028 C:\Windows\System32\SearchProtocolHost.exe
    5956 C:\Windows\System32\SearchFilterHost.exe
    4640 C:\Users\hkreich\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`da600000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543216L9A300, Rev: FB2OC40C

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: DA67949D8E80AE4B877B861155C27C0550D2F7A3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 16.09.2010 12:39
Starte bitte MBRCheck.exe erneut (über Rechtsklick als Admin ausführen)
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 0
  • Please select the MBR code to write to this drive: 3 (für Vista)
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu auf.
Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten

sir_neromani 16.09.2010 15:17
Log vor Rebot:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Basic Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        Acer
BIOS Manufacturer:                Phoenix Technologies LTD
System Manufacturer:                Acer
System Product Name:                Extensa 5230
Logical Drives Mask:                0x0000001c

Kernel Drivers (total 156):
  0x8244D000 \SystemRoot\system32\ntkrnlpa.exe
  0x8241A000 \SystemRoot\system32\hal.dll
  0x8040C000 \SystemRoot\system32\kdcom.dll
  0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80483000 \SystemRoot\system32\PSHED.dll
  0x80494000 \SystemRoot\system32\BOOTVID.dll
  0x8049C000 \SystemRoot\system32\CLFS.SYS
  0x804DD000 \SystemRoot\system32\CI.dll
  0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80689000 \SystemRoot\system32\drivers\acpi.sys
  0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E0000 \SystemRoot\system32\drivers\pci.sys
  0x80707000 \SystemRoot\System32\drivers\partmgr.sys
  0x80716000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80719000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x80723000 \SystemRoot\system32\drivers\volmgr.sys
  0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8077C000 \SystemRoot\system32\DRIVERS\pcmcia.sys
  0x807A9000 \SystemRoot\System32\drivers\mountmgr.sys
  0x807B9000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x807C1000 \SystemRoot\system32\drivers\atapi.sys
  0x807C9000 \SystemRoot\system32\drivers\ataport.SYS
  0x807E7000 \SystemRoot\system32\drivers\msahci.sys
  0x807F1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x805BD000 \SystemRoot\system32\drivers\fltmgr.sys
  0x805EF000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82A0D000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x82A7E000 \SystemRoot\system32\drivers\ndis.sys
  0x82B89000 \SystemRoot\system32\drivers\msrpc.sys
  0x82BB4000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8660A000 \SystemRoot\System32\drivers\tcpip.sys
  0x866F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x86804000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x86914000 \SystemRoot\system32\drivers\volsnap.sys
  0x8694D000 \SystemRoot\System32\Drivers\spldr.sys
  0x86955000 \SystemRoot\System32\Drivers\mup.sys
  0x86964000 \SystemRoot\System32\drivers\ecache.sys
  0x8698B000 \SystemRoot\system32\drivers\disk.sys
  0x8699C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x869BD000 \SystemRoot\system32\drivers\crcdisk.sys
  0x869E8000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x869F3000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8AC0F000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8B2F3000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8B394000 \SystemRoot\System32\drivers\watchdog.sys
  0x8B3A0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8B3AB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8B3E9000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8670F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8679C000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
  0x8A606000 \SystemRoot\system32\DRIVERS\netr28.sys
  0x8A66D000 \SystemRoot\system32\DRIVERS\o2sd.sys
  0x8A677000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x8A69D000 \SystemRoot\system32\DRIVERS\o2media.sys
  0x8A6A9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8A6AD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8A6C0000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8A6CA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8A6D5000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x8A701000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8A70C000 \SystemRoot\system32\drivers\Afc.sys
  0x8A714000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8A72C000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8A734000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8A73D000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8A74C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8A77B000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8A7BC000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8A7C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8A7DE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x867D3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8A7E9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8B402000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8B416000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8B42B000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8B43B000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8B43D000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8B467000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8B471000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8B47E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8B4B3000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8B606000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8B810000 \SystemRoot\system32\drivers\portcls.sys
  0x8B83D000 \SystemRoot\system32\drivers\drmk.sys
  0x8B862000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8B89F000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8B4C4000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8B9A2000 \SystemRoot\system32\drivers\modem.sys
  0x8B9AF000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x8B9D0000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8B9D9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8B9E9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8B9F0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8B9F2000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8B578000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8B581000 \SystemRoot\System32\Drivers\Null.SYS
  0x8B588000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8B58F000 \SystemRoot\System32\drivers\vga.sys
  0x8B59B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8B5BC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8B5C4000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8B5CC000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8B5D7000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8B5E5000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8BA08000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8BA1E000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x8BA28000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8BA3C000 \SystemRoot\system32\drivers\afd.sys
  0x8BA84000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x8BA89000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8BABB000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8BAD1000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8BADF000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8BAF2000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8BB2E000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8BB38000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8BB4F000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x8BB76000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8BB9E000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8BBAB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8BBB6000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x92E40000 \SystemRoot\System32\win32k.sys
  0x8BBC0000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8BBCA000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x93060000 \SystemRoot\System32\TSDDD.dll
  0x93080000 \SystemRoot\System32\cdd.dll
  0x8BBD9000 \SystemRoot\system32\drivers\luafv.sys
  0xA4C0E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0xA4C45000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0xA4C48000 \SystemRoot\system32\DRIVERS\irda.sys
  0xA4C66000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA4C76000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xA4CA0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA4CAA000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA4CBD000 \SystemRoot\system32\drivers\spsys.sys
  0xA4D6D000 \SystemRoot\system32\drivers\HTTP.sys
  0xA4DDA000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x869C6000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA780E000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA7823000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA7844000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA7863000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA789C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA78B4000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA78DB000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA7941000 \??\C:\Windows\system32\drivers\int15.sys
  0xA7948000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xAC402000 \SystemRoot\system32\drivers\peauth.sys
  0xAC4E0000 \SystemRoot\system32\drivers\regi.sys
  0xAC4E2000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAC4EC000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAC4F8000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xAC500000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x76E80000 \Windows\System32\ntdll.dll

Processes (total 92):
      0 System Idle Process
      4 System
    420 C:\Windows\System32\smss.exe
    488 csrss.exe
    532 C:\Windows\System32\wininit.exe
    540 csrss.exe
    588 C:\Windows\System32\winlogon.exe
    616 C:\Windows\System32\services.exe
    636 C:\Windows\System32\lsass.exe
    644 C:\Windows\System32\lsm.exe
    816 C:\Windows\System32\svchost.exe
    912 C:\Windows\System32\svchost.exe
    948 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1184 C:\Windows\System32\audiodg.exe
    1208 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\SLsvc.exe
    1260 C:\Windows\System32\svchost.exe
    1396 C:\Windows\System32\svchost.exe
    1540 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1888 C:\Windows\System32\spoolsv.exe
    1912 C:\Windows\System32\svchost.exe
    464 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
      12 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    608 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    716 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    1572 C:\Windows\System32\svchost.exe
    1548 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    1920 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    200 C:\Acer\Mobility Center\MobilityService.exe
    2016 C:\Windows\System32\svchost.exe
    2052 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2128 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2156 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    2208 C:\Windows\System32\svchost.exe
    2260 C:\Windows\System32\svchost.exe
    2284 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    2320 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    2348 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2372 C:\Windows\System32\svchost.exe
    2416 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    2476 C:\Windows\System32\svchost.exe
    2532 C:\Windows\System32\SearchIndexer.exe
    2600 C:\Windows\System32\drivers\XAudio.exe
    3020 C:\Windows\System32\taskeng.exe
    3068 C:\Windows\System32\dwm.exe
    3108 C:\Windows\System32\taskeng.exe
    3208 C:\Windows\explorer.exe
    3344 C:\Program Files\Windows Defender\MSASCui.exe
    3352 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    3376 C:\Windows\System32\igfxtray.exe
    3392 C:\Windows\System32\hkcmd.exe
    3400 C:\Windows\System32\igfxpers.exe
    3492 C:\Windows\RtHDVCpl.exe
    3580 C:\Program Files\Apoint2K\Apoint.exe
    3664 C:\Windows\System32\igfxsrvc.exe
    4044 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2856 C:\Program Files\Internet Explorer\iexplore.exe
    2968 C:\Program Files\Internet Explorer\iexplore.exe
    2948 C:\Users\hkreich\AppData\Local\temp\RtkBtMnt.exe
    3460 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    3848 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3508 WmiPrvSE.exe
    3244 C:\Program Files\Launch Manager\LManager.exe
    1092 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    3056 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    2244 C:\Program Files\Apoint2K\ApMsgFwd.exe
    3568 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    2336 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    2588 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    3000 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3384 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3572 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    3676 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    812 C:\Windows\System32\igfxext.exe
    3840 C:\Windows\System32\igfxsrvc.exe
    4108 C:\Program Files\Apoint2K\ApntEx.exe
    4172 C:\Program Files\Apoint2K\Hidfind.exe
    4460 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    4484 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    4560 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    4776 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    4820 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    4864 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    5072 C:\Windows\System32\wbem\unsecapp.exe
    6096 C:\Windows\System32\wuauclt.exe
    5640 C:\Windows\System32\conime.exe
    5120 C:\Windows\System32\SearchProtocolHost.exe
    168 C:\Windows\System32\SearchFilterHost.exe
    4760 C:\Users\hkreich\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`da600000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543216L9A300, Rev: FB2OC40C

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: DA67949D8E80AE4B877B861155C27C0550D2F7A3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
 [ 0] Default (Windows Vista)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Lob nach Reboot:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Basic Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        Acer
BIOS Manufacturer:                Phoenix Technologies LTD
System Manufacturer:                Acer
System Product Name:                Extensa 5230
Logical Drives Mask:                0x0000001c

Kernel Drivers (total 156):
  0x82400000 \SystemRoot\system32\ntkrnlpa.exe
  0x827B9000 \SystemRoot\system32\hal.dll
  0x8040E000 \SystemRoot\system32\kdcom.dll
  0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80485000 \SystemRoot\system32\PSHED.dll
  0x80496000 \SystemRoot\system32\BOOTVID.dll
  0x8049E000 \SystemRoot\system32\CLFS.SYS
  0x804DF000 \SystemRoot\system32\CI.dll
  0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068C000 \SystemRoot\system32\drivers\acpi.sys
  0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E3000 \SystemRoot\system32\drivers\pci.sys
  0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
  0x80719000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8071C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x80726000 \SystemRoot\system32\drivers\volmgr.sys
  0x80735000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8077F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
  0x807AC000 \SystemRoot\System32\drivers\mountmgr.sys
  0x807BC000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x807C4000 \SystemRoot\system32\drivers\atapi.sys
  0x807CC000 \SystemRoot\system32\drivers\ataport.SYS
  0x807EA000 \SystemRoot\system32\drivers\msahci.sys
  0x805BF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x805CD000 \SystemRoot\system32\drivers\fltmgr.sys
  0x82A0F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82A1F000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x82A90000 \SystemRoot\system32\drivers\ndis.sys
  0x82B9B000 \SystemRoot\system32\drivers\msrpc.sys
  0x8660E000 \SystemRoot\system32\drivers\NETIO.SYS
  0x86649000 \SystemRoot\System32\drivers\tcpip.sys
  0x86733000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x86808000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x86918000 \SystemRoot\system32\drivers\volsnap.sys
  0x86951000 \SystemRoot\System32\Drivers\spldr.sys
  0x86959000 \SystemRoot\System32\Drivers\mup.sys
  0x86968000 \SystemRoot\System32\drivers\ecache.sys
  0x8698F000 \SystemRoot\system32\drivers\disk.sys
  0x869A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x869C1000 \SystemRoot\system32\drivers\crcdisk.sys
  0x869EC000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x869F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8A401000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8AAE5000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8AB86000 \SystemRoot\System32\drivers\watchdog.sys
  0x8AB92000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8AB9D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8ABDB000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8674E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x82BC6000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
  0x89E0B000 \SystemRoot\system32\DRIVERS\netr28.sys
  0x89E72000 \SystemRoot\system32\DRIVERS\o2sd.sys
  0x89E7C000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x89EA2000 \SystemRoot\system32\DRIVERS\o2media.sys
  0x89EAE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x89EB2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x89EC5000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x89ECF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x89EDA000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x89F06000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x89F11000 \SystemRoot\system32\drivers\Afc.sys
  0x89F19000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x89F31000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x89F39000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x89F42000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x89F51000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x89F80000 \SystemRoot\system32\DRIVERS\storport.sys
  0x89FC1000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x89FCC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x89FE3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x867DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x89FEE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8ABEA000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8A00D000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8A022000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8A032000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8A034000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8A05E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8A068000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8A075000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8A0AA000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8AC02000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8AE0C000 \SystemRoot\system32\drivers\portcls.sys
  0x8AE39000 \SystemRoot\system32\drivers\drmk.sys
  0x8AE5E000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8AE9B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8A0BB000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8AF9E000 \SystemRoot\system32\drivers\modem.sys
  0x8AFAB000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x8AFCC000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8AFD5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8AFE5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8AFEC000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8AFEE000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8AFF6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8A16F000 \SystemRoot\System32\Drivers\Null.SYS
  0x8A176000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8A17D000 \SystemRoot\System32\drivers\vga.sys
  0x8A189000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8A1AA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8A1B2000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8A1BA000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8A1C5000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8A1D3000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8A1DC000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8A1F2000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x8B004000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8B018000 \SystemRoot\system32\drivers\afd.sys
  0x8B060000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x8B065000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8B097000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8B0AD000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8B0BB000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8B0CE000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8B10A000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8B114000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8B12B000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x8B152000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8B17A000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8B187000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8B192000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x92810000 \SystemRoot\System32\win32k.sys
  0x8B19C000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8B1A6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x92A30000 \SystemRoot\System32\TSDDD.dll
  0x92A50000 \SystemRoot\System32\cdd.dll
  0x8B1B5000 \SystemRoot\system32\drivers\luafv.sys
  0x81C06000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0x81C3D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0x81C40000 \SystemRoot\system32\DRIVERS\irda.sys
  0x81C5E000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x81C6E000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x81C98000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x81CA2000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x81CB5000 \SystemRoot\system32\drivers\spsys.sys
  0x81D65000 \SystemRoot\system32\drivers\HTTP.sys
  0x81DD2000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x8B1D0000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x8B1E9000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x869CA000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA6E07000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA6E26000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA6E5F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA6E77000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA6E9E000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA6F04000 \??\C:\Windows\system32\drivers\int15.sys
  0xA6F0B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA6F0F000 \SystemRoot\system32\drivers\peauth.sys
  0xA6FED000 \SystemRoot\system32\drivers\regi.sys
  0xA6FEF000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA6EEC000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA6EF8000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xB0405000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x76E70000 \Windows\System32\ntdll.dll

Processes (total 92):
      0 System Idle Process
      4 System
    420 C:\Windows\System32\smss.exe
    488 csrss.exe
    532 C:\Windows\System32\wininit.exe
    540 csrss.exe
    588 C:\Windows\System32\winlogon.exe
    608 C:\Windows\System32\services.exe
    624 C:\Windows\System32\lsass.exe
    632 C:\Windows\System32\lsm.exe
    808 C:\Windows\System32\svchost.exe
    908 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\audiodg.exe
    1212 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\SLsvc.exe
    1276 C:\Windows\System32\svchost.exe
    1400 C:\Windows\System32\svchost.exe
    1544 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1880 C:\Windows\System32\spoolsv.exe
    1904 C:\Windows\System32\svchost.exe
    444 C:\Windows\System32\taskeng.exe
    528 C:\Windows\System32\dwm.exe
    704 C:\Windows\explorer.exe
    1564 C:\Windows\System32\taskeng.exe
    1648 C:\Program Files\Windows Defender\MSASCui.exe
    1912 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    840 C:\Windows\System32\igfxtray.exe
    904 C:\Windows\System32\hkcmd.exe
    316 C:\Windows\System32\igfxpers.exe
    2176 C:\Windows\RtHDVCpl.exe
    2196 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    2220 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    2244 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    2272 C:\Program Files\Apoint2K\Apoint.exe
    2312 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    2512 C:\Windows\System32\svchost.exe
    2556 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    2596 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2644 C:\Acer\Mobility Center\MobilityService.exe
    2732 C:\Windows\System32\svchost.exe
    2776 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2824 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2856 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    2892 C:\Windows\System32\svchost.exe
    2928 C:\Windows\System32\svchost.exe
    2948 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    2964 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    2988 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    3016 C:\Windows\System32\svchost.exe
    3056 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    3092 C:\Windows\System32\svchost.exe
    3164 C:\Windows\System32\SearchIndexer.exe
    3224 C:\Windows\System32\drivers\XAudio.exe
    3436 C:\Windows\System32\igfxsrvc.exe
    3788 C:\Users\hkreich\AppData\Local\temp\RtkBtMnt.exe
    492 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3720 WmiPrvSE.exe
    1644 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2624 C:\Program Files\Launch Manager\LManager.exe
    436 C:\Program Files\Apoint2K\ApMsgFwd.exe
    3620 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    2440 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    2348 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    2152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    2144 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    2140 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    2656 C:\Program Files\Acer\WR_PopUp\ProductReg.exe
    2728 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3884 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    3356 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    2232 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    3868 C:\Program Files\Apoint2K\ApntEx.exe
    3712 C:\Program Files\Apoint2K\Hidfind.exe
    3480 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    1756 C:\Program Files\Acer\WR_PopUp\AcerRegTool.exe
    856 C:\Windows\System32\igfxext.exe
    4064 C:\Windows\System32\igfxsrvc.exe
    3780 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    2620 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    4100 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    4132 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    4192 C:\Windows\System32\wbem\unsecapp.exe
    4396 C:\Program Files\Internet Explorer\iexplore.exe
    4540 C:\Program Files\Internet Explorer\iexplore.exe
    4608 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    5004 C:\Windows\System32\wuauclt.exe
    5448 C:\Users\hkreich\Desktop\MBRCheck.exe
    5504 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`da600000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543216L9A300, Rev: FB2OC40C

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: DA67949D8E80AE4B877B861155C27C0550D2F7A3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 16.09.2010 19:16
Wir müssen den MBR anders fixen.

Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

sir_neromani 17.09.2010 11:00
Ok, genauso gemacht. Wars das? Oder brauchst du weitere Logs?

Die partner.dll/exe is immer noch im Hijackthis log.

cosinus 17.09.2010 13:30
Das mit der partner.dll fixen wir nachher. Mach bitte erstmal einen Kontrollcan mit MBRCheck.

sir_neromani 17.09.2010 13:36
MBRCheck Log:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Basic Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        Acer
BIOS Manufacturer:                Phoenix Technologies LTD
System Manufacturer:                Acer
System Product Name:                Extensa 5230
Logical Drives Mask:                0x0000001c

Kernel Drivers (total 156):
  0x82435000 \SystemRoot\system32\ntkrnlpa.exe
  0x82402000 \SystemRoot\system32\hal.dll
  0x80403000 \SystemRoot\system32\kdcom.dll
  0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8047A000 \SystemRoot\system32\PSHED.dll
  0x8048B000 \SystemRoot\system32\BOOTVID.dll
  0x80493000 \SystemRoot\system32\CLFS.SYS
  0x804D4000 \SystemRoot\system32\CI.dll
  0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068C000 \SystemRoot\system32\drivers\acpi.sys
  0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E3000 \SystemRoot\system32\drivers\pci.sys
  0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
  0x80719000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8071C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x80726000 \SystemRoot\system32\drivers\volmgr.sys
  0x80735000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8077F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
  0x807AC000 \SystemRoot\System32\drivers\mountmgr.sys
  0x807BC000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x807C4000 \SystemRoot\system32\drivers\atapi.sys
  0x807CC000 \SystemRoot\system32\drivers\ataport.SYS
  0x807EA000 \SystemRoot\system32\drivers\msahci.sys
  0x805B4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x805C2000 \SystemRoot\system32\drivers\fltmgr.sys
  0x82A0B000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82A1B000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x82A8C000 \SystemRoot\system32\drivers\ndis.sys
  0x82B97000 \SystemRoot\system32\drivers\msrpc.sys
  0x82BC2000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8660B000 \SystemRoot\System32\drivers\tcpip.sys
  0x866F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x86806000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x86916000 \SystemRoot\system32\drivers\volsnap.sys
  0x8694F000 \SystemRoot\System32\Drivers\spldr.sys
  0x86957000 \SystemRoot\System32\Drivers\mup.sys
  0x86966000 \SystemRoot\System32\drivers\ecache.sys
  0x8698D000 \SystemRoot\system32\drivers\disk.sys
  0x8699E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x869BF000 \SystemRoot\system32\drivers\crcdisk.sys
  0x869EA000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x869F5000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8980C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x89EF0000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x89F91000 \SystemRoot\System32\drivers\watchdog.sys
  0x89F9D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x89FA8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x89FE6000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x86710000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8679D000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
  0x8A405000 \SystemRoot\system32\DRIVERS\netr28.sys
  0x8A46C000 \SystemRoot\system32\DRIVERS\o2sd.sys
  0x8A476000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x8A49C000 \SystemRoot\system32\DRIVERS\o2media.sys
  0x8A4A8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8A4AC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8A4BF000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8A4C9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8A4D4000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x8A500000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8A50B000 \SystemRoot\system32\drivers\Afc.sys
  0x8A513000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8A52B000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8A533000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8A53C000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8A54B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8A57A000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8A5BB000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8A5C6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8A5DD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x867D4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8A5E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8A601000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8A615000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8A62A000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8A63A000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8A63C000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8A666000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8A670000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8A67D000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8A6B2000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8A809000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8AA13000 \SystemRoot\system32\drivers\portcls.sys
  0x8AA40000 \SystemRoot\system32\drivers\drmk.sys
  0x8AA65000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8AAA2000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8A6C3000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8ABA5000 \SystemRoot\system32\drivers\modem.sys
  0x8ABB2000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x8ABD3000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8ABDC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8ABEC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8ABF3000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8ABF5000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8A800000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8A777000 \SystemRoot\System32\Drivers\Null.SYS
  0x8A77E000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8A785000 \SystemRoot\System32\drivers\vga.sys
  0x8A791000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8A7B2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8A7BA000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8A7C2000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8A7CD000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8A7DB000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8A7E4000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x89FF5000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x8AE0F000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8AE23000 \SystemRoot\system32\drivers\afd.sys
  0x8AE6B000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x8AE70000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8AEA2000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8AEB8000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8AEC6000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8AED9000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8AF15000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8AF1F000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8AF36000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x8AF5D000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8AF85000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8AF92000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8AF9D000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x92A50000 \SystemRoot\System32\win32k.sys
  0x8AFA7000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8AFB1000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x92C70000 \SystemRoot\System32\TSDDD.dll
  0x92C90000 \SystemRoot\System32\cdd.dll
  0x8AFC0000 \SystemRoot\system32\drivers\luafv.sys
  0x81E0E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0x81E45000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0x81E48000 \SystemRoot\system32\DRIVERS\irda.sys
  0x81E66000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x81E76000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x81EA0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x81EAA000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x81EBD000 \SystemRoot\system32\drivers\spsys.sys
  0x81F6D000 \SystemRoot\system32\drivers\HTTP.sys
  0x81FDA000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x8AFDB000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x869C8000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA740A000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA742B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA744A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA7483000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA749B000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA74C2000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA7528000 \??\C:\Windows\system32\drivers\int15.sys
  0xA752F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xAB806000 \SystemRoot\system32\drivers\peauth.sys
  0xAB8E4000 \SystemRoot\system32\drivers\regi.sys
  0xAB8E6000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAB8F0000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAB8FC000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xAB904000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x77460000 \Windows\System32\ntdll.dll

Processes (total 89):
      0 System Idle Process
      4 System
    400 C:\Windows\System32\smss.exe
    468 csrss.exe
    512 C:\Windows\System32\wininit.exe
    520 csrss.exe
    568 C:\Windows\System32\winlogon.exe
    596 C:\Windows\System32\services.exe
    616 C:\Windows\System32\lsass.exe
    624 C:\Windows\System32\lsm.exe
    784 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\svchost.exe
    916 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1160 C:\Windows\System32\audiodg.exe
    1184 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\SLsvc.exe
    1248 C:\Windows\System32\svchost.exe
    1376 C:\Windows\System32\svchost.exe
    1548 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1860 C:\Windows\System32\spoolsv.exe
    1884 C:\Windows\System32\svchost.exe
    288 C:\Windows\System32\taskeng.exe
    476 C:\Windows\System32\dwm.exe
    504 C:\Windows\explorer.exe
    1504 C:\Windows\System32\taskeng.exe
    1240 C:\Program Files\Windows Defender\MSASCui.exe
    1404 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    1032 C:\Windows\System32\igfxtray.exe
    1900 C:\Windows\System32\hkcmd.exe
    1468 C:\Windows\System32\igfxpers.exe
    524 C:\Windows\RtHDVCpl.exe
    1180 C:\Program Files\Apoint2K\Apoint.exe
    2176 C:\Windows\System32\igfxsrvc.exe
    2320 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    2344 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    2376 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    2404 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    2540 C:\Windows\System32\svchost.exe
    2564 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    2612 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2636 C:\Acer\Mobility Center\MobilityService.exe
    2736 C:\Windows\System32\svchost.exe
    2772 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2880 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2892 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    2944 C:\Windows\System32\svchost.exe
    2956 C:\Windows\System32\svchost.exe
    2968 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    3000 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    3036 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    3076 C:\Windows\System32\svchost.exe
    3116 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    3148 C:\Windows\System32\svchost.exe
    3180 C:\Windows\System32\SearchIndexer.exe
    3280 C:\Users\hkreich\AppData\Local\temp\RtkBtMnt.exe
    3292 C:\Windows\System32\drivers\XAudio.exe
    3548 WmiPrvSE.exe
    2592 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3696 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4032 C:\Program Files\Launch Manager\LManager.exe
    3660 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    2312 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    2856 C:\Windows\System32\igfxext.exe
    2340 C:\Windows\System32\igfxsrvc.exe
    880 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    768 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3524 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    2116 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1660 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3772 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    3380 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    1576 C:\Program Files\Apoint2K\ApMsgFwd.exe
    1176 C:\Windows\System32\wbem\unsecapp.exe
    416 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    2424 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    2328 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    3408 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    3532 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    3304 C:\Program Files\Apoint2K\Hidfind.exe
    1344 C:\Program Files\Apoint2K\ApntEx.exe
    3412 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    5656 C:\Program Files\Internet Explorer\iexplore.exe
    5792 C:\Program Files\Internet Explorer\iexplore.exe
    5912 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    2488 C:\Users\hkreich\Desktop\MBRCheck.exe
    960 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`da600000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543216L9A300, Rev: FB2OC40C

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 17.09.2010 17:36
Sieht ok aus. Dann lass und jetzt mal den Partner-Schiet wegscripten :D

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

Folder::
c:\users\hkreich\.assistant
c:\programdata\Partner
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sir_neromani 17.09.2010 18:19
Es wurde nicht nach einem Neustart gefragt. Nachdem cofi fertig war war lediglich alles geschlossen und eine log.txt war offen: (weil ich vergas das Netzkabel abzustecken? Guard war aus!)

Code:
ComboFix 10-09-14.04 - hkreich 17.09.2010  18:53:48.2.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.952.389 [GMT 2:00]
ausgeführt von:: c:\users\hkreich\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\hkreich\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Partner
c:\programdata\Partner\partner.dll
c:\programdata\Partner\partner.exe
c:\users\hkreich\.assistant
c:\users\hkreich\.assistant\contentdb40.ElsterFormular-Bedienung

.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-17 bis 2010-09-17  ))))))))))))))))))))))))))))))
.

2010-09-17 17:07 . 2010-09-17 17:07        --------        d-----w-        c:\users\hkreich\AppData\Local\temp
2010-09-17 17:07 . 2010-09-17 17:07        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-09-17 17:07 . 2010-09-17 17:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-09-16 10:05 . 2010-09-16 10:05        --------        d-----w-        c:\users\hkreich\NTI-Shadow
2010-09-15 23:36 . 2010-09-07 14:47        17744        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2010-09-15 23:36 . 2010-09-07 14:52        165584        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2010-09-15 23:36 . 2010-09-07 14:47        23376        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2010-09-15 23:36 . 2010-09-07 14:52        46672        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2010-09-15 23:36 . 2010-09-07 14:47        50768        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2010-09-15 23:35 . 2010-09-07 15:12        38848        ----a-w-        c:\windows\avastSS.scr
2010-09-15 23:35 . 2010-09-07 15:11        167592        ----a-w-        c:\windows\system32\aswBoot.exe
2010-09-15 16:10 . 2010-04-05 17:02        317952        ----a-w-        c:\windows\system32\MP4SDECD.DLL
2010-09-15 16:10 . 2010-08-17 14:11        128000        ----a-w-        c:\windows\system32\spoolsv.exe
2010-09-15 16:09 . 2010-04-16 16:46        502272        ----a-w-        c:\windows\system32\usp10.dll
2010-09-15 16:09 . 2010-05-27 20:08        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2010-09-15 15:37 . 2010-09-15 16:04        --------        d-----w-        C:\cofi
2010-09-15 15:14 . 2010-09-15 15:14        --------        d-----w-        c:\program files\CCleaner
2010-09-14 13:54 . 2010-09-14 13:54        --------        d-----w-        c:\users\hkreich\AppData\Roaming\Malwarebytes
2010-09-14 13:53 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 13:53 . 2010-09-14 13:53        --------        d-----w-        c:\programdata\Malwarebytes
2010-09-14 13:53 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-14 13:53 . 2010-09-14 13:54        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-09-14 12:49 . 2010-09-14 12:49        --------        d-----w-        c:\programdata\Alwil Software
2010-09-14 12:49 . 2010-09-14 12:49        --------        d-----w-        c:\program files\Alwil Software

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 21:47 . 2008-05-25 22:50        --------        d-----w-        c:\programdata\Microsoft Help
2010-09-16 09:03 . 2008-05-26 08:41        690550        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-16 09:03 . 2008-05-26 08:41        152516        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-16 05:00 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-09-14 12:39 . 2009-07-14 16:15        --------        d-----w-        c:\program files\Google
2010-08-29 17:36 . 2010-06-11 18:04        --------        d-----w-        c:\users\hkreich\AppData\Roaming\TeamViewer
2010-06-26 06:05 . 2010-08-13 10:11        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 10:11        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-13 10:11        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-13 10:11        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-13 10:11        2037760        ----a-w-        c:\windows\system32\win32k.sys
2008-12-26 18:55 . 2008-12-26 18:55        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-14 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\users\hkreich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca0b70d1255c3a;Google Update Service (gupdate1ca0b70d1255c3a);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-07-01 388096]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-09-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-14 08:36]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 08:37]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 08:37]

2010-09-17 c:\windows\Tasks\User_Feed_Synchronization-{C967D5E2-CDAE-4CA2-84DD-ADBC5CF5A5DC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-17 19:07
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-17  19:12:21
ComboFix-quarantined-files.txt  2010-09-17 17:12
ComboFix2.txt  2010-09-15 16:04

Vor Suchlauf: 16 Verzeichnis(se), 46.101.094.400 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 46.069.538.816 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 82AABB152B2210E534B1E72114B1C5AC

cosinus 17.09.2010 18:34
Ist schon ok, CF startet den Rechner nicht immer neu.

Zitat:
c:\users\hkreich\.assistant
c:\users\hkreich\.assistant\contentdb40.ElsterFormular-Bedienung
Peinlich, ich hab versehentlich den .assistant Ordner für Müll gehalten, aber der ist anscheinend für ELSTER da. machst Du noch, brauchste den wieder? :wtf:

Ansonsten alles ok soweit. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

sir_neromani 17.09.2010 19:42
Nein, wird nicht gerbraucht, kein Problem.
MBAM Log:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4640

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

17.09.2010 20:41:59
mbam-log-2010-09-17 (20-41-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142234
Laufzeit: 6 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

sir_neromani 17.09.2010 20:05
SuperAntiSpyware Log:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/17/2010 at 09:04 PM

Application Version : 4.42.1000

Core Rules Database Version : 5526
Trace Rules Database Version: 3338

Scan type      : Quick Scan
Total Scan Time : 00:14:06

Memory items scanned      : 766
Memory threats detected  : 0
Registry items scanned    : 4601
Registry threats detected : 0
File items scanned        : 8335
File threats detected    : 5

Adware.Tracking Cookie
        C:\Users\hkreich\AppData\Roaming\Microsoft\Windows\Cookies\hkreich@mediaplex[1].txt
        C:\Users\hkreich\AppData\Roaming\Microsoft\Windows\Cookies\hkreich@apmebf[1].txt
        C:\Users\hkreich\AppData\Roaming\Microsoft\Windows\Cookies\hkreich@doubleclick[1].txt
        C:\Users\hkreich\AppData\Roaming\Microsoft\Windows\Cookies\hkreich@im.banner.t-online[1].txt
        .doubleclick.net [ C:\Users\hkreich\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

cosinus 17.09.2010 20:05
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

sir_neromani 17.09.2010 20:12
Bis jetzt nix aufgefallen, wenn dus für gut befindest, dann werd ich jetzt noch den Beitrag zum "Windows aufräumen" (Programme löschen, CCleaner, Defrag usw. ) durchgehen.

Vielen, vielen, Dank!

Das ist jetzt schon das 2. mal, dass mir hier perfekt geholfen wurde. Ich denke es is mal Zeit für eine Spende. Vielen dank für dieses Engagemen!

cosinus 17.09.2010 20:50
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:30 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130