|
TR/Drop.Agen. ...HILFE!! hallo, ich habe (wieder mal) eine verseuchung. antivir gibt mir mehrmals eine Dropper Warnung und seit heute auch eine TR/Drop.Agen.myw.92 Warnung MAlwareAntibytes sagt mir es sind keine infizierten objekte gefunden worden! ich weiß echt nicht was ich machen soll. MalwareAntibytes: Malwarebytes' Anti-Malware 1.42 Datenbank Version: 3304 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 22.01.2010 18:23:58 mbam-log-2010-01-22 (18-23-58).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 218150 Laufzeit: 1 hour(s), 3 minute(s), 1 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) RSIT: Logfile of random's system information tool 1.06 (written by random/random) Run by tini at 2010-01-22 18:25:31 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 53 GB (44%) free of 119 GB Total RAM: 3071 MB (61% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:25:37, on 22.01.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\System32\ASUSTPE.exe C:\Windows\ASScrPro.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\tini\Desktop\programme\RSIT.exe C:\Program Files\Trend Micro\HijackThis\tini.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ht**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON Stylus D78 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\Users\tini\AppData\Local\Temp\E_S94B2.tmp" /EF "HKCU" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Add to Windows &Live Favorites - h**p://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://h**p://upload.facebook.com/co...oUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://h**p://upload.facebook.com/co...Uploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://h**p://fpdownload2.macromedia...sh/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://h**p://platformdl.adobe.com/N...lus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8DDBA139-1F98-42BA-AB71-605D208C87B6}: NameServer = 10.4.40.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 9463 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-15 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-09-29 218160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-07 4853760] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-09-03 630784] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440] "ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2007-10-12 106496] "ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe [2008-08-07 37232] "ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2008-08-07 33136] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-18 2289664] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-30 39408] "EPSON Stylus D78 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE [2006-09-22 139264] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] C:\Users\tini\Program Files\DNA\btdna.exe [2009-11-13 323392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone] C:\Program Files\P4P\P4P.exe [2007-08-03 778240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2010-01-21 20:54:23 ----A---- C:\Windows\system32\mshtml.dll 2010-01-21 20:54:23 ----A---- C:\Windows\system32\ieframe.dll 2010-01-21 20:54:22 ----A---- C:\Windows\system32\iertutil.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\wininet.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\urlmon.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\occache.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\msfeeds.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\ieui.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\iedkcs32.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\msfeedssync.exe 2010-01-21 20:54:20 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\jsproxy.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\ieUnatt.exe 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iesysprep.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iesetup.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iernonce.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iepeers.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\ie4uinit.exe 2010-01-16 16:48:25 ----D---- C:\Program Files\Adobe 2010-01-13 10:44:06 ----A---- C:\Windows\system32\t2embed.dll 2010-01-13 10:44:06 ----A---- C:\Windows\system32\fontsub.dll 2010-01-05 20:33:31 ----D---- C:\Windows\temp 2010-01-05 20:33:24 ----A---- C:\ComboFix.txt 2010-01-05 20:25:13 ----D---- C:\$RECYCLE.BIN 2010-01-05 20:10:46 ----D---- C:\cofi 2010-01-05 19:54:34 ----A---- C:\Windows\SWXCACLS.exe 2010-01-05 19:19:05 ----A---- C:\Windows\system32\acovcnt.exe 2010-01-03 20:53:04 ----A---- C:\Windows\zip.exe 2010-01-03 20:53:04 ----A---- C:\Windows\SWSC.exe 2010-01-03 20:53:04 ----A---- C:\Windows\SWREG.exe 2010-01-03 20:53:04 ----A---- C:\Windows\sed.exe 2010-01-03 20:53:04 ----A---- C:\Windows\PEV.exe 2010-01-03 20:53:04 ----A---- C:\Windows\NIRCMD.exe 2010-01-03 20:53:04 ----A---- C:\Windows\MBR.exe 2010-01-03 20:53:04 ----A---- C:\Windows\grep.exe 2010-01-03 20:52:48 ----D---- C:\Windows\ERDNT 2010-01-03 20:52:07 ----D---- C:\Qoobox 2010-01-02 20:48:51 ----D---- C:\Avenger 2010-01-02 20:48:51 ----A---- C:\avenger.txt 2009-12-31 14:04:43 ----D---- C:\rsit 2009-12-30 16:51:37 ----D---- C:\Program Files\Common Files\Adobe 2009-12-30 16:49:45 ----D---- C:\ProgramData\NOS 2009-12-25 12:54:25 ----SHD---- C:\Users\tini\AppData\Roaming\lowsec ======List of files/folders modified in the last 1 months====== 2010-01-22 18:25:38 ----D---- C:\Windows\Prefetch 2010-01-22 18:18:05 ----D---- C:\Users\tini\AppData\Roaming\Skype 2010-01-22 17:11:03 ----D---- C:\Windows\Debug 2010-01-22 17:11:03 ----D---- C:\Windows 2010-01-22 16:08:55 ----D---- C:\Users\tini\AppData\Roaming\skypePM 2010-01-22 14:45:21 ----D---- C:\Windows\system32\migration 2010-01-22 14:45:21 ----D---- C:\Windows\System32 2010-01-22 14:45:20 ----D---- C:\Program Files\Internet Explorer 2010-01-21 23:55:57 ----D---- C:\Windows\winsxs 2010-01-21 20:51:45 ----D---- C:\Windows\system32\catroot2 2010-01-21 20:51:45 ----D---- C:\Windows\system32\catroot 2010-01-21 10:20:56 ----D---- C:\Program Files\Microsoft Silverlight 2010-01-20 23:50:50 ----SHD---- C:\Windows\Installer 2010-01-18 23:47:46 ----D---- C:\Windows\inf 2010-01-18 23:47:46 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-01-16 16:48:30 ----D---- C:\ProgramData\Adobe 2010-01-16 16:48:25 ----D---- C:\Program Files 2010-01-14 21:15:01 ----D---- C:\Users\tini\AppData\Roaming\DNA 2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe 2010-01-13 11:20:25 ----D---- C:\ProgramData\Microsoft Help 2010-01-13 11:19:38 ----D---- C:\Program Files\Windows Mail 2010-01-11 22:46:46 ----D---- C:\ProgramData 2010-01-11 22:46:46 ----D---- C:\Program Files\Yahoo! 2010-01-05 21:38:17 ----D---- C:\Windows\system32\WDI 2010-01-05 20:33:32 ----D---- C:\Windows\system32\drivers 2010-01-05 20:32:05 ----D---- C:\Windows\Tasks 2010-01-05 20:25:31 ----A---- C:\Windows\system.ini 2010-01-05 20:21:56 ----D---- C:\Windows\system32\config 2010-01-05 20:21:56 ----D---- C:\Boot 2010-01-05 20:17:03 ----D---- C:\Windows\AppPatch 2010-01-05 20:17:02 ----D---- C:\Program Files\Common Files 2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe 2009-12-30 21:09:01 ----SD---- C:\Windows\Downloaded Program Files 2009-12-26 21:54:58 ----SHD---- C:\System Volume Information 2009-12-26 14:20:00 ----D---- C:\Users\tini\AppData\Roaming\BitTorrent 2009-12-25 12:53:50 ----D---- C:\Windows\system32\spool ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-31 743424] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2009-09-15 37376] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-08 2044896] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-15 7680] R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-10 57856] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400] R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2009-09-15 32768] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2008-04-03 49904] S3 catchme;catchme; \??\C:\cofi\catchme.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208] R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-11-17 224816] R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-11-12 331824] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 fsssvc;Windows Live Family Safety-Dienst; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768] S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-11-17 57640] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- |
Hallo, Zitat:
Reich das Log mit dem Fund von AntiVir nach. |
In der Datei 'C:\Windows\temp\ttdf.tmp\svchost.exe' wurde ein Virus oder unerwünschtes Programm 'DR/Delphi.Gen' [dropper] gefunden. meinst du das?? ich weiß sonst nicht, was du mit log meinst bzw wie ich das anzeigen kann.... |
Dann mal bitte prompt diese Datei bei Virustotal.com hochladen, auswerten lassen und Ergebnislink schicken. Zitat:
Aktuell jetzt ist Version 1.44 mit der Datenbank-Version 3641. Bitte Malwarebytes aktualisieren und erneuten Vollscan machen, evtl. Funde bitte entfernen. |
das hab ich bereits versucht - und jetzt auch nochmal ABER die datei kann ich nicht hochladen weil der ordner leer ist......? |
Hast Du die Datei schon gelöscht? Schau mal nach, ob die ggf. noch in der Quarantäne ist. Stell auch unbedingt sicher, daß Dir alle Dateien angezeigt werden, nicht dass die Datei da ist und Du sie nur nicht siehst :balla: Solltest die Datei weg sein, bitte mit aktuellem Malwarebytes nochmal den Vollscan machen... |
also ich hab mit der neuen version von mbam gescannt und funde gelöscht - ich wart jetzt mal ab ob es passt. danke für den tipp mit dem uodate *genier*...daran hab ich ehcht nicht gedacht!!!! |
es hat NICHT funktioniert *grml* :aufsmaul: |
Was hat nicht funktioniert? Wo ist das letzte Log von Malwarebytes? |
naja ich hab die funde von malware gelöscht, aht aber nichts am problem geöndert.... Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3641 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 26.01.2010 22:09:43 mbam-log-2010-01-26 (22-09-43).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 229090 Laufzeit: 1 hour(s), 7 minute(s), 13 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\cofi\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully. |
C:\Windows\system32\acovcnt.exe Bitte diese Datei bei Virustotal.com auswerten und Ergebnislink posten. |
|
Also ok. Die Logs ware alle unauffällig, hattest Du noch Meldungen über Schädlinge? :confused: |
hmmm.....eigenartig. ja ich hab immer wieder meldungen von antivir...weniger als zuvor, aber doch immer wieder mal.... |
Wenn dann musst diese Meldungen auch posten, sonst hat das ganze keinen Sinn... |
:killpc: neuste meldungen sind laut antivir TR/Click.Cycler.nns zb: in der Datei 'C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Click.Cycler.nns' [trojan] gefunden. aber auch in anderen foldern meldet er mir das....ich bin echt schon am ausrasten! ich lass jetzt dann nochmal mbam durchlaufen |
Zitat:
lad die Datei bei Virustotal.com hoch und poste den Ergebnislink. |
die warnmeldung kommt aber nicht nur für diesen folder....auch zum ATI TEchnologies und andere.... soll ich die funde von mbam gleich löschen lassen oder erst log posten??? |
Nun lass doch die Datei auswerten :( |
|
Ich sagte doch esd ist ein Fehlalarm. Nichtmal das AntiVir auf Virustotal hat angeschlagen. Sind Deine Signaturen aktuell? Sonst alle Einstellungen auf standard? Ich hab den Eindruck, Dein AntiVir ist da etwas zu scharf/sensibel eingestellt und haut deswegen die Meldungen raus. Hatten wir mal einen Scan mit aggressiven Einstellungen gemacht? Wenn ja, dann mach bitte alles wieder rückgängig, also alles auf Standard zurückstellen. |
ok danke, werd ich machen - mein antivir is auf dem neusten stand aber ich hab die hohe sichheit eingestellt seit dem letzten virus.... :dankeschoen: |
so, nachdem ich dachte es ist vorbei kam die nächsté warnung --> TR/Crypt.ZPACK.Gen ich hab mal rsit laufen lassen: Logfile of random's system information tool 1.06 (written by random/random) Run by tini at 2010-02-02 00:03:53 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 50 GB (42%) free of 119 GB Total RAM: 3071 MB (73% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:04:03, on 02.02.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\syntpenh.exe C:\Program Files\ASUS\ATK Media\dmedia.exe C:\Windows\System32\asustpe.exe C:\Windows\asscrpro.exe C:\Program Files\Microsoft Office\Office12\groovemonitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe C:\Users\tini\Desktop\programme\RSIT.exe C:\Program Files\Trend Micro\HijackThis\tini.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON Stylus D78 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\Users\tini\AppData\Local\Temp\E_S94B2.tmp" /EF "HKCU" O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8DDBA139-1F98-42BA-AB71-605D208C87B6}: NameServer = 10.4.40.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Google Update Service (gupdate1ca9ed857215824) (gupdate1ca9ed857215824) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 9217 bytes ======Scheduled tasks folder====== C:\Windows\tasks\At1.job C:\Windows\tasks\At10.job C:\Windows\tasks\At11.job C:\Windows\tasks\At12.job C:\Windows\tasks\At13.job C:\Windows\tasks\At14.job C:\Windows\tasks\At15.job C:\Windows\tasks\At16.job C:\Windows\tasks\At17.job C:\Windows\tasks\At18.job C:\Windows\tasks\At19.job C:\Windows\tasks\At2.job C:\Windows\tasks\At20.job C:\Windows\tasks\At21.job C:\Windows\tasks\At22.job C:\Windows\tasks\At23.job C:\Windows\tasks\At24.job C:\Windows\tasks\At3.job C:\Windows\tasks\At4.job C:\Windows\tasks\At5.job C:\Windows\tasks\At6.job C:\Windows\tasks\At7.job C:\Windows\tasks\At8.job C:\Windows\tasks\At9.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-15 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-09-29 218160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-07 4853760] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-09-03 630784] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440] "ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2007-10-12 106496] "ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe [2008-08-07 37232] "ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2008-08-07 33136] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] "EPSON Stylus D78 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU C:\Users\tini\AppData\Local\Temp\E_S94B2.tmp /EF HKCU [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] C:\Users\tini\Program Files\DNA\btdna.exe [2009-11-13 323392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone] C:\Program Files\P4P\P4P.exe [2007-08-03 778240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2010-01-26 23:40:37 ----D---- C:\Users\tini\AppData\Roaming\Skip-Bo 2010-01-26 23:40:01 ----D---- C:\ProgramData\Trymedia 2010-01-26 23:39:34 ----D---- C:\ProgramData\Zylom 2010-01-26 23:39:34 ----D---- C:\GameHouse Games 2010-01-26 23:39:33 ----D---- C:\Program Files\Zylom Games 2010-01-26 23:35:55 ----D---- C:\Program Files\RealArcade 2010-01-21 20:54:23 ----A---- C:\Windows\system32\mshtml.dll 2010-01-21 20:54:23 ----A---- C:\Windows\system32\ieframe.dll 2010-01-21 20:54:22 ----A---- C:\Windows\system32\iertutil.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\wininet.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\urlmon.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\occache.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\msfeeds.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\ieui.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\iedkcs32.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\msfeedssync.exe 2010-01-21 20:54:20 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\jsproxy.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\ieUnatt.exe 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iesysprep.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iesetup.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iernonce.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iepeers.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\ie4uinit.exe 2010-01-16 16:48:25 ----D---- C:\Program Files\Adobe 2010-01-13 10:44:06 ----A---- C:\Windows\system32\t2embed.dll 2010-01-13 10:44:06 ----A---- C:\Windows\system32\fontsub.dll 2010-01-05 20:33:31 ----D---- C:\Windows\temp 2010-01-05 20:33:24 ----A---- C:\ComboFix.txt 2010-01-05 20:25:13 ----D---- C:\$RECYCLE.BIN 2010-01-05 20:10:46 ----D---- C:\cofi 2010-01-05 19:54:34 ----A---- C:\Windows\SWXCACLS.exe 2010-01-05 19:19:05 ----A---- C:\Windows\system32\acovcnt.exe 2010-01-03 20:53:04 ----A---- C:\Windows\zip.exe 2010-01-03 20:53:04 ----A---- C:\Windows\SWSC.exe 2010-01-03 20:53:04 ----A---- C:\Windows\SWREG.exe 2010-01-03 20:53:04 ----A---- C:\Windows\sed.exe 2010-01-03 20:53:04 ----A---- C:\Windows\PEV.exe 2010-01-03 20:53:04 ----A---- C:\Windows\NIRCMD.exe 2010-01-03 20:53:04 ----A---- C:\Windows\MBR.exe 2010-01-03 20:53:04 ----A---- C:\Windows\grep.exe 2010-01-03 20:52:48 ----D---- C:\Windows\ERDNT 2010-01-03 20:52:07 ----D---- C:\Qoobox ======List of files/folders modified in the last 1 months====== 2010-02-02 00:04:03 ----D---- C:\Windows\Prefetch 2010-02-01 23:21:19 ----D---- C:\Users\tini\AppData\Roaming\Skype 2010-02-01 23:01:27 ----D---- C:\Windows\System32 2010-02-01 23:01:12 ----D---- C:\Windows 2010-02-01 23:01:12 ----D---- C:\Program Files\Internet Explorer 2010-02-01 23:01:12 ----D---- C:\Program Files\Common Files\LightScribe 2010-02-01 20:18:36 ----D---- C:\Users\tini\AppData\Roaming\skypePM 2010-02-01 20:17:10 ----D---- C:\Program Files 2010-02-01 14:51:01 ----D---- C:\Windows\Tasks 2010-02-01 14:51:01 ----D---- C:\Windows\system32\Tasks 2010-02-01 14:50:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-01 11:55:35 ----HD---- C:\Windows\system32\GroupPolicy 2010-02-01 11:55:35 ----D---- C:\ProgramData 2010-01-29 22:13:06 ----D---- C:\Program Files\Google 2010-01-28 00:19:27 ----D---- C:\Windows\winsxs 2010-01-27 20:28:11 ----D---- C:\Windows\system32\catroot 2010-01-26 23:52:08 ----SHD---- C:\Windows\Installer 2010-01-26 22:58:36 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-01-26 22:58:35 ----D---- C:\Windows\inf 2010-01-26 22:10:52 ----D---- C:\Windows\system32\drivers 2010-01-22 17:11:03 ----D---- C:\Windows\Debug 2010-01-22 14:45:21 ----D---- C:\Windows\system32\migration 2010-01-21 20:51:45 ----D---- C:\Windows\system32\catroot2 2010-01-21 10:20:56 ----D---- C:\Program Files\Microsoft Silverlight 2010-01-16 16:48:30 ----D---- C:\ProgramData\Adobe 2010-01-16 16:48:30 ----D---- C:\Program Files\Common Files\Adobe 2010-01-14 21:15:01 ----D---- C:\Users\tini\AppData\Roaming\DNA 2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe 2010-01-13 11:20:25 ----D---- C:\ProgramData\Microsoft Help 2010-01-13 11:19:38 ----D---- C:\Program Files\Windows Mail 2010-01-11 22:46:46 ----D---- C:\Program Files\Yahoo! 2010-01-05 21:38:17 ----D---- C:\Windows\system32\WDI 2010-01-05 20:25:31 ----A---- C:\Windows\system.ini 2010-01-05 20:21:56 ----D---- C:\Windows\system32\config 2010-01-05 20:21:56 ----D---- C:\Boot 2010-01-05 20:17:03 ----D---- C:\Windows\AppPatch 2010-01-05 20:17:02 ----D---- C:\Program Files\Common Files 2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-31 743424] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2009-09-15 37376] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-08 2044896] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-15 7680] R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-10 57856] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400] R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2009-09-15 32768] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2008-04-03 49904] S3 catchme;catchme; \??\C:\cofi\catchme.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208] R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-11-17 224816] R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-11-12 331824] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] S2 gupdate1ca9ed857215824;Google Update Service (gupdate1ca9ed857215824); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-26 133104] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 fsssvc;Windows Live Family Safety-Dienst; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768] S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-11-17 57640] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- |
Zitat:
|
:balla:sry in der Datei 'C:\Windows\temp\gcvx.tmp\svchost.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. aber der temp ordner is ständig ein andrer..... |
mach mal bitte ein Log mit GMER und poste es. |
|
Da ist ein Rootkit noch aktiv! :balla: Wenn Du eine Vista-DVD parat hast: Boote von der Vista-DVD, geh in die Wiederherstellungskonsole / Eingabeaufforderung. Führ diese 2 Befehle aus Code: copy c:\windows\system32\drivers\atapi.sys c:\atapi.badCode: copy X:\i386\atapi.sys C:\windows\system32\drivers\atapi.sysWenn der 2. Befehl erfolgreich war, neu starten (normal Vista von Platte), achte darauf, dass der Virenscanner die Datei c:\atapi.bad in Ruhe lässt!! Diese dann bitte bei Virustotal auswerten lassen. |
okeee......blöde frage: was genau bedeutet booten mit cd? :o |
Vista-DVD einlegen und von dieser den Rechner starten. Evtl. musst Du am Anfang mit der F11- oder F12-Taste in Bootmenü. Wenn von der Vista-DVD gebootet wird, erscheint diese Meldung: Drücken Sie eine beliebige Taste um von der DVD zu starten und Du musst irgendeine Taste (zB Leertaste) drücken... Wenn Du normal Deinen Computer hochfährst, startet Dein Rechner von der Platte. |
oh mann....ich bin zu blöd für sowas :balla: irgendwie funtkioniert das nicht...ich leg die cd ein und ich kann nicht davon starten......:dummguck: |
Steh am Anfang (wenn der Rechner gerade angemacht wurde) was von PRESS F11 FOR BOOT MENU oder so ähnlich? Notfalls musst Du ins BIOS gehen (meistens mit der ENTF Taste oder aber auch F2 bei manchen Rechnern) und dann in der Bootreihenfolge das DVD-ROM-Laufwerk nach ganz oben setzen |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 04:35 Uhr. |
Copyright ©2000-2025, Trojaner-Board