Trojaner-Board - TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3 (https://www.trojaner-board.de/88568-tr-dropper-gen-tr-crypt-xpack-gen-tr-crypt-xpack-gen2-tr-dldr-agent-cxyf-3-a.html)

TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3

Hallo,
heute nacht, also grade eben hat AntiVir 3 Viren bzw. da stand Malware gefunden. Das waren folgende 3
TR/Dropper.gen
TR/Crypt.XPACK.Gen
TR/Crypt.XPACK.Gen2
am 16.7 wurde bereits TR/Dldr.Agent.cxyf.3 gefunden.

Ich glaub ich sollte jetzt mal erwähnen das ich überhaupt gar keine Ahnung habe:dummguck:..... d.h. ich hab zwar was von highjackthis gelesen, ich weiß aber gar nicht was ich machen soll... erstmal instalieren oder?

Also zurück zu den "Viren" AntiVir hat die in Quarantäne verschoben und eventuell auch entfernt, da hab ich zumindest drauf geklickt. Ich hab auch schon die neuen Updates für AntiVir geladen und lasse gerade einen Vollständigen systemcheck machen.

Ich hab auch meinen Laptop bis jetzt nicht ausgeschaltet.....

Also alles in allem: Ich bin total verzweifelt und weiß gar nicht was ich machen soll, es wäre super super nett wenn mit jemand schreiben könnte was ich jetzt tun soll, aber wie gesagt bitte eine Anleitung für Dumme:(

Achja die Datein wurden hier gefunden C:\Windows\Temp\_avast5_\unp242785059.tmp
C:\Windows\Temp\_avast5_\unp225324127.tmp
C:\Windows\Temp\_avast5_\unp191234168.tmp
und der etwas ältere in C:\Users\***\Downloads\gameztar_installer.exe

gefunden.

Ach und noch was, ich weiß ja nicht ob das damit zusammen hängt aber seit ein paar Tagen schaltet sich meine Windows Firewall immer aus wenn sich eine Internet verbindung aufbaut.

Schon mal Vielen Dank im Vorraus.

Hallo und :hallo:

Zitat:

Achja die Datein wurden hier gefunden C:\Windows\Temp\_avast5_\unp242785059.tmp
C:\Windows\Temp\_avast5_\unp225324127.tmp
C:\Windows\Temp\_avast5_\unp191234168.tmp

Du hast nicht zufällig AntiVir und Avast installiert? Wenn ja, das geht nicht. Deinstalliere AntiVir oder Avast, aber beide zusammen beißen sich wie man hier schön sieht.

Wenn Du damit durch bist: bitte nen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Hatte wirklich beide instaliert, :(

hier der Log von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4340

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

23.07.2010 14:55:44
mbam-log-2010-07-23 (14-55-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 238434
Laufzeit: 1 Stunde(n), 25 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Das andere muss ich noch machen, ich hoffe das ist der richtige Log?

Danke!!!

Mist hab jetzt Odt runter geladen im gleichen moment als es fertig war wurde ein neue Malwaren gefunden und mein AntiVire hat sich ausgeschaltet, ich konnte es aber wieder einschalteten, sieht zumindest so aus.

In der Datei 'C:\Windows\Temp\_avast5_\unp258836985.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\_avast5_\unp258836985.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\_avast5_\unp258836985.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

So ich mach jetzt grad den OTL scan, ich meld mich danach

Zitat:

In der Datei 'C:\Windows\Temp\_avast5_\unp258836985.tmp'

Liest Du auch mal was im Pfad steht? :balla:
Das ist keine malware sondern ein Bestandteil von Avast! Was hast Du jetzt deinstalliert, AntiVir oder Avast oder noch garnichts?

Das ging schnell :-)
OTL Logfile:

Code:

OTL logfile created on: 23.07.2010 19:31:51 - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Kaus.Jacqueline\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free

6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 143,79 Gb Total Space | 85,91 Gb Free Space | 59,74% Space Free | Partition Type: NTFS

Drive D: | 140,29 Gb Total Space | 139,60 Gb Free Space | 99,50% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: KAUSJACQUELI-PC

Current User Name: Kaus.Jacqueline

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Kaus.Jacqueline\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe ()

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Users\KAUS~1.JAC\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)

PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Programme\Common Files\McAfee\Core\mchost.exe (McAfee, Inc.)

PRC - C:\Acer\Mobility Center\MobilityService.exe ()

PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Programme\McAfee\MSC\mcshell.exe (McAfee, Inc.)

PRC - C:\Windows\PLFSetI.exe ()

PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)

PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)

PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

PRC - c:\Programme\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)

PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)

PRC - c:\Programme\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)

PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

PRC - C:\Windows\System32\PSIService.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Kaus.Jacqueline\Downloads\OTL.exe (OldTimer Tools)

MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (avast! Antivirus) --  File not found

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ()

SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)

SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (aswTdi) --  File not found

DRV - (aswSP) --  File not found

DRV - (aswRdr) --  File not found

DRV - (aswMonFlt) --  File not found

DRV - (aswFsBlk) --  File not found

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)

DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)

DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)

DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)

DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/?cc=de&lang=de&nocookie=1"

FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1.1

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.07.08 14:10:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.22 00:53:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.22 00:53:28 | 000,000,000 | ---D | M]

 

[2009.05.23 21:25:54 | 000,000,000 | ---D | M] -- C:\Users\Kaus.Jacqueline\AppData\Roaming\mozilla\Extensions

[2010.07.23 03:04:40 | 000,000,000 | ---D | M] -- C:\Users\Kaus.Jacqueline\AppData\Roaming\mozilla\Firefox\Profiles\e0pwhaik.default\extensions

[2009.08.11 22:57:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kaus.Jacqueline\AppData\Roaming\mozilla\Firefox\Profiles\e0pwhaik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009.01.07 21:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaus.Jacqueline\AppData\Roaming\mozilla\Firefox\Profiles\e0pwhaik.default\extensions\{c8810cc9-0aaa-4aed-8c67-b2b1918c1e08}

[2010.07.01 00:03:37 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Users\Kaus.Jacqueline\AppData\Roaming\mozilla\Firefox\Profiles\e0pwhaik.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}

[2010.07.13 22:35:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.07.13 22:35:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2009.05.23 21:25:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org

[2010.07.13 22:35:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.06.27 20:21:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.06.27 20:21:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.06.27 20:21:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.06.27 20:21:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.06.27 20:21:10 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ClipIncSrvTray] C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Kaus.Jacqueline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Convesoft\Orion\Messenger.exe File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.20.52.137 193.189.244.205

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Kaus.Jacqueline\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Kaus.Jacqueline\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2d7ca026-79ad-11dd-94b6-e86ca3a72970}\Shell - "" = AutoRun

O33 - MountPoints2\{2d7ca026-79ad-11dd-94b6-e86ca3a72970}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{2d7ca027-79ad-11dd-94b6-e86ca3a72970}\Shell - "" = AutoRun

O33 - MountPoints2\{2d7ca027-79ad-11dd-94b6-e86ca3a72970}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{369e16cc-cec5-11dd-93a1-8a7fa695eb00}\Shell - "" = AutoRun

O33 - MountPoints2\{369e16cc-cec5-11dd-93a1-8a7fa695eb00}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{4221e426-6a50-11dd-ae89-9e979c435226}\Shell - "" = AutoRun

O33 - MountPoints2\{4221e426-6a50-11dd-ae89-9e979c435226}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{4221e439-6a50-11dd-ae89-9e979c435226}\Shell - "" = AutoRun

O33 - MountPoints2\{4221e439-6a50-11dd-ae89-9e979c435226}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{46548092-5d14-11df-9038-a6295ef7deb6}\Shell - "" = AutoRun

O33 - MountPoints2\{46548092-5d14-11df-9038-a6295ef7deb6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O33 - MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\Shell - "" = AutoRun

O33 - MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found

O33 - MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found

O33 - MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\Shell\install\command - "" = E:\SETUP.EXE -- File not found

O33 - MountPoints2\{f730144d-6e35-11dd-92b3-9ca1db56280d}\Shell - "" = AutoRun

O33 - MountPoints2\{f730144d-6e35-11dd-92b3-9ca1db56280d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{f730144e-6e35-11dd-92b3-9ca1db56280d}\Shell - "" = AutoRun

O33 - MountPoints2\{f730144e-6e35-11dd-92b3-9ca1db56280d}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{f7301450-6e35-11dd-92b3-fa5522f2f577}\Shell - "" = AutoRun

O33 - MountPoints2\{f7301450-6e35-11dd-92b3-fa5522f2f577}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.07.23 13:28:42 | 000,000,000 | ---D | C] -- C:\Users\Kaus.Jacqueline\AppData\Roaming\Malwarebytes

[2010.07.23 13:28:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.07.23 13:28:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.07.23 13:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.07.23 13:28:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.07.23 13:09:22 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010.07.23 03:02:45 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software

[2010.07.23 03:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2010.07.23 03:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater

[2010.07.19 23:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2010.07.16 16:52:01 | 000,000,000 | ---D | C] -- C:\Users\Kaus.Jacqueline\AppData\Roaming\Real

[2010.07.16 14:57:43 | 000,000,000 | ---D | C] -- C:\Users\Kaus.Jacqueline\AppData\Roaming\Avira

[2010.07.15 07:25:05 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices

[2010.07.14 23:48:48 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2010.07.14 23:48:45 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll

[2010.07.14 23:48:45 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll

[2010.07.14 23:48:02 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2010.07.14 23:47:59 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2010.07.14 23:47:57 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2010.07.14 23:47:56 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2010.07.14 23:47:56 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2010.07.14 23:47:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2010.07.14 23:47:55 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll

[2010.07.14 23:47:55 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2010.07.14 23:47:55 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2010.07.14 23:47:55 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2010.07.14 23:47:55 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe

[2010.07.14 23:47:55 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll

[2010.07.14 23:47:55 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2010.07.14 23:47:54 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2010.07.14 23:47:54 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2010.07.14 23:47:54 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2010.07.14 23:47:54 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll

[2010.07.14 23:47:54 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2010.07.14 23:47:54 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2010.07.14 23:47:53 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2010.07.14 23:47:53 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2010.07.14 23:47:53 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2010.07.14 23:47:53 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2010.07.14 23:47:53 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2010.07.14 23:47:53 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2010.07.14 23:47:19 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe

[2010.07.14 23:47:18 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll

[2010.07.14 23:47:11 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll

[2010.07.14 23:47:04 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll

[2010.07.14 23:47:03 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll

[2010.07.14 23:47:03 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll

[2010.07.14 23:47:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll

[2010.07.14 23:47:03 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll

[2010.07.14 23:47:03 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll

[2010.07.14 23:45:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

[2010.07.14 23:45:14 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2010.07.13 22:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010.07.13 22:36:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java

[2010.07.13 22:35:40 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010.07.13 22:35:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010.07.13 22:35:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010.07.13 22:35:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010.07.13 22:35:09 | 000,000,000 | ---D | C] -- C:\Programme\Java

[2010.07.13 20:37:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2010.07.13 20:37:01 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010.07.13 20:37:01 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2010.07.13 20:37:01 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys

[2010.07.13 20:37:01 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys

[2010.07.13 20:36:59 | 000,000,000 | ---D | C] -- C:\Programme\Avira

[2010.07.13 20:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010.07.12 20:55:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES

[2010.07.12 20:55:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES

[2010.07.12 20:55:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN

[2010.07.12 18:47:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2010.07.12 10:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan

[2010.07.12 10:45:25 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan

[2010.07.06 18:55:58 | 000,000,000 | ---D | C] -- C:\Programme\ETverlag

[2010.06.24 22:28:15 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010.06.24 22:28:15 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010.06.24 22:28:15 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010.06.24 10:06:02 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2010.06.24 10:06:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010.06.24 10:05:59 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[1 C:\Users\Kaus.Jacqueline\Desktop\*.tmp files -> C:\Users\Kaus.Jacqueline\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.07.23 19:34:27 | 000,007,237 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2010.07.23 19:34:16 | 002,359,296 | -HS- | M] () -- C:\Users\Kaus.Jacqueline\NTUSER.DAT

[2010.07.23 18:51:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.07.23 18:51:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.07.23 18:48:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010.07.23 18:12:41 | 000,000,578 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Kaus.Jacqueline.job

[2010.07.23 15:05:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job

[2010.07.23 14:50:10 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010.07.23 13:28:32 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.23 13:20:37 | 000,078,004 | ---- | M] () -- C:\Users\Kaus.Jacqueline\Documents\cc_20100723_132010.reg

[2010.07.23 13:09:28 | 000,000,808 | ---- | M] () -- C:\Users\Kaus.Jacqueline\Desktop\CCleaner.lnk

[2010.07.23 03:03:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2010.07.22 22:57:15 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.07.22 22:57:15 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.07.22 22:57:15 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.07.22 22:57:15 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.07.22 22:57:15 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.07.22 22:52:16 | 000,028,789 | ---- | M] () -- C:\Users\Kaus.Jacqueline\AppData\Roaming\nvModes.001

[2010.07.22 22:51:53 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010.07.22 22:51:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.07.22 22:51:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.07.22 22:51:25 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys

[2010.07.22 17:17:34 | 000,524,288 | -HS- | M] () -- C:\Users\Kaus.Jacqueline\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms

[2010.07.22 17:17:34 | 000,065,536 | -HS- | M] () -- C:\Users\Kaus.Jacqueline\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010.07.22 09:25:15 | 002,278,922 | -H-- | M] () -- C:\Users\Kaus.Jacqueline\AppData\Local\IconCache.db

[2010.07.21 15:01:18 | 000,001,682 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys

[2010.07.21 14:43:16 | 000,042,047 | ---- | M] () -- C:\Users\Kaus.Jacqueline\Desktop\Gesundheitsbildung.pptx

[2010.07.19 23:41:54 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\clipinc.fx.LNK

[2010.07.19 23:04:35 | 001,033,924 | ---- | M] () -- C:\Users\Kaus.Jacqueline\Documents\Vorlesung20100504-vorstellungen-4to1.pdf

[2010.07.19 22:05:17 | 000,164,166 | ---- | M] () -- C:\Users\Kaus.Jacqueline\Desktop\Erstmaliger Antrag auf Zulassung zur Ersten Staatsprüfung.pdf

[2010.07.19 18:04:22 | 000,029,184 | ---- | M] () -- C:\Users\Kaus.Jacqueline\Desktop\HumanbiologieExamensthemen.doc

[2010.07.16 16:09:46 | 000,010,752 | ---- | M] () -- C:\Users\Kaus.Jacqueline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.07.16 16:07:38 | 000,869,958 | R--- | M] () -- C:\Users\Kaus.Jacqueline\Desktop\20100715_1783311945_louis_emanuel_08072010_3835g_53cm.jpg

[2010.07.15 15:30:57 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2010.07.15 15:30:57 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2010.07.15 07:23:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2010.07.13 22:35:14 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010.07.13 22:35:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010.07.13 22:35:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010.07.13 22:35:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010.07.13 20:37:18 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010.07.12 21:04:39 | 000,437,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010.07.06 18:56:55 | 000,000,118 | ---- | M] () -- C:\Windows\RECHLI.SCR

[2010.07.06 18:56:46 | 000,002,022 | ---- | M] () -- C:\Users\Kaus.Jacqueline\Desktop\Dyskalkulie-Trainer.lnk

[2010.07.01 00:59:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job

[1 C:\Users\Kaus.Jacqueline\Desktop\*.tmp files -> C:\Users\Kaus.Jacqueline\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.07.23 13:28:32 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.23 13:20:21 | 000,078,004 | ---- | C] () -- C:\Users\Kaus.Jacqueline\Documents\cc_20100723_132010.reg

[2010.07.23 13:09:28 | 000,000,808 | ---- | C] () -- C:\Users\Kaus.Jacqueline\Desktop\CCleaner.lnk

[2010.07.23 03:00:51 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job

[2010.07.21 14:43:16 | 000,042,047 | ---- | C] () -- C:\Users\Kaus.Jacqueline\Desktop\Gesundheitsbildung.pptx

[2010.07.19 23:41:54 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\clipinc.fx.LNK

[2010.07.19 23:04:35 | 001,033,924 | ---- | C] () -- C:\Users\Kaus.Jacqueline\Documents\Vorlesung20100504-vorstellungen-4to1.pdf

[2010.07.19 22:05:17 | 000,164,166 | ---- | C] () -- C:\Users\Kaus.Jacqueline\Desktop\Erstmaliger Antrag auf Zulassung zur Ersten Staatsprüfung.pdf

[2010.07.19 18:04:21 | 000,029,184 | ---- | C] () -- C:\Users\Kaus.Jacqueline\Desktop\HumanbiologieExamensthemen.doc

[2010.07.16 16:11:02 | 000,869,958 | R--- | C] () -- C:\Users\Kaus.Jacqueline\Desktop\20100715_1783311945_louis_emanuel_08072010_3835g_53cm.jpg

[2010.07.15 07:23:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2010.07.13 20:37:18 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010.07.12 10:45:26 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2010.07.12 10:45:26 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2010.07.06 18:56:55 | 000,000,118 | ---- | C] () -- C:\Windows\RECHLI.SCR

[2010.07.06 18:56:46 | 000,002,022 | ---- | C] () -- C:\Users\Kaus.Jacqueline\Desktop\Dyskalkulie-Trainer.lnk

[2009.08.19 15:05:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.06.12 01:03:53 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2008.12.07 00:50:34 | 000,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest

[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest

[2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008.09.03 14:06:02 | 000,442,368 | ---- | C] () -- C:\Windows\System32\dvmsg.dll

[2008.07.29 01:56:00 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys

[2008.06.28 06:26:13 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini

[2008.06.28 06:25:48 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI

[2008.06.27 21:48:48 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2008.06.27 21:48:48 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2008.06.27 21:33:12 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008.03.26 01:32:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2008.03.25 22:59:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008.03.25 16:21:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2008.03.25 16:20:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8173A019

< End of report >

--- --- ---

Hmmmm hab das schon gelesen, ich dachte Avast wäre irgentwie "belastet gewesen weil ich das gestern erst runter geladen habe und direkt danach die meldungen kammen. Hab Avast dann direkt wieder deinstalliert.

Ich hab halt keine Ahnung.

Aber irgentwas scheint doch nicht zustimmen sonst würde sich AntiVir doch nicht abschlaten und die Firewall auch nicht, oder?

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 23.07.2010 19:31:51 - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Kaus.Jacqueline\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free

6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 143,79 Gb Total Space | 85,91 Gb Free Space | 59,74% Space Free | Partition Type: NTFS

Drive D: | 140,29 Gb Total Space | 139,60 Gb Free Space | 99,50% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: KAUSJACQUELI-PC

Current User Name: Kaus.Jacqueline

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found

"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{87B03A45-0879-450D-A744-0AB3DD8FC231}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{55549F45-F8D0-4E9B-A5B5-FBF48A83A095}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 

"{6A0D2BE1-264D-4926-B419-8040890A6342}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{9668E4BE-696C-4629-B40B-1193A35A782F}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 

"{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 

"{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 

"{C1B4A641-6F29-492E-962A-E52BA81E3C9C}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 

"{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 

"{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 

"{CC171A65-C6AA-4211-A26E-50371FED2007}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{FB7A3DF6-91E6-40BD-8647-2254A79C96D5}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 

"{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2008

"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3

"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update

"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management

"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe

"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Google Updater" = Google Updater

"GridVista" = Acer GridVista

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"ICQToolbar" = ICQ Toolbar

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mobile Partner" = Mobile Partner

"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)

"MSC" = McAfee SecurityCenter

"NSS" = Norton Security Scan

"NVIDIA Drivers" = NVIDIA Drivers

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Tobit ClipInc Server" = Tobit.Software clipinc.fx

"Yahoo! Toolbar" = Yahoo! Toolbar

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 19.07.2010 10:59:35 | Computer Name = KausJacqueli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 19.07.2010 14:35:31 | Computer Name = KausJacqueli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 19.07.2010 17:46:12 | Computer Name = KausJacqueli-PC | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 20.07.2010 01:32:08 | Computer Name = KausJacqueli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 20.07.2010 12:09:30 | Computer Name = KausJacqueli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.07.2010 05:33:05 | Computer Name = KausJacqueli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 22.07.2010 02:40:11 | Computer Name = KausJacqueli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 22.07.2010 07:48:32 | Computer Name = KausJacqueli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 22.07.2010 10:30:05 | Computer Name = KausJacqueli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 22.07.2010 16:51:58 | Computer Name = KausJacqueli-PC | Source = WinMgmt | ID = 10

Description = 

 

[ OSession Events ]

Error - 19.05.2009 14:28:53 | Computer Name = KausJacqueli-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 38

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 28.05.2009 10:15:36 | Computer Name = KausJacqueli-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 25

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 20.07.2010 16:06:11 | Computer Name = KausJacqueli-PC | Source = netbt | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.1.36  registriert werden. Der Computer mit IP-Adresse 192.168.1.33

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 21.07.2010 05:33:05 | Computer Name = KausJacqueli-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 21.07.2010 09:30:18 | Computer Name = KausJacqueli-PC | Source = netbt | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.1.36  registriert werden. Der Computer mit IP-Adresse 192.168.1.33

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 22.07.2010 02:40:11 | Computer Name = KausJacqueli-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 22.07.2010 02:57:21 | Computer Name = KausJacqueli-PC | Source = BROWSER | ID = 8032

Description = 

 

Error - 22.07.2010 07:48:32 | Computer Name = KausJacqueli-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 22.07.2010 10:30:06 | Computer Name = KausJacqueli-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 22.07.2010 16:51:58 | Computer Name = KausJacqueli-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 22.07.2010 17:39:39 | Computer Name = KausJacqueli-PC | Source = BROWSER | ID = 8032

Description = 

 

Error - 23.07.2010 02:56:05 | Computer Name = KausJacqueli-PC | Source = BROWSER | ID = 8032

Description = 

 

 

< End of report >

--- --- ---

Hmm wurd grad schon wieder was gefunden

Die Datei 'C:\Windows\Temp\_avast5_\unp258836985.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48e47b3b.qua' verschoben!

Ist ja das gleiche wie eben, aber dieses mal wurde es in Quarantäne verschoben.

Zitat:

Hmm wurd grad schon wieder was gefunden
Die Datei 'C:\Windows\Temp\_avast5_\unp258836985.tmp'

Soll ich dir alles nochmal von vorn erklären? :headbang:

Sorry ,ich hab schon kapiert das das ne Datei von Avast ist, was ich aber nicht weiß ist ob das jetzt irgentwelche Auswirkungen hat oder nicht! und warum sich mein AntiVir von alleine abschaltet und meine Firewall auch, liegt das an der Malware oder nicht?
Kann ich die Loswerden oder sollte ich die Einfach ignorieren?

Ich hab doch oben schon geschrieben das ich überhaupt gar keine Ahnung hab, tut mir Leid!:(

Ich mach mir einfach sorgen.

hast Du jetzt AntiVir oder Avast deinstalliert, JA oder NEIN?!!

Avast habe ich deinstalliert, hab ich aber eben auch schon geschrieben

Es tut mir echt leid wenns nervt...

aber jetzt lässt sich AntiVir auch nicht mehr updaten... hab den Report mal kopiert.

Avira AntiVir Personal - Free Antivirus Updater
Vollständiges Produktupdate

Erstellungszeitpunkt: Fri Jul 23 20:32:49 2010

Betriebssystem:
Windows Vista (Service Pack 2) [6.0.6002] 32 bit

Produktinformationen:
Produktversion: 10.0.0.567
Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 10.0.0.29
Updaterresource: C:\Program Files\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0
Bibliothek: C:\Program Files\Avira\AntiVir Desktop\update.dll 0.1.0.44
Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 10.0.0.8
GUI: C:\Program Files\Avira\AntiVir Desktop\updgui.dll 10.0.2.0

Temporäres Verzeichnis: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\
Backupverzeichnis: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\
Installationsverzeichnis: C:\Program Files\Avira\AntiVir Desktop\
Updaterverzeichnis: C:\Program Files\Avira\AntiVir Desktop\
AppData Verzeichnis: C:\ProgramData\Avira\AntiVir Desktop\

Proxyeinstellungen:
Verwende Systemeinstellungen

20:32:52 [UPD] [INFO] Prüfe ob neuere Dateien zur Verfügung stehen.
20:32:53 [UPD] [INFO] Wähle Updateserver 'hxxp://80.190.143.238/update'.
20:32:53 [UPD] [INFO] Herunterladen von 'hxxp://80.190.143.238/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:33:15 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://80.190.143.238/update/idx/master.idx' ist fehlgeschlagen. Fehler: Die Serververbindung konnte nicht hergestellt werden.
20:33:15 [UPD] [INFO] Wähle Updateserver 'hxxp://80.190.143.239/update'.
20:33:15 [UPD] [INFO] Herunterladen von 'hxxp://80.190.143.239/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:33:36 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://80.190.143.239/update/idx/master.idx' ist fehlgeschlagen. Fehler: Die Serververbindung konnte nicht hergestellt werden.
20:33:36 [UPD] [INFO] Wähle Updateserver 'hxxp://80.190.143.240/update'.
20:33:36 [UPD] [INFO] Herunterladen von 'hxxp://80.190.143.240/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:33:57 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://80.190.143.240/update/idx/master.idx' ist fehlgeschlagen. Fehler: Die Serververbindung konnte nicht hergestellt werden.
20:33:57 [UPD] [INFO] Wähle Updateserver 'hxxp://80.190.143.241/update'.
20:33:57 [UPD] [INFO] Herunterladen von 'hxxp://80.190.143.241/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:34:18 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://80.190.143.241/update/idx/master.idx' ist fehlgeschlagen. Fehler: Die Serververbindung konnte nicht hergestellt werden.
20:34:18 [UPD] [INFO] Wähle Updateserver 'hxxp://80.190.143.242/update'.
20:34:18 [UPD] [INFO] Herunterladen von 'hxxp://80.190.143.242/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:34:18 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://80.190.143.242/update/idx/master.idx' ist fehlgeschlagen. Fehler: Die Serververbindung konnte nicht hergestellt werden.
20:34:18 [UPD] [INFO] Wähle Updateserver 'hxxp://80.190.143.243/update'.
20:34:18 [UPD] [INFO] Herunterladen von 'hxxp://80.190.143.243/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:34:18 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://80.190.143.243/update/idx/master.idx' ist fehlgeschlagen. Fehler: Die Serververbindung konnte nicht hergestellt werden.
20:34:18 [UPD] [INFO] Wähle Updateserver 'hxxp://62.146.66.178/update'.
20:34:18 [UPD] [INFO] Herunterladen von 'hxxp://62.146.66.178/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:34:18 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://62.146.66.178/update/idx/master.idx' ist fehlgeschlagen. Fehler: Die Serververbindung konnte nicht hergestellt werden.
20:34:18 [UPD] [INFO] Wähle Updateserver 'hxxp://62.146.66.179/update'.
20:34:18 [UPD] [INFO] Herunterladen von 'hxxp://62.146.66.179/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:34:18 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://62.146.66.179/update/idx/master.idx' ist fehlgeschlagen. Fehler: Die Serververbindung konnte nicht hergestellt werden.
20:34:18 [UPD] [INFO] Wähle Updateserver 'hxxp://62.146.66.180/update'.
20:34:18 [UPD] [INFO] Herunterladen von 'hxxp://62.146.66.180/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:34:18 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://62.146.66.180/update/idx/master.idx' ist fehlgeschlagen. Fehler: Die Serververbindung konnte nicht hergestellt werden.
20:34:18 [UPD] [INFO] Wähle Updateserver 'hxxp://62.146.66.181/update'.
20:34:18 [UPD] [INFO] Herunterladen von 'hxxp://62.146.66.181/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:34:18 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://62.146.66.181/update/idx/master.idx' ist fehlgeschlagen. Fehler: Die Serververbindung konnte nicht hergestellt werden.
20:34:18 [UPD] [INFO] Wähle Updateserver 'hxxp://perspeak.avira-update.com/update'.
20:34:18 [UPD] [INFO] Herunterladen von 'hxxp://perspeak.avira-update.com/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:34:19 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://perspeak.avira-update.com/update/idx/master.idx' ist fehlgeschlagen. Fehler: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
20:34:19 [UPDLIB] [ERROR] Erneuter Versuch...
20:34:19 [UPD] [INFO] Herunterladen von 'hxxp://perspeak.avira-update.com/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:34:19 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://perspeak.avira-update.com/update/idx/master.idx' ist fehlgeschlagen. Fehler: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
20:34:19 [UPDLIB] [ERROR] Erneuter Versuch...
20:34:19 [UPD] [INFO] Herunterladen von 'hxxp://perspeak.avira-update.com/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
20:34:20 [UPDLIB] [ERROR] Downloadmanager: Die Funktion WinINet::HttpSendRequest() 'hxxp://perspeak.avira-update.com/update/idx/master.idx' ist fehlgeschlagen. Fehler: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
20:34:20 [UPDLIB] [ERROR] Keine weiteren Server vorhanden, das Update wird abgebrochen.
20:34:20 [UPD] [ERROR] Erzeugen der Updatestruktur ist fehlgeschlagen. Die UpdateLib liefert den Fehler 537.

Zusammenfassung:
****************
0 Dateien heruntergeladen
0 Dateien installiert

Fri Jul 23 20:34:20 2010
Das Update ist fehlgeschlagen!

Vielen Dank das du dich mit mir und meiner ahnungslosigkeit auseinander setzt.

PS: ich habe Avast deinstalliert

Zitat:

SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

McAfee ist auch installiert :headbang:
Bitte deinstallieren!

Wenn McAfee deinstalliert ist:

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

SRV - (avast! Antivirus) --  File not found

SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O33 - MountPoints2\{2d7ca026-79ad-11dd-94b6-e86ca3a72970}\Shell - "" = AutoRun

O33 - MountPoints2\{2d7ca026-79ad-11dd-94b6-e86ca3a72970}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{2d7ca027-79ad-11dd-94b6-e86ca3a72970}\Shell - "" = AutoRun

O33 - MountPoints2\{2d7ca027-79ad-11dd-94b6-e86ca3a72970}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{369e16cc-cec5-11dd-93a1-8a7fa695eb00}\Shell - "" = AutoRun

O33 - MountPoints2\{369e16cc-cec5-11dd-93a1-8a7fa695eb00}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{4221e426-6a50-11dd-ae89-9e979c435226}\Shell - "" = AutoRun

O33 - MountPoints2\{4221e426-6a50-11dd-ae89-9e979c435226}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{4221e439-6a50-11dd-ae89-9e979c435226}\Shell - "" = AutoRun

O33 - MountPoints2\{4221e439-6a50-11dd-ae89-9e979c435226}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{46548092-5d14-11df-9038-a6295ef7deb6}\Shell - "" = AutoRun

O33 - MountPoints2\{46548092-5d14-11df-9038-a6295ef7deb6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O33 - MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\Shell - "" = AutoRun

O33 - MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found

O33 - MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found

O33 - MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\Shell\install\command - "" = E:\SETUP.EXE -- File not found

O33 - MountPoints2\{f730144d-6e35-11dd-92b3-9ca1db56280d}\Shell - "" = AutoRun

O33 - MountPoints2\{f730144d-6e35-11dd-92b3-9ca1db56280d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{f730144e-6e35-11dd-92b3-9ca1db56280d}\Shell - "" = AutoRun

O33 - MountPoints2\{f730144e-6e35-11dd-92b3-9ca1db56280d}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{f7301450-6e35-11dd-92b3-fa5522f2f577}\Shell - "" = AutoRun

O33 - MountPoints2\{f7301450-6e35-11dd-92b3-fa5522f2f577}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8173A019

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Ist das damit jetzt erledigt?

Vielen Vielen Vielen DANK!!!!!!!!!!
Dankeschön

All processes killed
========== OTL ==========
Process ICQ Service.exe killed successfully!
Service avast! Antivirus stopped successfully!
Service\Driver key avast! Antivirus not found.
File File not found not found.
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d7ca026-79ad-11dd-94b6-e86ca3a72970}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d7ca026-79ad-11dd-94b6-e86ca3a72970}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d7ca026-79ad-11dd-94b6-e86ca3a72970}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d7ca026-79ad-11dd-94b6-e86ca3a72970}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d7ca027-79ad-11dd-94b6-e86ca3a72970}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d7ca027-79ad-11dd-94b6-e86ca3a72970}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d7ca027-79ad-11dd-94b6-e86ca3a72970}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d7ca027-79ad-11dd-94b6-e86ca3a72970}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{369e16cc-cec5-11dd-93a1-8a7fa695eb00}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{369e16cc-cec5-11dd-93a1-8a7fa695eb00}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{369e16cc-cec5-11dd-93a1-8a7fa695eb00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{369e16cc-cec5-11dd-93a1-8a7fa695eb00}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4221e426-6a50-11dd-ae89-9e979c435226}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4221e426-6a50-11dd-ae89-9e979c435226}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4221e426-6a50-11dd-ae89-9e979c435226}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4221e426-6a50-11dd-ae89-9e979c435226}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4221e439-6a50-11dd-ae89-9e979c435226}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4221e439-6a50-11dd-ae89-9e979c435226}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4221e439-6a50-11dd-ae89-9e979c435226}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4221e439-6a50-11dd-ae89-9e979c435226}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46548092-5d14-11df-9038-a6295ef7deb6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46548092-5d14-11df-9038-a6295ef7deb6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46548092-5d14-11df-9038-a6295ef7deb6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46548092-5d14-11df-9038-a6295ef7deb6}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799dbbcf-c3e8-11dd-a121-b98525fdab3c}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f730144d-6e35-11dd-92b3-9ca1db56280d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f730144d-6e35-11dd-92b3-9ca1db56280d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f730144d-6e35-11dd-92b3-9ca1db56280d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f730144d-6e35-11dd-92b3-9ca1db56280d}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f730144e-6e35-11dd-92b3-9ca1db56280d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f730144e-6e35-11dd-92b3-9ca1db56280d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f730144e-6e35-11dd-92b3-9ca1db56280d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f730144e-6e35-11dd-92b3-9ca1db56280d}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7301450-6e35-11dd-92b3-fa5522f2f577}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7301450-6e35-11dd-92b3-fa5522f2f577}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7301450-6e35-11dd-92b3-fa5522f2f577}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7301450-6e35-11dd-92b3-fa5522f2f577}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:8173A019 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kaus.Jacqueline
->Temp folder emptied: 1832115 bytes
->Temporary Internet Files folder emptied: 16187357 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79399661 bytes
->Flash cache emptied: 6732 bytes

User: KAUS~1~JAC
->Temp folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 964064 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 16053988 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 109,00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 07232010_212829

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

So ich hoffe mal das ist das richtige. So wie das in der anleitung stand konnte ich das nicht machen... ich hab drauf geklickt und schon ist mein PC runtergefahren und beim neu start ging es direkt los mit der Suche....

Denn ccleaner hatte ich aber heute schon mal laufen lassen...

Hier der Log:

Combofix Logfile:

Code:

ComboFix 10-07-22.06 - Kaus.Jacqueline 23.07.2010  21:51:42.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.2153 [GMT 2:00]

ausgeführt von:: c:\users\Kaus.Jacqueline\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\programdata\pswi_preloaded.exe

c:\users\Kaus.Jacqueline\AppData\Roaming\.#

c:\users\Kaus.Jacqueline\AppData\Roaming\.#\MBX@154C@1D52990.###

c:\users\Kaus.Jacqueline\AppData\Roaming\.#\MBX@154C@1D529C0.###

c:\users\Kaus.Jacqueline\AppData\Roaming\.#\MBX@154C@1D529F0.###

c:\users\Kaus.Jacqueline\AppData\Roaming\.#\MBX@554@6B2990.###

c:\users\Kaus.Jacqueline\AppData\Roaming\.#\MBX@554@6B29C0.###

c:\users\Kaus.Jacqueline\AppData\Roaming\.#\MBX@554@6B29F0.###
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-06-23 bis 2010-07-23  ))))))))))))))))))))))))))))))

.
 

2010-07-23 19:36 . 2010-05-21 12:14        221568        ------w-        c:\windows\system32\MpSigStub.exe

2010-07-23 19:28 . 2010-07-23 19:28        --------        d-----w-        C:\_OTL

2010-07-23 11:28 . 2010-07-23 11:28        --------        d-----w-        c:\users\Kaus.Jacqueline\AppData\Roaming\Malwarebytes

2010-07-23 11:28 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-23 11:28 . 2010-07-23 11:28        --------        d-----w-        c:\programdata\Malwarebytes

2010-07-23 11:28 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-07-23 11:28 . 2010-07-23 11:28        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-07-23 11:09 . 2010-07-23 11:09        --------        d-----w-        c:\program files\CCleaner

2010-07-23 01:02 . 2010-07-23 01:02        --------        d-----w-        c:\programdata\Alwil Software

2010-07-23 01:02 . 2010-07-23 01:02        --------        d-----w-        c:\program files\Alwil Software

2010-07-23 01:00 . 2010-07-23 01:01        --------        d-----w-        c:\programdata\Google Updater

2010-07-19 21:36 . 2010-07-19 21:36        --------        d-----w-        c:\programdata\WindowsSearch

2010-07-16 12:57 . 2010-07-16 12:57        --------        d-----w-        c:\users\Kaus.Jacqueline\AppData\Roaming\Avira

2010-07-15 05:25 . 2010-07-15 05:25        --------        d-----w-        c:\program files\Windows Portable Devices

2010-07-14 21:48 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll

2010-07-14 21:48 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\system32\UIRibbon.dll

2010-07-14 21:48 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll

2010-07-14 21:48 . 2009-09-25 01:33        369664        ----a-w-        c:\windows\system32\WMPhoto.dll

2010-07-14 21:48 . 2009-09-24 22:54        258048        ----a-w-        c:\windows\system32\winspool.drv

2010-07-14 21:45 . 2009-10-08 21:07        4096        ----a-w-        c:\windows\system32\oleaccrc.dll

2010-07-14 21:45 . 2009-10-08 21:08        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll

2010-07-14 21:45 . 2009-10-08 21:08        234496        ----a-w-        c:\windows\system32\oleacc.dll

2010-07-13 20:36 . 2010-07-13 20:36        --------        d-----w-        c:\program files\Common Files\Java

2010-07-13 20:35 . 2010-07-13 20:35        411368        ----a-w-        c:\windows\system32\deployJava1.dll

2010-07-13 20:35 . 2010-07-13 20:35        --------        d-----w-        c:\program files\Java

2010-07-13 18:37 . 2010-03-01 07:05        124784        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2010-07-13 18:37 . 2010-02-16 11:24        60936        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2010-07-13 18:37 . 2009-05-11 09:49        51992        ----a-w-        c:\windows\system32\drivers\avgntdd.sys

2010-07-13 18:37 . 2009-05-11 09:49        17016        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys

2010-07-13 18:36 . 2010-07-13 18:36        --------        d-----w-        c:\programdata\Avira

2010-07-13 18:36 . 2010-07-13 18:36        --------        d-----w-        c:\program files\Avira

2010-07-12 18:55 . 2010-07-12 19:00        --------        d-----w-        c:\windows\system32\ca-ES

2010-07-12 18:55 . 2010-07-12 19:00        --------        d-----w-        c:\windows\system32\eu-ES

2010-07-12 18:55 . 2010-07-12 19:00        --------        d-----w-        c:\windows\system32\vi-VN

2010-07-12 16:47 . 2010-07-12 16:47        --------        d-----w-        c:\windows\system32\EventProviders

2010-07-06 16:56 . 2010-07-06 16:56        118        ----a-w-        c:\windows\RECHLI.SCR

2010-07-06 16:55 . 2010-07-06 16:56        --------        d-----w-        c:\program files\ETverlag

2010-06-24 20:28 . 2009-11-08 08:55        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll

2010-06-24 20:28 . 2009-11-08 08:55        49472        ----a-w-        c:\windows\system32\netfxperf.dll

2010-06-24 20:28 . 2009-11-08 08:55        297808        ----a-w-        c:\windows\system32\mscoree.dll

2010-06-24 20:28 . 2009-11-08 08:55        295264        ----a-w-        c:\windows\system32\PresentationHost.exe

2010-06-24 20:28 . 2009-11-08 08:55        1130824        ----a-w-        c:\windows\system32\dfshim.dll

2010-06-24 08:06 . 2010-01-06 15:39        1696256        ----a-w-        c:\windows\system32\gameux.dll

2010-06-24 08:06 . 2010-04-16 16:43        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll

2010-06-24 08:05 . 2010-04-16 14:39        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-23 19:56 . 2008-01-21 07:15        628742        ----a-w-        c:\windows\system32\perfh007.dat

2010-07-23 19:56 . 2008-01-21 07:15        126454        ----a-w-        c:\windows\system32\perfc007.dat

2010-07-23 19:28 . 2008-10-06 22:14        --------        d-----w-        c:\program files\ICQ6Toolbar

2010-07-23 01:00 . 2010-04-27 19:43        --------        d-----w-        c:\program files\Google

2010-07-21 13:01 . 2008-07-28 23:56        1682        --sha-w-        c:\windows\system32\KGyGaAvL.sys

2010-07-21 12:43 . 2008-10-06 22:14        --------        d-----w-        c:\users\Kaus.Jacqueline\AppData\Roaming\ICQ

2010-07-15 05:25 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail

2010-07-15 05:24 . 2006-11-02 10:25        665600        ----a-w-        c:\windows\inf\drvindex.dat

2010-07-15 05:23 . 2010-07-15 05:23        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2010-07-14 21:40 . 2008-03-25 14:26        --------        d-----w-        c:\programdata\Microsoft Help

2010-07-12 19:00 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Calendar

2010-07-12 19:00 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Sidebar

2010-07-12 19:00 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Journal

2010-07-12 19:00 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Collaboration

2010-07-12 19:00 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Photo Gallery

2010-07-12 19:00 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Defender

2010-07-08 12:10 . 2008-03-25 14:39        --------        d-----w-        c:\program files\McAfee

2010-06-28 21:36 . 2009-07-14 15:16        --------        d-----w-        c:\program files\ICQ6.5

2010-06-27 18:24 . 2008-03-25 14:28        --------        d-----w-        c:\program files\Microsoft.NET

2010-06-20 15:07 . 2009-09-13 16:01        --------        d-----w-        c:\program files\Common Files\Symantec Shared

2010-06-18 18:16 . 2010-06-18 18:16        1079048        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-05-26 17:06 . 2010-06-09 13:35        34304        ----a-w-        c:\windows\system32\atmlib.dll

2010-05-26 14:47 . 2010-06-09 13:36        289792        ----a-w-        c:\windows\system32\atmfd.dll

2010-05-04 19:15 . 2010-06-09 13:35        834048        ----a-w-        c:\windows\system32\wininet.dll

2010-05-04 18:37 . 2010-06-09 13:35        78336        ----a-w-        c:\windows\system32\ieencode.dll

2010-05-01 14:13 . 2010-06-09 13:35        2037248        ----a-w-        c:\windows\system32\win32k.sys

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 01:00        39472        ----a-w-        c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ClipIncSrvTray"="c:\program files\Tobit ClipInc\Player\ClipIncTray.exe" [2009-03-16 668424]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]

"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-02 83568]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Skytel"="Skytel.exe" [2008-01-24 1826816]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2010-07-23 161336]
 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336]

SETAUDIO.EXE [2008-4-4 20480]

SETRES.EXE [2008-4-4 20480]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):ef,e3,28,90,f5,21,cb,01
 

R2 0318981279912539mcinstcleanup;McAfee Application Installer Cleanup (0318981279912539);c:\users\KAUS~1.JAC\AppData\Local\Temp\031898~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 136176]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-06 685816]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]

S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

S2 ClipInc001;ClipInc 001;c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]

S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
 
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners
 

2010-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
 

2010-07-23 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-23 01:00]
 

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 19:43]
 

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 19:43]
 

2010-07-23 c:\windows\Tasks\Norton Security Scan for Kaus.Jacqueline.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-19 07:48]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

mStart Page = hxxp://de.intl.acer.yahoo.com

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta

FF - ProfilePath - c:\users\Kaus.Jacqueline\AppData\Roaming\Mozilla\Firefox\Profiles\e0pwhaik.default\

FF - prefs.js: browser.startup.homepage - hxxp://ecosia.org/?cc=de&lang=de&nocookie=1

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\Kaus.Jacqueline\Desktop\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: c:\users\Kaus.Jacqueline\Desktop\DivX\DivX Web Player\npdivx32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKLM-Run-eRecoveryService - (no file)
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-07-23 22:00

Windows 6.0.6002 Service Pack 2 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2010-07-23  22:02:20

ComboFix-quarantined-files.txt  2010-07-23 20:02
 

Vor Suchlauf: 13 Verzeichnis(se), 90.459.406.336 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 91.422.265.344 Bytes frei
 

- - End Of File - - 551FAC3DCBDC3A5DE322298585DF88F3

--- --- ---

Das wars aber jetzt oder :-)

Vielen Dank nochmal

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Hey,

also GMER stürzt bei mir immer ab.
OSAM und bootkit remover kann ich nicht öffen, da fehlt mir irgentwas für...

Liebe Grüße

Nimm fürs Entpacken bitte 7zip oder WinRAR. Bitte nicht WinZIP benutzen!

ok jetzt klappts,

hier ist Log von Osam

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 15:30:34 on 24.07.2010
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 3.5.11
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Computer, Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Norton Security Scan for Kaus.Jacqueline.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"bdeadmin.cpl" - "Borland Software Corporation" - C:\Windows\system32\bdeadmin.cpl

"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"QuickTime" - "Apple Computer, Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"az5h9zji" (az5h9zji) - "Microsoft Corporation" - C:\Windows\system32\drivers\az5h9zji.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"catchme" (catchme) - ? - C:\Users\KAUS~1.JAC\AppData\Local\Temp\catchme.sys  (File not found)

"int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys

"PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys

"PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys

"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{4EB37360-49E8-11D3-95B5-004033382980} "ALZip 4.0 Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Kaus.Jacqueline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Orion.lnk" - ? - C:\Users\Kaus.Jacqueline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk  (Shortcut exists | File not found)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)

"SETAUDIO.EXE" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE

"SETRES.EXE" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"ClipIncSrvTray" - "Tobit.Software" - "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"eAudio" - "CyberLink" - "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

"eDataSecurity Loader" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

"Google Updater" - "Google" - "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation

"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

"PlayMovie" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

"PLFSetI" - ? - C:\Windows\PLFSetI.exe

"QuickFinder Scheduler" - "Corel Corporation" - "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"

"QuickTime Task" - "Apple Computer, Inc." - "C:\Program Files\QuickTime\qttask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"ALaunch Service" (ALaunchService) - ? - C:\Acer\ALaunch\ALaunchSvc.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"ClipInc 001" (ClipInc001) - ? - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

"eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

"eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

"eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe

"ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"McAfee Application Installer Cleanup (0318981279912539)" (0318981279912539mcinstcleanup) - ? - C:\Users\KAUS~1.JAC\AppData\Local\Temp\031898~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service  (File not found)

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe

"StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Liebe Grüße

Ok bei Bootkit Remover kommt irgentwas komisches, das kann man auch nicht kopieren,aber ich hab hier alles abgetippt :

<c> 2009 eSage Lab
esage lab - main

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2
002>, 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDriver0 at offset 0x00000002`af 600000
Boot sector MD5 is: dc220266e2471b59f5999b434394b525

Size Device Name MBR Status
---------------------------------------------------------------------
298 GB \\.\PhysicalDriver0 unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dumo <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Da Du Vista verwendest, solltest Du die cmd.exe bzw. die Eingabeaufforderung per Rechtsklick => "als Administrator ausführen" starten.
Falls wir irgendwie Probleme haben, können wir auch alternativ die UAC deaktivieren

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:

Code:

remover.exe fix \\.\PhysicalDrive0

Hi, also hab die remover.exe nach windows\system32 kopiert.
Aber :-) was ist die Konsole und wo soll ich das starten, ausführen finden?

und wo soll ich diesen Text eintippen? "Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen: "

Sorry,

liebe Grüße Danke!

Klick Dich mal durchs Startmenü bis Du die Eingabeaufforderung findest. Die per Rechtsklick => als Admin ausführen.

Alternativ machst Du per Rechtsklick auf einem freien Bereich auf dem Desktop und sagst neue Verknüpfung, als Ziel tippst Du cmd.exe ein und bestätgist alles. Danach ist eine Verknüpfung zur Eingabeaufforderung auf dem Desktop, diese per Rechtsklick => als Admin ausführen

Ok wenn ich das mache kommt ein Sicherheits Hinweis der folgender maßen lautet

You are trying to rewrite boot code at\\.\PhysicalDrive0

It is strongly recommended to reboot immediately after the disinfection.
Otherwise the malicious boot code can be restored by the trojan.

Type "Yes" to allow immediate reboot after the desinfection, or "No" to disinfect without reboot.

Soll ich ja, oder nein klicken?

Liebe Grüße

Hm, ich merk gerade, dass der BootkitRemover nicht mit Vista kompatibel sein könnte. Mach das mal bitte mit einem anderen Tool:

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Hi also ich hab das ganze runtergelade und auf ausführen als administrator geklickt....

dann kommt das hier:

MBRCheck, version 1.1.1
<c> 2010,AD

\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive0

Size Device Name MBR Status
----------------------------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code

Found non-standard or infected MBR.
Enter "y" and hit ENTER for more options, or "N" to exit:

So was soll ich jetzt machen?

Liebe Grüße

Lösche bitte die vorhandenen MBRCheck.txt.

Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei

Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
Enter your choice: 2
Enter the physical disk number to fix (0-99, -1 to cancel): x
PLease select the MBR code to write to this drive: x

Die rot eingerahmten Zahlen aus der Anleitung entnehmen!!! (=> Da Du Vista hast, musst Du als MBR-Code 3 eintragen)
http://img831.imageshack.us/img831/5659/mbr.jpg

Gib nun Yes ein und bestätige mit ENTER.
Starte den Rechner neu auf.

Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten

Hi, ich habs geschaft mein netzwerkabel zu schrotten :-(
Werd das also erst nächste Woche machen können wenn das neue Kabel kommt, ich meld mich dann nochmal

Liebe Grüße

Danke

Zitat:

Hi, ich habs geschaft mein netzwerkabel zu schrotten :-(

Biste draufgetreten? :lach:

Ne, das ist abgeknickt weil ich das immer so doof liegen hatte, naja man lernt aus seinen Fehlern :-)

Liebe Grüße