Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.bho und heur/html.malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 10.08.2009, 21:41   #1
pinky79
 
Trojan.bho und heur/html.malware - Standard

Trojan.bho und heur/html.malware



Hallo, ich hoffe hier kann mir jemand helfen, ich habe seit einigen Tagen einen neuen Laptop und bekomme von Antivir die Meldung, dass Heur/Html.Malware gefunden wurde(wobei ich auch gelesen habe, dass es sich evtl um einen Fehlalarm handeln könnte), und Spybot bzw Malwarebytes hat eine Meldung über Trojan.bho gemacht - ich habe auch im Internet schon in diversen Foren gesucht, aber da ich mich nicht gut auskenne wusste ich nicht so recht wie ich mit den Informationen umgehen sollte, bzw wollte ich nichts unternehmen bevor sich jemand mit Ahnung mal mein hjt-log angeschaut hat. Als ich eben Antivir/Spybot/Malwarebytes durchlaufen ließ wurde nichts gefunden..aber ich trau dem Braten nicht so ganz und wäre dankbar wenn mal jemand mein hijackthis-Protokoll durchschauen würde - vielen Dank schon einmal!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:13, on 10.08.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Acer\Acer eRecovery Management\eRecoveryUI.exe
C:\Program Files\Acer\Acer eRecovery Management\eRecoveryMain.exe
C:\Windows\system32\conime.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_7738
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_7738
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_7738
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_7738
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] c:\Program Files\Acer Bio Protection\PdtWzd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files\Acer Bio Protection\BASVC.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 11961 bytes

Geändert von pinky79 (10.08.2009 um 22:03 Uhr)

Alt 10.08.2009, 22:48   #2
john.doe
 
Trojan.bho und heur/html.malware - Standard

Trojan.bho und heur/html.malware



Hallo und

Entscheide dich für ein Antivirenprogramm und deinstalliere das andere. Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab. Malwarebytes brauchst du nicht, poste aber das Log von Malwarebytes mit dem Fund. In der Anleitung ist beschrieben, wie du an alte Logs kommst.

ciao, andreas
__________________

__________________

Alt 11.08.2009, 09:12   #3
pinky79
 
Trojan.bho und heur/html.malware - Standard

Trojan.bho und heur/html.malware



Hallo und vielen Dank für die schnelle Antwort, ich habe nun (hoffentlich korrekt) die Anweisungen befolgt und poste nun einmal das RSIT-Log und das Malwarebytes-Log
Viele Grüße, Sabrina

Zitat:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Pinky at 2009-08-11 09:07:32
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 358 GB (77%) free of 464 GB
Total RAM: 3066 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:07:35, on 11.08.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Pinky\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pinky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] c:\Program Files\Acer Bio Protection\PdtWzd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0098131249973278) (0098131249973278mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\009813~1.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files\Acer Bio Protection\BASVC.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 11500 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2008-10-23 247312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-09-26 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-08-03 2575160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll [2009-08-03 736240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-08-03 2575160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2009-01-21 156968]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2009-01-21 202024]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-02-10 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-02-10 92704]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2008-10-24 237568]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-11 6957600]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-03-11 1833504]
"PLFSetI"=C:\Windows\PLFSetI.exe [2009-06-17 200704]
"VitaKeyPdtWzd"=c:\Program Files\Acer Bio Protection\PdtWzd.exe [2009-02-13 3549696]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-05 1410344]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-02-24 870920]
"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-04-11 249600]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-04-15 440864]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2008-10-27 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2008-10-27 346672]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-12-26 173288]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-08-03 30192]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-10-31 641208]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-08-10 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=c:\Program Files\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
__________________

Alt 11.08.2009, 09:14   #4
pinky79
 
Trojan.bho und heur/html.malware - Standard

Trojan.bho und heur/html.malware



Hier die Fortsetzung...
Zitat:
======List of files/folders created in the last 1 months======

2009-08-11 09:07:32 ----D---- C:\rsit
2009-08-11 08:55:26 ----D---- C:\Program Files\CCleaner
2009-08-10 14:55:57 ----D---- C:\Program Files\Trend Micro
2009-08-10 13:50:34 ----D---- C:\Users\Pinky\AppData\Roaming\Malwarebytes
2009-08-10 13:50:27 ----D---- C:\ProgramData\Malwarebytes
2009-08-10 13:50:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-10 13:41:30 ----A---- C:\Windows\system32\lsdelete.exe
2009-08-10 13:36:51 ----DC---- C:\Windows\system32\DRVSTORE
2009-08-10 13:34:22 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-10 13:34:17 ----D---- C:\ProgramData\Lavasoft
2009-08-10 13:34:17 ----D---- C:\Program Files\Lavasoft
2009-08-09 21:01:03 ----D---- C:\Program Files\Crazy Machines II - Gold
2009-08-09 21:00:47 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-08-09 21:00:46 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-08-09 21:00:46 ----A---- C:\Windows\system32\x3daudio1_2.dll
2009-08-09 21:00:46 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-08-09 21:00:46 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-08-09 21:00:46 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-08-09 21:00:45 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-08-09 21:00:45 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-08-09 21:00:45 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-08-09 21:00:44 ----A---- C:\Windows\system32\xinput1_3.dll
2009-08-09 21:00:44 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-08-09 21:00:44 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-08-09 21:00:44 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-08-09 21:00:43 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-08-09 21:00:43 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-08-09 21:00:42 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-08-09 21:00:42 ----A---- C:\Windows\system32\d3dx10.dll
2009-08-09 21:00:41 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-08-09 21:00:41 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-08-09 21:00:41 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-08-09 21:00:40 ----A---- C:\Windows\system32\xinput1_2.dll
2009-08-09 21:00:40 ----A---- C:\Windows\system32\xinput1_1.dll
2009-08-09 21:00:40 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-08-09 21:00:40 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-08-09 21:00:39 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-08-09 21:00:32 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-08-09 21:00:32 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-08-09 21:00:32 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-08-09 21:00:32 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-08-09 21:00:31 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-08-09 21:00:31 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-08-09 21:00:31 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-08-09 21:00:30 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-08-09 21:00:30 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-08-09 20:59:36 ----D---- C:\Program Files\OpenAL
2009-08-09 20:59:36 ----A---- C:\Windows\system32\wrap_oal.dll
2009-08-09 20:59:36 ----A---- C:\Windows\system32\OpenAL32.dll
2009-08-09 20:59:35 ----RA---- C:\Windows\system32\tmp517B.tmp
2009-08-09 20:58:42 ----D---- C:\Windows\system32\AGEIA
2009-08-09 20:58:41 ----D---- C:\Program Files\AGEIA Technologies
2009-08-09 20:58:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-09 20:39:12 ----D---- C:\ProgramData\JollyBear
2009-08-09 20:38:21 ----SHD---- C:\Users\Pinky\AppData\Roaming\.#
2009-08-09 20:16:36 ----D---- C:\Users\Pinky\AppData\Roaming\Template
2009-08-07 23:16:55 ----D---- C:\Users\Pinky\AppData\Roaming\teamspeak2
2009-08-05 23:30:15 ----D---- C:\Neuer Ordner
2009-08-05 22:25:56 ----D---- C:\Users\Pinky\AppData\Roaming\iWin
2009-08-03 21:48:35 ----A---- C:\LHT19AB.tmp
2009-08-03 21:11:50 ----D---- C:\ProgramData\Blizzard
2009-08-03 20:55:46 ----D---- C:\Users\***\AppData\Roaming\SoftDMA
2009-08-03 20:55:35 ----D---- C:\Users\***\AppData\Roaming\CyberLink
2009-08-03 20:39:32 ----D---- C:\Users\***\AppData\Roaming\skypePM
2009-08-03 20:38:18 ----D---- C:\Users\***\AppData\Roaming\Skype
2009-08-03 20:37:41 ----D---- C:\Program Files\Common Files\Skype
2009-08-03 20:37:38 ----RD---- C:\Program Files\Skype
2009-08-03 20:37:03 ----D---- C:\ProgramData\Skype
2009-08-03 20:35:07 ----D---- C:\Program Files\Teamspeak2_RC2
2009-08-03 19:23:56 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-08-03 18:38:53 ----D---- C:\Users\Pinky\AppData\Roaming\Mozilla
2009-08-03 18:38:28 ----D---- C:\Program Files\Mozilla Firefox
2009-08-03 18:36:22 ----D---- C:\Program Files\Zone Labs
2009-08-03 18:36:14 ----D---- C:\Windows\Internet Logs
2009-08-03 15:37:50 ----A---- C:\Windows\system32\infocardapi.dll
2009-08-03 15:37:49 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-03 15:37:47 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-08-03 15:37:47 ----A---- C:\Windows\system32\icardres.dll
2009-08-03 15:37:47 ----A---- C:\Windows\system32\icardagt.exe
2009-08-03 15:37:43 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-08-03 15:37:35 ----A---- C:\Windows\system32\PresentationHost.exe
2009-08-03 15:28:45 ----A---- C:\Windows\system32\dfshim.dll
2009-08-03 15:28:39 ----A---- C:\Windows\system32\mscoree.dll
2009-08-03 15:28:37 ----A---- C:\Windows\system32\netfxperf.dll
2009-08-03 15:28:15 ----A---- C:\Windows\system32\mscorier.dll
2009-08-03 15:28:05 ----A---- C:\Windows\system32\mscories.dll
2009-08-03 14:54:44 ----A---- C:\Windows\system32\EncDec.dll
2009-08-03 14:54:41 ----A---- C:\Windows\system32\psisdecd.dll
2009-08-03 14:53:55 ----A---- C:\Windows\system32\wmp.dll
2009-08-03 14:53:53 ----A---- C:\Windows\system32\spwmp.dll
2009-08-03 14:53:52 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-03 14:53:52 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-03 14:53:32 ----A---- C:\Windows\system32\mshtml.dll
2009-08-03 14:53:31 ----A---- C:\Windows\system32\occache.dll
2009-08-03 14:53:30 ----A---- C:\Windows\system32\ieframe.dll
2009-08-03 14:53:28 ----A---- C:\Windows\system32\urlmon.dll
2009-08-03 14:53:26 ----A---- C:\Windows\system32\wininet.dll
2009-08-03 14:53:25 ----A---- C:\Windows\system32\iertutil.dll
2009-08-03 14:53:25 ----A---- C:\Windows\system32\iedkcs32.dll
2009-08-03 14:53:24 ----A---- C:\Windows\system32\msfeeds.dll
2009-08-03 14:53:22 ----A---- C:\Windows\system32\ieaksie.dll
2009-08-03 14:53:19 ----A---- C:\Windows\system32\ieUnatt.exe
2009-08-03 14:53:18 ----A---- C:\Windows\system32\ieencode.dll
2009-08-03 14:53:16 ----A---- C:\Windows\system32\mstime.dll
2009-08-03 14:53:15 ----A---- C:\Windows\system32\jsproxy.dll
2009-08-03 14:52:43 ----A---- C:\Windows\system32\t2embed.dll
2009-08-03 14:52:42 ----A---- C:\Windows\system32\fontsub.dll
2009-08-03 14:52:42 ----A---- C:\Windows\system32\dciman32.dll
2009-08-03 14:52:42 ----A---- C:\Windows\system32\atmfd.dll
2009-08-03 14:52:23 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-03 14:52:22 ----A---- C:\Windows\system32\kernel32.dll
2009-08-03 14:52:21 ----A---- C:\Windows\system32\secur32.dll
2009-08-03 14:52:21 ----A---- C:\Windows\system32\apilogen.dll
2009-08-03 14:52:20 ----A---- C:\Windows\system32\amxread.dll
2009-08-03 14:51:44 ----A---- C:\Windows\system32\winhttp.dll
2009-08-03 14:50:37 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-08-03 14:50:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-03 14:49:23 ----A---- C:\Windows\system32\rpcss.dll
2009-08-03 14:49:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-08-03 14:49:23 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-08-03 14:49:22 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-08-03 14:49:19 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-08-03 14:49:18 ----A---- C:\Windows\system32\sdohlp.dll
2009-08-03 14:49:18 ----A---- C:\Windows\system32\iasrecst.dll
2009-08-03 14:49:18 ----A---- C:\Windows\system32\iashost.exe
2009-08-03 14:49:18 ----A---- C:\Windows\system32\iasdatastore.dll
2009-08-03 14:49:18 ----A---- C:\Windows\system32\iasads.dll
2009-08-03 14:49:14 ----A---- C:\Windows\system32\localspl.dll
2009-08-03 14:49:12 ----A---- C:\Windows\system32\xolehlp.dll
2009-08-03 14:49:12 ----A---- C:\Windows\system32\msdtcprx.dll
2009-08-03 14:47:27 ----A---- C:\Windows\system32\rpcrt4.dll
2009-08-03 14:46:10 ----D---- C:\Program Files\Avira
2009-08-03 14:35:42 ----A---- C:\Windows\system32\wups2.dll
2009-08-03 14:35:42 ----A---- C:\Windows\system32\wucltux.dll
2009-08-03 14:35:42 ----A---- C:\Windows\system32\wuaueng.dll
2009-08-03 14:35:42 ----A---- C:\Windows\system32\wuauclt.exe
2009-08-03 14:35:29 ----A---- C:\Windows\system32\wups.dll
2009-08-03 14:35:29 ----A---- C:\Windows\system32\wudriver.dll
2009-08-03 14:35:29 ----A---- C:\Windows\system32\wuapi.dll
2009-08-03 14:35:23 ----A---- C:\Windows\system32\wuwebv.dll
2009-08-03 14:35:23 ----A---- C:\Windows\system32\wuapp.exe
2009-08-03 13:15:42 ----D---- C:\Users\***\AppData\Roaming\Adobe
2009-08-03 12:53:15 ----HD---- C:\MyWinLockerData
2009-08-03 12:50:24 ----D---- C:\Users\***\AppData\Roaming\PowerCinema
2009-08-03 12:50:23 ----D---- C:\ProgramData\EgisTec
2009-08-03 12:50:16 ----D---- C:\Users\***\AppData\Roaming\Macromedia
2009-08-03 12:49:32 ----D---- C:\Users\***\AppData\Roaming\Identities
2009-08-03 12:49:27 ----D---- C:\Users\***\AppData\Roaming\Google
2009-08-03 12:49:25 ----D---- C:\ProgramData\Partner
2009-08-03 12:49:23 ----D---- C:\ProgramData\Google
2009-08-03 12:49:17 ----D---- C:\Program Files\Google
2009-08-03 12:48:30 ----SD---- C:\Users\***\AppData\Roaming\Microsoft
2009-08-03 12:48:30 ----D---- C:\Users\***\AppData\Roaming\Media Center Programs
2009-08-03 12:48:30 ----D---- C:\Users\***\AppData\Roaming\Acer GameZone Console
2009-08-03 12:48:20 ----SHD---- C:\Programme
2009-08-03 12:48:20 ----SHD---- C:\ProgramData\Vorlagen
2009-08-03 12:48:20 ----SHD---- C:\ProgramData\Startmenü
2009-08-03 12:48:20 ----SHD---- C:\ProgramData\Favoriten
2009-08-03 12:48:20 ----SHD---- C:\ProgramData\Dokumente
2009-08-03 12:48:20 ----SHD---- C:\ProgramData\Desktop
2009-08-03 12:48:20 ----SHD---- C:\ProgramData\Anwendungsdaten
2009-08-03 12:48:20 ----SHD---- C:\Program Files\Gemeinsame Dateien
2009-08-03 12:48:20 ----SHD---- C:\Dokumente und Einstellungen

======List of files/folders modified in the last 1 months======

2009-08-11 09:07:33 ----D---- C:\Windows\Temp
2009-08-11 08:57:47 ----HD---- C:\ProgramData
2009-08-11 08:57:46 ----D---- C:\Windows\system32\drivers
2009-08-11 08:57:16 ----SHD---- C:\System Volume Information
2009-08-11 08:55:26 ----RD---- C:\Program Files
2009-08-11 08:47:57 ----D---- C:\Program Files\McAfee
2009-08-11 08:31:11 ----D---- C:\Windows\System32
2009-08-11 08:31:11 ----D---- C:\Windows\inf
2009-08-11 08:31:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-11 08:26:37 ----D---- C:\Windows
2009-08-10 21:33:16 ----D---- C:\Acer
2009-08-10 13:36:55 ----D---- C:\Windows\Tasks
2009-08-10 13:36:51 ----D---- C:\Windows\system32\catroot
2009-08-10 13:34:32 ----D---- C:\Windows\system32\Tasks
2009-08-10 13:34:22 ----SHD---- C:\Windows\Installer
2009-08-09 21:51:13 ----D---- C:\Windows\Prefetch
2009-08-09 21:50:18 ----D---- C:\Windows\system32\WDI
2009-08-09 21:00:39 ----RSD---- C:\Windows\assembly
2009-08-09 21:00:33 ----D---- C:\Windows\Microsoft.NET
2009-08-09 20:59:59 ----D---- C:\Windows\system32\catroot2
2009-08-09 20:58:31 ----D---- C:\Program Files\Common Files
2009-08-09 20:45:07 ----AD---- C:\ProgramData\Temp
2009-08-09 20:28:17 ----D---- C:\ProgramData\CyberLink
2009-08-05 09:42:11 ----SD---- C:\ProgramData\Microsoft
2009-08-05 09:00:49 ----D---- C:\Windows\winsxs
2009-08-04 20:16:55 ----D---- C:\Windows\rescache
2009-08-04 08:16:31 ----D---- C:\Windows\system32\LogFiles
2009-08-03 18:31:29 ----D---- C:\Windows\system32\NDF
2009-08-03 16:24:01 ----D---- C:\Windows\Debug
2009-08-03 16:14:48 ----D---- C:\Windows\system32\de-DE
2009-08-03 16:14:48 ----D---- C:\Windows\ehome
2009-08-03 16:14:47 ----D---- C:\Program Files\Windows Mail
2009-08-03 16:14:46 ----D---- C:\Windows\system32\wbem
2009-08-03 16:14:46 ----D---- C:\Program Files\Windows Media Player
2009-08-03 16:14:45 ----D---- C:\Windows\system32\manifeststore
2009-08-03 16:14:45 ----D---- C:\Windows\AppPatch
2009-08-03 16:14:44 ----D---- C:\Program Files\Internet Explorer
2009-08-03 16:14:36 ----D---- C:\Windows\system32\XPSViewer
2009-08-03 16:14:36 ----D---- C:\Windows\system32\en-US
2009-08-03 16:08:44 ----D---- C:\Program Files\Microsoft Works
2009-08-03 16:07:31 ----D---- C:\ProgramData\Microsoft Help
2009-08-03 16:07:19 ----D---- C:\Program Files\Common Files\microsoft shared
2009-08-03 15:57:16 ----RSD---- C:\Windows\Fonts
2009-08-03 15:27:48 ----D---- C:\Windows\SoftwareDistribution
2009-08-03 13:43:16 ----D---- C:\Windows\Logs
2009-08-03 12:51:48 ----D---- C:\ProgramData\McAfee
2009-08-03 12:51:24 ----D---- C:\Elements
2009-08-03 12:49:51 ----SHD---- C:\$RECYCLE.BIN
2009-08-03 12:49:42 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-03 12:49:42 ----D---- C:\Program Files\Acer
2009-08-03 12:48:29 ----RD---- C:\Users
2009-08-03 12:48:20 ----D---- C:\Program Files\Windows NT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2008-09-26 212968]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2008-08-26 130424]
R2 FPSensor;EgisTech-Corp Fingerprint Reader Driver (FPSensor.sys); C:\Windows\System32\Drivers\FPSensor.sys [2008-12-24 26928]
R2 int15;int15; \??\c:\Windows\system32\drivers\int15.sys [2009-02-13 69632]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 hidshim;Service for HID-KMDF Shim layer; C:\Windows\system32\DRIVERS\hidshim.sys [2008-10-08 5632]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-11 2338720]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2008-09-26 79272]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2008-09-26 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2008-09-26 40488]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-26 15360]
R3 nuvotonhidgeneric;Nuvoton EC Generic HID; C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys [2008-10-08 22528]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-01-23 52768]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-10 7545120]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-05 204976]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R4 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2008-09-26 34216]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
R2 IGBASVC;EgisTec Service; c:\Program Files\Acer Bio Protection\BASVC.exe [2009-02-13 3440640]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-10 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-03-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-10-31 793208]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-09-12 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-09-10 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-09-26 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-09-12 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2008-09-22 25416]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-10 203296]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-11-27 237568]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-09-26 363024]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-09-26 606736]
S2 0098131249973278mcinstcleanup;McAfee Application Installer Cleanup (0098131249973278); C:\Windows\TEMP\009813~1.EXE [2009-04-09 315776]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-08-03 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-03 138168]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------

Alt 11.08.2009, 09:16   #5
pinky79
 
Trojan.bho und heur/html.malware - Standard

Trojan.bho und heur/html.malware



Und hier Malwarebytes
Zitat:
Datenbank Version: 2590
Windows 6.0.6001 Service Pack 1

10.08.2009 14:39:27
mbam-log-2009-08-10 (14-39-27).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 195414
Laufzeit: 45 minute(s), 21 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\ProgramData\Partner\partner.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\ProgramData\Partner\partner.exe (Trojan.BHO) -> Quarantined and deleted successfully.
Hoffe das ist jetzt so richtig, kam mir ein wenig viel vor


Alt 11.08.2009, 16:08   #6
john.doe
 
Trojan.bho und heur/html.malware - Standard

Trojan.bho und heur/html.malware



Du hattest da nichts Schlimmes, nur ein bisschen Adware von dem dich Malwarebytes befreit hat. Die wird hauptsächlich über Messenger verbreitet. Sei also in Zukunft vorsichtiger mit Sachen, die dir zugeschickt werden und klicke nicht auf Alles.

Kontrolliere noch mit dem hier => http://www.trojaner-board.de/51871-a...tispyware.html

ciao, andreas
__________________
--> Trojan.bho und heur/html.malware

Alt 12.08.2009, 07:53   #7
pinky79
 
Trojan.bho und heur/html.malware - Standard

Trojan.bho und heur/html.malware



Vielen Dank Andreas für deine nette Hilfe, ich bin jetzt sehr erleichtert, hatte schon Angst ich müßte alles neu installieren...ich war mir nicht bewusst dass ich so viel angeklickt hatte, werde mal darauf achten:-)
Viele Grüße, Sabrina, hast mir sehr geholfen!

Alt 12.08.2009, 15:36   #8
john.doe
 
Trojan.bho und heur/html.malware - Standard

Trojan.bho und heur/html.malware



Du bist entlassen.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Antwort

Themen zu Trojan.bho und heur/html.malware
ad-aware, ad-watch, agere systems, antivir, antivir guard, avg, avira, defender, desktop, erecovery management, fehlalarm, firefox, google, hijack, internet, internet explorer, launch, local\temp, locker, malwarebytes' anti-malware, mozilla, mywinlocker, phishing, proxy, realtek, rundll, safer networking, security, senden, siteadvisor, software, system, vista, windows



Ähnliche Themen: Trojan.bho und heur/html.malware


  1. AntiVir hat Malware gefunden; HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (3)
  2. Malware Trace, HEUR/HTML.Malware
    Log-Analyse und Auswertung - 02.12.2011 (30)
  3. AV-Warnmeldung (HEUR/HTML.Malware)
    Plagegeister aller Art und deren Bekämpfung - 17.07.2010 (16)
  4. HEUR/HTML.Malware von AV bei IE
    Plagegeister aller Art und deren Bekämpfung - 08.07.2010 (1)
  5. TR/Agent.AR,TR/Click.Klik,HEUR/HTML.Malware,HTML/Crypted.Gen, dwwin.exe, drwtsu32.exe
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (1)
  6. werde Malware nicht los z.B. HEUR/HTML.Malware [heuristic
    Log-Analyse und Auswertung - 31.03.2010 (10)
  7. Malware Problem HEUR/HTML.Malware
    Log-Analyse und Auswertung - 29.03.2010 (1)
  8. HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 20.11.2009 (28)
  9. heur/html.malware
    Plagegeister aller Art und deren Bekämpfung - 05.08.2009 (1)
  10. TR/Rootkit.Gen & HTML/Infected.WebPage.Gen' & HEUR/HTML.Malware gefunden
    Log-Analyse und Auswertung - 25.06.2009 (31)
  11. EXP/ASF.GetCodec.Gen,HEUR/HTML.Malware,TR/Dropper.Gen,HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (17)
  12. HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 19.01.2009 (1)
  13. HEUR/HTML.Malware infiziert?!?!
    Mülltonne - 21.12.2008 (0)
  14. HEUR.HTML/Malware
    Mülltonne - 15.12.2008 (0)
  15. HEUR/HTML.Malware
    Mülltonne - 10.12.2008 (2)
  16. HEUR/HTML Malware, .vbs ????
    Plagegeister aller Art und deren Bekämpfung - 22.06.2008 (4)
  17. Heur/HTML Malware
    Log-Analyse und Auswertung - 28.05.2008 (12)

Zum Thema Trojan.bho und heur/html.malware - Hallo, ich hoffe hier kann mir jemand helfen, ich habe seit einigen Tagen einen neuen Laptop und bekomme von Antivir die Meldung, dass Heur/Html.Malware gefunden wurde(wobei ich auch gelesen habe, - Trojan.bho und heur/html.malware...
Archiv
Du betrachtest: Trojan.bho und heur/html.malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.