TR/Crypt.ZPACK.Gen Internetprobleme und Trojaner HILFEEE!!!

flauschfusse · 14.09.2009, 22:35

Hallo

Ich habe ein ziemliches Problem mit meiner internetverbindung. Eigentlich benutze ich Firefox in der aktuellsten Version, nur ist sie in den letzten Tagen ständig abgestürzt, wenn ich Seiten wie web.de aufrufen wollte oder ich wurde weitergeleitet auf globexonline.com oder thefeedyard.com. Im IE das selbe spiel Links auf Facebook werden mir so angezeigt

Code:

ATTFilter

h**p://w*w.facebook.com/l.php?u=http%3A%2F%2Fglobexonline.com%2F%3Fdo%3Drphp%26sub%3D350%26b%3D92228197183%26q%3Dhttp%3A%2F%2Fglobexonline.com%2F%3Fdo%3Drphp%26amp%3Bsub%3D350%26amp%3Bb%3D92228197183%26amp%3Bq%3Dhttp%3A%2F%2Fglobexonline.com%2F%3Fdo%3Drphp%26amp%3Bamp%3Bsub%3D350%26amp%3Bamp%3Bb%3D92228197183%26amp%3Bamp%3Bq%3Dhttp%3A%2F%2Fglobexonline.com%2F%3Fdo%3Drphp%26amp%3Bamp%3Bamp%3Bsub%3D350%26amp%3Bamp%3Bamp%3Bb%3D92228197183%26amp%3Bamp%3Bamp%3Bq%3Dhttp%3A%2F%2Fglobexonline.com%2F%3Fdo%3Drphp%26amp%3Bamp%3Bamp%3Bamp%3Bsub%3D350%26amp%3Bamp%3Bamp%3Bamp%3Bb%3D92228197183%26amp%3Bamp%3Bamp%3Bamp%3Bq%3Dhttp%3A%2F%2Fis.gd%2F3gAlO%26amp%3Bamp%3Bamp%3Bamp%3Borig%3Dhttp%253A%2F%2Fis.gd%2F3gAlO%26amp%3Bamp%3Bamp%3Borig%3Dhttp%253A%2F%2Fglobexonline.com%2F%253Fdo%253Drphp%2526sub%253D350%2526b%253D92228197183%2526q%253Dhttp%253A%2F%2Fis.gd%2F3gAlO%2526orig%253Dhttp%25253A%2F%2Fis.gd%2F3gAlO%26amp%3Bamp%3Borig%3Dhttp%253A%2F%2Fglobexonline.com%2F%253Fdo%253Drphp%2526sub%253D350%2526b%253D92228197183%2526q%253Dhttp%253A%2F%2Fglobexonline.com%2F%253Fdo%253Drphp%2526amp%253Bsub%253D350%2526amp%253Bb%253D92228197183%2526amp%253Bq%253Dhttp%253A%2F%2Fis.gd%2F3gAlO%2526amp%253Borig%253Dhttp%25253A%2F%2Fis.gd%2F3gAlO%2526orig%253Dhttp%25253A%2F%2Fglobexonline.com%2F%25253Fdo%25253Drphp%252526sub%25253D350%252526b%25253D92228197183%252526q%25253Dhttp%25253A%2F%2Fis.gd%2F3gAlO%252526orig%25253Dhttp%2525253A%2F%2Fis.gd%2F3gAlO%26amp%3Borig%3Dhttp%253A%2F%2Fglobexonline.com%2F%253Fdo%253Drphp%2526sub%253D350%2526b%253D92228197183%2526q%253Dhttp%253A%2F%2Fglobexonline.com%2F%253Fdo%253Drphp%2526amp%253Bsub%253D350%2526amp%253Bb%253D92228197183%2526amp%253Bq%253Dhttp%253A%2F%2Fglobexonline.com%2F%253Fdo%253Drphp%2526amp%253Bamp%253Bsub%253D350%2526amp%253Bamp%253Bb%253D92228197183%2526amp%253Bamp%253Bq%253Dhttp%253A%2F%2Fis.gd%2F3gAlO%2526amp%253Bamp%253Borig%253Dhttp%25253A%2F%2Fis.gd%2F3gAlO%2526amp%253Borig%253Dhttp%25253A%2F%2Fglobexonline.com%2F%25253Fdo%25253Drphp%252526sub%25253D350%252526b%25253D92228197183%252526q%25253Dhttp%25253A%2F%2Fis.gd%2F3gAlO%252526orig%25253Dhttp%2525253A%2F%2Fis.gd%2F3gAlO%2526orig%253Dhttp%25253A%2F%2Fglobexonline.com%2F%25253Fdo%25253Drphp%252526sub%25253D350%252526b%25253D92228197183%252526q%25253Dhttp%25253A%2F%2Fglobexonline.com%2F%25253Fdo%25253Drphp%252526amp%25253Bsub%25253D350%252526amp%25253Bb%25253D92228197183%252526amp%25253Bq%25253Dhttp%25253A%2F%2Fis.gd%2F3gAlO%252526amp%25253Borig%25253Dhttp%2525253A%2F%2Fis.gd%2F3gAlO%252526orig%25253Dhttp%2525253A%2F%2Fglobexonline.com%2F%2525253Fdo%2525253Drphp%25252526sub%2525253D350%25252526b%2525253D92228197183%25252526q%2525253Dhttp%2525253A%2F%2Fis.gd%2F3gAlO%25252526orig%2525253Dhttp%252525253A%2F%2Fis.gd%2F3gAlO%26orig%3Dhttp%253A%2F%2Fglobexonline.com%2F%253Fdo%253Drphp%2526sub%253D350%2526b%253D92228197183%2526q%253Dhttp%253A%2F%2Fglobexonline.com%2F%253Fdo%253Drphp%2526amp%253Bsub%253D350%2526amp%253Bb%253D92228197183%2526amp%253Bq%253Dhttp%253A%2F%2Fglobexonline.com%2F%253Fdo%253Drphp%2526amp%253Bamp%253Bsub%253D350%2526amp%253Bamp%253Bb%253D92228197183%2526amp%253Bamp%253Bq%253Dhttp%253A%2F%2Fglobexonline.com%2F%253Fdo%253Drphp%2526amp%253Bamp%253Bamp%253Bsub%253D350%2526amp%253Bamp%253Bamp%253Bb%253D92228197183%2526amp%253Bamp%253Bamp%253Bq%253Dhttp%253A%2F%2Fis.gd%2F3gAlO%2526amp%253Bamp%253Bamp%253Borig%253Dhttp%25253A%2F%2Fis.gd%2F3gAlO%2526amp%253Bamp%253Borig%253Dhttp%25253A%2F%2Fglobexonline.com%2F%25253Fdo%25253Drphp%252526sub%25253D350%252526b%25253D92228197183%252526q%25253Dhttp%25253A%2F%2Fis.gd%2F3gAlO%252526orig%25253Dhttp%2525253A%2F%2Fis.gd%2F3gAlO%2526amp%253Borig%253Dhttp%25253A%2F%2Fglobexonline.com%2F%25253Fdo%25253Drphp%252526sub%25253D350%252526b%25253D92228197183%252526q%25253Dhttp%25253A%2F%2Fglobexonline.com%2F%25253Fdo%25253Drphp%252526amp%25253Bsub%25253D350%252526amp%25253Bb%25253D92228197183%252526amp%25253Bq%25253Dhttp%25253A%2F%2Fis.gd%2F3gAlO%252526amp%25253Borig%25253Dhttp%2525253A%2F%2Fis.gd%2F3gAlO%252526orig%25253Dhttp%2525253A%2F%2Fglobexonline.com%2F%2525253Fdo%2525253Drphp%25252526sub%2525253D350%25

habe auch meine Virenprogis scannen lassen - Fund war bei Avira TR/Crypt.ZPACK.Gen bei AVG nix hab dann das Windowsprogramm zum Finden von schädlicher Software (oder so ähnlich) laufen lassen, ergab ein Fund - sollte dann angeblich gelöscht sein aber nach neuem Scan immer noch der selbe Fund.
Ich hab nun schon mal die HiJack scannen lassen: [CODE]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:49, on 14.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\AskBarDis\bar\bin\AskService.exe
C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\System Control Manager\MSIService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\System Control Manager\MGSysCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\tuloxFreeWBF\FreeDict.exe
C:\Programme\tuloxFreeWBE\FreeDict.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\CounterPath\X-Lite\x-lite.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Gigaflat\java\launch4j-tmp\Gigaflat.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\Programme\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programme\AVG\AVG8\avgui.exe
C:\Programme\AVG\AVG8\avgscanx.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Google\Chrome\Application\chrome.exe
C:\Programme\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Programme\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tuloxFreeWBF] C:\Programme\tuloxFreeWBF\FreeDict.exe AUTOSTART
O4 - HKLM\..\Run: [tuloxFreeWBE] C:\Programme\tuloxFreeWBE\FreeDict.exe AUTOSTART
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Programme\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOKUME~1\GWENFL~1\protect.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222320483265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222329354093
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Programme\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9ed29e79a83b8) (gupdate1c9ed29e79a83b8) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Programme\System Control Manager\MSIService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11918 bytes
/CODE]

flauschfusse · 14.09.2009, 22:38

hier Teil 2

und auch die Malwarebytes - angeblich nach mehrmaligem aufhängen - ohne Befund [CODE]Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2796
Windows 5.1.2600 Service Pack 3

14.09.2009 22:31:16
mbam-log-2009-09-14 (22-31-16).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 87810
Laufzeit: 38 minute(s), 41 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
/CODE]

flauschfusse · 14.09.2009, 22:40

teil 3

und das andere [CODE]Logfile of random's system information tool 1.06 (written by random/random)
Run by Gwen Flausch at 2009-09-14 21:33:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 107 GB (76%) free of 141 GB
Total RAM: 1013 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:13, on 14.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\AskBarDis\bar\bin\AskService.exe
C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\System Control Manager\MSIService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\System Control Manager\MGSysCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\tuloxFreeWBF\FreeDict.exe
C:\Programme\tuloxFreeWBE\FreeDict.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\CounterPath\X-Lite\x-lite.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Gigaflat\java\launch4j-tmp\Gigaflat.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\Programme\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programme\AVG\AVG8\avgui.exe
C:\Programme\AVG\AVG8\avgscanx.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\Dokumente und Einstellungen\Gwen Flausch\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Gwen Flausch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Programme\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tuloxFreeWBF] C:\Programme\tuloxFreeWBF\FreeDict.exe AUTOSTART
O4 - HKLM\..\Run: [tuloxFreeWBE] C:\Programme\tuloxFreeWBE\FreeDict.exe AUTOSTART
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Programme\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOKUME~1\GWENFL~1\protect.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222320483265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222329354093
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Programme\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9ed29e79a83b8) (gupdate1c9ed29e79a83b8) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Programme\System Control Manager\MSIService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11798 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

flauschfusse · 14.09.2009, 22:41

teil 4

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Programme\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programme\AVG\AVG8\avgssie.dll [2009-09-14 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-07 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
Fast Browser Search Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - []
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Programme\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-07 16862208]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2008-01-11 1028096]
"MGSysCtrl"=C:\Programme\System Control Manager\MGSysCtrl.exe [2008-06-10 782336]
"UCam_Menu"=C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
"QuickFinder Scheduler"=C:\Programme\WordPerfect Office X3\Programs\QFSCHD130.EXE [2007-01-02 83568]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"tuloxFreeWBF"=C:\Programme\tuloxFreeWBF\FreeDict.exe [2009-04-24 2479104]
"tuloxFreeWBE"=C:\Programme\tuloxFreeWBE\FreeDict.exe [2009-04-24 2479104]
"WinampAgent"=C:\Programme\Winamp\winampa.exe [2009-07-01 37888]
"autochk"=C:\WINDOWS\system32\autochk.dll [2009-09-14 22016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-14 2007832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-14 39408]
"eyeBeam SIP Client"=C:\Programme\CounterPath\X-Lite\x-lite.exe [2009-06-05 23207936]
"autochk"=C:\DOKUME~1\GWENFL~1\protect.dll [2009-09-14 22016]

C:\Dokumente und Einstellungen\Gwen Flausch\Startmenü\Programme\Autostart
ChkDisk.dll
ChkDisk.lnk - C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-14 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Vuze\Azureus.exe"="C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Gizmo5\mDNSResponder.exe"="C:\Programme\Gizmo5\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\Gizmo5\Gizmo5.exe"="C:\Programme\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5"
"C:\Programme\CounterPath\X-Lite\x-lite.exe"="C:\Programme\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Programme\tuloxFreeWBF\FreeDict.exe"="C:\Programme\tuloxFreeWBF\FreeDict.exe:*:Enabled:tulox-Wörterbuch"
"C:\Programme\tuloxFreeWBE\FreeDict.exe"="C:\Programme\tuloxFreeWBE\FreeDict.exe:*:Enabled:tulox-Wörterbuch"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\AVG\AVG8\avgemc.exe"="C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programme\AVG\AVG8\avgupd.exe"="C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programme\AVG\AVG8\avgnsx.exe"="C:\Programme\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-09-14 21:33:05 ----D---- C:\rsit
2009-09-14 21:17:55 ----D---- C:\Programme\Trend Micro
2009-09-14 20:44:20 ----HD---- C:\$AVG8.VAULT$
2009-09-14 20:31:18 ----D---- C:\Dokumente und Einstellungen\Gwen Flausch\Anwendungsdaten\Malwarebytes
2009-09-14 20:30:55 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-09-14 20:30:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-09-14 20:27:50 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-09-14 20:27:16 ----D---- C:\Programme\AVG
2009-09-14 20:27:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg8
2009-09-14 16:03:36 ----ASH---- C:\WINDOWS\system32\autochk.dll
2009-09-10 20:24:43 ----D---- C:\Programme\Orangina
2009-09-09 11:54:51 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 11:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-08 18:32:09 ----D---- C:\WINDOWS\Minidump
2009-08-30 17:54:27 ----D---- C:\Dokumente und Einstellungen\Gwen Flausch\Anwendungsdaten\Screaming Bee
2009-08-30 17:53:05 ----D---- C:\Programme\Screaming Bee
2009-08-30 17:53:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Screaming Bee
2009-08-30 17:33:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CyberLink
2009-08-30 13:11:37 ----D---- C:\Programme\AskBarDis
2009-08-30 12:36:18 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-08-30 12:36:18 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-08-30 12:36:18 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-08-30 12:36:18 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-08-30 12:36:18 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-08-30 12:36:18 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-08-30 12:36:18 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-08-30 12:36:17 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-08-30 12:36:17 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-08-30 12:36:17 ----N---- C:\WINDOWS\system32\px.dll
2009-08-30 12:36:14 ----D---- C:\Programme\Winamp
2009-08-30 12:36:14 ----D---- C:\Dokumente und Einstellungen\Gwen Flausch\Anwendungsdaten\Winamp
2009-08-29 17:26:31 ----D---- C:\Programme\tuloxFreeWBE
2009-08-29 17:07:50 ----D---- C:\Programme\tuloxFreeWBF
2009-08-27 14:04:22 ----D---- C:\Programme\Gemeinsame Dateien\Intel
2009-08-27 14:04:18 ----D---- C:\Programme\CounterPath
2009-08-27 13:52:42 ----D---- C:\Dokumente und Einstellungen\Gwen Flausch\Anwendungsdaten\Gizmo5
2009-08-27 11:42:20 ----A---- C:\WINDOWS\imsins.BAK
2009-08-27 11:42:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-27 10:55:20 ----D---- C:\Programme\Gigaflat
2009-08-25 20:30:50 ----D---- C:\Programme\Kiri Screensaver
2009-08-25 13:51:48 ----D---- C:\WINDOWS\system32\screensaver3 dir
2009-08-25 13:39:43 ----D---- C:\Programme\Kiri_wdg
2009-08-25 13:38:33 ----D---- C:\WINDOWS\system32\screensaver2 dir
2009-08-24 22:29:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
2009-08-24 22:29:10 ----D---- C:\Dokumente und Einstellungen\Gwen Flausch\Anwendungsdaten\Babylon
2009-08-22 19:33:31 ----D---- C:\Programme\3GP Player 2009
2009-08-21 12:03:26 ----D---- C:\Dokumente und Einstellungen\Gwen Flausch\Anwendungsdaten\skypePM
2009-08-21 12:02:13 ----D---- C:\Dokumente und Einstellungen\Gwen Flausch\Anwendungsdaten\Skype
2009-08-21 12:01:37 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2009-08-21 12:01:33 ----RD---- C:\Programme\Skype
2009-08-21 12:01:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2009-08-17 00:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-17 00:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-16 03:04:44 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-16 03:04:40 ----D---- C:\Programme\MSBuild
2009-08-16 03:04:38 ----D---- C:\WINDOWS\system32\en-US
2009-08-16 03:04:32 ----D---- C:\Programme\Reference Assemblies
2009-08-16 03:04:07 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-16 03:04:07 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-16 03:04:06 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-16 03:04:06 ----D---- C:\5373f18529859d98a48288d6
2009-08-16 03:03:56 ----D---- C:\WINDOWS\SxsCaPendDel

======List of files/folders modified in the last 1 months======

2009-09-14 21:25:44 ----D---- C:\WINDOWS\Temp
2009-09-14 21:18:07 ----D---- C:\WINDOWS\Prefetch
2009-09-14 21:17:55 ----D---- C:\Programme
2009-09-14 21:11:27 ----D---- C:\WINDOWS\system32\drivers
2009-09-14 20:27:50 ----D---- C:\WINDOWS\system32
2009-09-14 20:27:15 ----SHD---- C:\WINDOWS\Installer
2009-09-14 20:27:15 ----D---- C:\Config.Msi
2009-09-14 20:27:14 ----D---- C:\WINDOWS\WinSxS
2009-09-14 20:26:18 ----SD---- C:\Dokumente und Einstellungen\Gwen Flausch\Anwendungsdaten\Microsoft
2009-09-14 20:26:17 ----D---- C:\WINDOWS
2009-09-14 20:00:55 ----D---- C:\Programme\Mozilla Firefox
2009-09-14 13:58:58 ----SD---- C:\WINDOWS\Tasks
2009-09-14 11:53:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-13 23:36:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-09 22:17:24 ----HD---- C:\WINDOWS\inf
2009-09-09 22:16:59 ----D---- C:\Programme\Microsoft Silverlight
2009-09-09 11:54:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 11:54:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-09 11:54:24 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-02 09:33:33 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-31 12:02:50 ----D---- C:\Dokumente und Einstellungen\Gwen Flausch\Anwendungsdaten\Azureus
2009-08-30 13:12:50 ----D---- C:\Programme\Vuze
2009-08-28 14:38:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-27 14:04:22 ----D---- C:\Programme\Gemeinsame Dateien
2009-08-27 11:44:01 ----SHD---- C:\System Volume Information
2009-08-27 11:35:30 ----D---- C:\WINDOWS\system32\Restore
2009-08-25 09:20:44 ----D---- C:\WINDOWS\Network Diagnostic
2009-08-20 17:00:53 ----D---- C:\Dokumente und Einstellungen\Gwen Flausch\Anwendungsdaten\dvdcss
2009-08-16 07:35:23 ----RSD---- C:\WINDOWS\assembly
2009-08-16 03:08:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-16 03:04:37 ----RSD---- C:\WINDOWS\Fonts
2009-08-16 03:04:20 ----D---- C:\WINDOWS\system32\spool
2009-08-16 03:02:26 ----D---- C:\WINDOWS\system32\mui
2009-08-16 00:51:08 ----D---- C:\Programme\EA GAMES
2009-08-16 00:07:28 ----D---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-14 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-14 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-09-14 108552]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-14 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-06-10 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2007-11-15 572416]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-05-07 106368]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-01-11 220128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 96512]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-14 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 ASKService;ASKService; C:\Programme\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
R2 ASKUpgrade;ASKUpgrade; C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-14 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-14 297752]
R2 Micro Star SCM;Micro Star SCM; C:\Programme\System Control Manager\MSIService.exe [2008-02-21 159744]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\Cyberlink\Shared files\RichVideo.exe [2007-01-08 171040]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 gupdate1c9ed29e79a83b8;Google Update Service (gupdate1c9ed29e79a83b8); C:\Programme\Google\Update\GoogleUpdate.exe [2009-06-14 133104]
S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-14 183280]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-06-13 306432]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
/CODE]

Bitte ich hoffe ihr könnt mir schnell weiterhelfen ich bin schon

am verzweifeln
Der chrome Explo läuft aber ohne Probleme ....

Danke schon einmal

flauschfusse · 15.09.2009, 01:11

da es mir doch komisch vorkam, dass Malwarebytes sich aufgehängt hatte und dann nicht gefunden hatte hab ich es neu installiert und noch mal durchgescannt hier das neue aktuelle Scan;

[CODE]Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2798
Windows 5.1.2600 Service Pack 3

15.09.2009 02:06:55
mbam-log-2009-09-15 (02-06-45).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 87262
Laufzeit: 3 minute(s), 28 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 13

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Gwen Flausch\Startmenü\Programme\Autostart\ChkDisk.dll (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Gwen Flausch\Startmenü\Programme\Autostart\ChkDisk.lnk (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Gwen Flausch\Lokale Einstellungen\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Gwen Flausch\protect.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\rotscxbpfdgrqs.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\rotscxcqxedyqr.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\rotscxfwbxxyyu.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\rotscxscvyafpw.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\rotscxugcexrbq.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\rotscxhenwmbyp.sys (Rootkit.TDSS) -> No action taken.
/CODE]

flauschfusse · 15.09.2009, 12:31

HALLO BITTE HELFT MIR!!!

Die probleme verschlimmern sich bei mir... ich bekomme von Avira im Sekundentakt Trojaner Warnungen ausgespuckt und zwar zuerst 'TR/Trash.Gen' [trojan] und dann 'TR/Alureon.19456U.3'

Lasse nun noch mal Malewarebytes durchlaufen - läuft schon seit mehr als 90 Minuten ich glaub gleich passiert das hier:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2798
Windows 5.1.2600 Service Pack 3

15.09.2009 13:40:19
mbam-log-2009-09-15 (13-40-19).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|F:\|)
Durchsuchte Objekte: 145526
Laufzeit: 1 hour(s), 18 minute(s), 27 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Gwen Flausch\Startmenü\Programme\Autostart\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gwen Flausch\Startmenü\Programme\Autostart\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Gwen Flausch\Lokale Einstellungen\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\Dokumente und Einstellungen\Gwen Flausch\protect.dll (Trojan.Agent) -> Delete on reboot.
C:\Dokumente und Einstellungen\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\NetworkService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.

flauschfusse · 15.09.2009, 16:58

Liebe Admins

BITTE SCHLiESSEN !!! ODER LÖSCHEN!!!!
DANKE!!!!

TR/Crypt.ZPACK.Gen Internetprobleme und Trojaner HILFEEE!!!

Mülltonne: TR/Crypt.ZPACK.Gen Internetprobleme und Trojaner HILFEEE!!!