Prozesse lassen sich nicht fixen sind aber bösartig!

#0
04.01.2008, 10:41
...neu hier

Beiträge: 6
#1 Hallo.
Für einen Teil meines Problems bin ich hier fündig geworden, allerdings nicht für den zweiten Teil.

Wenn ich hijackthis ausführe, sollte ich vier "zeilen" (ich habe keine ahnung von computern) fixen. leider klappt das nicht.
zudem bekomme ich folgende fehlermeldung während hijackthis läuft:

kein zugriff auf c:/windows/System32/drivers/host

Error #75 - Path/File access error


Anbei mein logfile:
Logfile of HijackThis v1.99.1
Scan saved at 10:32:05, on 04.01.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\meier\AppData\Local\Temp\Temp3_hijackthis_199[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntv.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: avsda.dll
O10 - Unknown file in Winsock LSP: avsda.dll
O10 - Unknown file in Winsock LSP: avsda.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7A3DD44-E4CE-4A9A-A721-567A936EFAEA}: NameServer = 194.48.139.254 194.48.124.202
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)




Bitte wer kann mir helfen....
Seitenanfang Seitenende
04.01.2008, 11:04
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#2 Hallo,

warum willst du den host fixen ? Der ist i.o. - also kein Problem...
was willst du denn sonst noch fixen ?

Man muss mit HijacktHis vorsichtig sein - einfach losklicken, ohne zu wissen, was man tut - ist nicht angebracht....
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
04.01.2008, 11:21
...neu hier

Themenstarter

Beiträge: 6
#3 hallo.

ich will diese vier fixen weil hijackthis sie als böse einstuft.

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)



habe ebenfalls combofix rüberlaufen lassen, kann aber nichts anfangen damit.......

ComboFix 08-01-04.1 - meier 2008-01-04 11:01:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.193 [GMT 1:00]
ausgeführt von:: C:\Users\meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQ82SJK8\ComboFix[1].exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_install.exe nicht gefunden

.
((((((((((((((((((((((( Dateien erstellt von 2007-12-04 bis 2008-01-04 ))))))))))))))))))))))))))))))
.

2008-01-04 10:59 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-03 23:46 . 2008-01-03 23:46 <DIR> d-------- C:\Users\meier\AppData\Roaming\PC Tools
2008-01-03 23:46 . 2008-01-04 09:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-03 23:46 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-03 23:46 . 2007-10-04 17:10 79,688 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-01-03 23:46 . 2007-10-04 17:10 62,280 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-01-03 23:46 . 2007-10-04 17:10 41,288 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-01-03 23:46 . 2007-10-04 17:11 29,000 --a------ C:\Windows\System32\drivers\kcom.sys
2008-01-03 23:44 . 2008-01-04 09:37 <DIR> d-------- C:\Users\All Users\Google Updater
2008-01-03 23:44 . 2008-01-04 09:37 <DIR> d-------- C:\ProgramData\Google Updater
2008-01-03 21:38 . 2008-01-04 09:32 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-03 21:38 . 2008-01-04 09:32 <DIR> d-a------ C:\ProgramData\TEMP
2008-01-03 21:38 . 2008-01-04 09:26 <DIR> d-------- C:\Program Files\MalwareBurn 7.3
2007-12-21 17:45 . 2007-07-11 11:13 101,376 --a------ C:\Windows\System32\drivers\ewusbmdm.sys
2007-12-21 17:45 . 2007-07-11 11:11 23,424 --a------ C:\Windows\System32\drivers\ewdcsc.sys
2007-12-21 17:44 . 2007-12-21 17:44 <DIR> d-------- C:\Program Files\Huawei technologies
2007-12-16 17:03 . 2007-12-16 17:03 <DIR> d-------- C:\Users\All Users\LightScribe
2007-12-16 17:03 . 2007-12-16 17:03 <DIR> d-------- C:\ProgramData\LightScribe
2007-12-12 15:57 . 2007-12-12 15:57 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-12 15:55 . 2007-12-12 15:55 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl
2007-12-12 15:54 . 2007-12-12 15:54 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-12 15:54 . 2007-12-12 15:54 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-12 15:53 . 2007-12-12 15:53 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-10 22:12 . 2007-12-10 22:12 <DIR> d-------- C:\Users\meier\AppData\Roaming\PeerNetworking
2007-12-07 21:12 . 2007-12-07 21:12 <DIR> d-------- C:\Program Files\Real
2007-12-07 21:12 . 2007-12-07 21:12 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-07 21:12 . 2007-12-07 21:12 <DIR> d-------- C:\Program Files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 22:44 --------- d-----w C:\Program Files\Google
2007-12-21 16:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 20:49 --------- d-----w C:\Users\meier\AppData\Roaming\Skype
2007-12-12 14:56 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 14:56 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 14:55 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 14:55 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 14:55 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 14:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 14:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 14:55 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 14:55 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-03 16:22 --------- d-----w C:\Program Files\CCleaner
2007-12-03 16:21 2,724,328 ----a-w C:\Users\meier\ccsetup203.exe
2007-12-03 16:07 266,143 ----a-w C:\Users\meier\Setup_ClearProg_1.5.0_Final.exe
2007-11-23 17:02 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-11-23 12:38 --------- d-----w C:\ProgramData\SBT
2007-11-23 12:38 --------- d-----w C:\Program Files\Snapshot Viewer
2007-11-23 12:37 --------- d-----w C:\Program Files\Microsoft FrontPage
2007-11-23 12:25 --------- d-----w C:\ProgramData\Microsoft Help
2007-11-23 12:25 --------- d-----w C:\Program Files\Microsoft Works
2007-11-20 20:45 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 20:05 --------- d-----w C:\ProgramData\Lavasoft
2007-11-20 20:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 13:52 --------- d-----w C:\Users\meier\AppData\Roaming\Leadertech
2007-11-20 13:27 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-19 16:09 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-19 16:07 --------- d-----w C:\Users\meier\AppData\Roaming\AdobeUM
2007-11-18 13:58 --------- d-----w C:\Program Files\Java
2007-11-18 13:55 --------- d-----w C:\Program Files\Common Files\Java
2007-11-18 08:34 --------- d-----w C:\Program Files\ClearProg
2007-11-16 07:11 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-16 07:11 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-16 07:11 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-16 07:11 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-16 07:11 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-16 07:11 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-16 07:11 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-16 07:11 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-16 07:11 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-16 07:11 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-16 07:10 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-16 07:09 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-16 07:09 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-16 07:09 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-16 07:09 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-16 07:09 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-16 07:09 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-16 07:09 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-16 07:09 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-16 07:09 --------- d-----w C:\Program Files\Windows Mail
2007-11-13 12:49 --------- d-----w C:\Users\meier\AppData\Roaming\Creative
2007-11-11 18:00 --------- d-----w C:\Program Files\Mindjet
2007-11-11 07:32 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-10 13:52 --------- d-----w C:\Program Files\Creative
2007-11-10 13:39 --------- d-----w C:\ProgramData\Creative
2007-11-10 08:46 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-10 08:46 --------- d-----w C:\Program Files\Windows Live
2007-11-10 08:40 --------- d-----w C:\ProgramData\WLInstaller
2007-11-10 08:23 --------- d-----w C:\Program Files\Yahoo!
2007-11-10 08:21 --------- d-----w C:\Program Files\Symantec
2007-11-10 08:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-10 08:20 --------- d-----w C:\ProgramData\Symantec
2007-11-09 12:23 --------- d-----w C:\Users\meier\AppData\Roaming\AntiVir PersonalEdition Premium
2007-11-09 12:15 --------- d-----w C:\ProgramData\Avira
2007-11-09 12:15 --------- d-----w C:\Program Files\Avira
2007-11-09 12:00 --------- d-----w C:\ProgramData\Skype
2007-11-09 12:00 --------- d-----w C:\Program Files\Skype
2007-11-09 12:00 --------- d-----w C:\Program Files\Common Files\Skype
2007-11-09 11:48 --------- d-----w C:\ProgramData\Yahoo!
2007-11-08 21:49 174 --sha-w C:\Program Files\desktop.ini
2007-11-08 18:53 --------- d-----w C:\Program Files\Windows Calendar
2007-11-08 18:52 --------- d-----w C:\Program Files\Windows Defender
2007-11-08 18:51 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-08 18:51 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-08 18:51 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-08 18:51 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-08 18:51 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-08 18:51 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-08 18:51 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-08 18:51 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-08 18:51 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-08 18:51 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-08 18:51 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-08 18:51 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-08 18:51 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-08 18:51 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-08 18:51 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-08 18:51 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-08 18:51 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-08 18:51 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-08 18:51 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-11-08 18:50 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-11-08 18:50 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-11-08 18:50 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-11-08 18:49 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-11-08 18:49 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-11-08 18:44 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-08 18:44 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-08 18:44 414,208 ----a-w C:\Windows\System32\msscp.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-08 19:47 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 10:07 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 09:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-06 07:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-06 07:21 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-06 07:21 81920]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2007-11-09 13:17 249896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-07 21:12 185896]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-18 04:42:57]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-03 23:44:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2007-11-09 13:17]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard Hilfsdienst;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2007-11-09 13:17]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fc440f2-afe3-11dc-aaf4-001921eb6dc8}]
\shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fc44118-afe3-11dc-aaf4-001921eb6dc8}]
\shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0fda60f-ba40-11dc-8e15-001921eb6dc8}]
\shell\AutoRun\command - J:\AutoRun.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 11:05:22
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-04 11:07:05
.
2008-01-04 07:50:00 --- E O F ---
Seitenanfang Seitenende
04.01.2008, 13:59
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#4 mefa

in den Texteditor kopieren - CFScript.txt nennen und mit der rechten Maustaste auf das Symbol von Combofix ziehen

Zitat

Folder::
C:\Program Files\MalwareBurn 7.3


dann noch mal die Combofix anwenden
tippe 1
in C:\ComboFix.txt ist alles gespeichert, kopiere es ab - und poste es hier


«
scanne mit panda und kopiere den Scanreport hier
http://board.protecus.de/t8642.htm
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
04.01.2008, 17:37
...neu hier

Themenstarter

Beiträge: 6
#5 hier ist es:
ich hoffe jemand kann damit was anfangen und mir weiterhelfen....



ComboFix 08-01-04.1 - meier 2008-01-04 17:28:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.252 [GMT 1:00]
ausgeführt von:: C:\Users\meier\Desktop\ComboFix.exe
Command switches used :: C:\Users\meier\Documents\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_install.exe nicht gefunden
C:\Users\meier\AppData\Roaming\setup_en[1].exe

.
((((((((((((((((((((((( Dateien erstellt von 2007-12-04 bis 2008-01-04 ))))))))))))))))))))))))))))))
.

2008-01-04 17:21 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-03 23:46 . 2008-01-03 23:46 <DIR> d-------- C:\Users\meier\AppData\Roaming\PC Tools
2008-01-03 23:46 . 2008-01-05 02:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-03 23:46 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-03 23:46 . 2007-10-04 17:10 79,688 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-01-03 23:46 . 2007-10-04 17:10 62,280 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-01-03 23:46 . 2007-10-04 17:10 41,288 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-01-03 23:46 . 2007-10-04 17:11 29,000 --a------ C:\Windows\System32\drivers\kcom.sys
2008-01-03 23:44 . 2008-01-04 17:14 <DIR> d-------- C:\Users\All Users\Google Updater
2008-01-03 23:44 . 2008-01-04 17:14 <DIR> d-------- C:\ProgramData\Google Updater
2008-01-03 21:38 . 2008-01-04 17:17 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-03 21:38 . 2008-01-04 17:17 <DIR> d-a------ C:\ProgramData\TEMP
2007-12-21 17:45 . 2007-07-11 11:13 101,376 --a------ C:\Windows\System32\drivers\ewusbmdm.sys
2007-12-21 17:45 . 2007-07-11 11:11 23,424 --a------ C:\Windows\System32\drivers\ewdcsc.sys
2007-12-21 17:44 . 2007-12-21 17:44 <DIR> d-------- C:\Program Files\Huawei technologies
2007-12-16 17:03 . 2007-12-16 17:03 <DIR> d-------- C:\Users\All Users\LightScribe
2007-12-16 17:03 . 2007-12-16 17:03 <DIR> d-------- C:\ProgramData\LightScribe
2007-12-12 15:57 . 2007-12-12 15:57 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-12 15:55 . 2007-12-12 15:55 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl
2007-12-12 15:54 . 2007-12-12 15:54 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-12 15:54 . 2007-12-12 15:54 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-12 15:53 . 2007-12-12 15:53 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-10 22:12 . 2007-12-10 22:12 <DIR> d-------- C:\Users\meier\AppData\Roaming\PeerNetworking
2007-12-07 21:12 . 2007-12-07 21:12 <DIR> d-------- C:\Program Files\Real
2007-12-07 21:12 . 2007-12-07 21:12 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-07 21:12 . 2007-12-07 21:12 <DIR> d-------- C:\Program Files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 22:44 --------- d-----w C:\Program Files\Google
2007-12-21 16:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 20:49 --------- d-----w C:\Users\meier\AppData\Roaming\Skype
2007-12-12 14:56 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 14:56 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 14:55 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 14:55 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 14:55 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 14:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 14:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 14:55 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 14:55 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-03 16:22 --------- d-----w C:\Program Files\CCleaner
2007-12-03 16:21 2,724,328 ----a-w C:\Users\meier\ccsetup203.exe
2007-12-03 16:07 266,143 ----a-w C:\Users\meier\Setup_ClearProg_1.5.0_Final.exe
2007-11-23 17:02 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-11-23 12:38 --------- d-----w C:\ProgramData\SBT
2007-11-23 12:38 --------- d-----w C:\Program Files\Snapshot Viewer
2007-11-23 12:37 --------- d-----w C:\Program Files\Microsoft FrontPage
2007-11-23 12:25 --------- d-----w C:\ProgramData\Microsoft Help
2007-11-23 12:25 --------- d-----w C:\Program Files\Microsoft Works
2007-11-20 20:45 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 20:05 --------- d-----w C:\ProgramData\Lavasoft
2007-11-20 20:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 13:52 --------- d-----w C:\Users\meier\AppData\Roaming\Leadertech
2007-11-20 13:27 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-19 16:09 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-19 16:07 --------- d-----w C:\Users\meier\AppData\Roaming\AdobeUM
2007-11-18 13:58 --------- d-----w C:\Program Files\Java
2007-11-18 13:55 --------- d-----w C:\Program Files\Common Files\Java
2007-11-18 08:34 --------- d-----w C:\Program Files\ClearProg
2007-11-16 07:11 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-16 07:11 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-16 07:11 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-16 07:11 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-16 07:11 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-16 07:11 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-16 07:11 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-16 07:11 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-16 07:11 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-16 07:11 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-16 07:10 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-16 07:09 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-16 07:09 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-16 07:09 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-16 07:09 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-16 07:09 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-16 07:09 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-16 07:09 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-16 07:09 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-16 07:09 --------- d-----w C:\Program Files\Windows Mail
2007-11-13 12:49 --------- d-----w C:\Users\meier\AppData\Roaming\Creative
2007-11-11 18:00 --------- d-----w C:\Program Files\Mindjet
2007-11-11 07:32 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-10 13:52 --------- d-----w C:\Program Files\Creative
2007-11-10 13:39 --------- d-----w C:\ProgramData\Creative
2007-11-10 08:46 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-10 08:46 --------- d-----w C:\Program Files\Windows Live
2007-11-10 08:40 --------- d-----w C:\ProgramData\WLInstaller
2007-11-10 08:23 --------- d-----w C:\Program Files\Yahoo!
2007-11-10 08:21 --------- d-----w C:\Program Files\Symantec
2007-11-10 08:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-10 08:20 --------- d-----w C:\ProgramData\Symantec
2007-11-09 12:23 --------- d-----w C:\Users\meier\AppData\Roaming\AntiVir PersonalEdition Premium
2007-11-09 12:15 --------- d-----w C:\ProgramData\Avira
2007-11-09 12:15 --------- d-----w C:\Program Files\Avira
2007-11-09 12:00 --------- d-----w C:\ProgramData\Skype
2007-11-09 12:00 --------- d-----w C:\Program Files\Skype
2007-11-09 12:00 --------- d-----w C:\Program Files\Common Files\Skype
2007-11-09 11:48 --------- d-----w C:\ProgramData\Yahoo!
2007-11-08 21:49 174 --sha-w C:\Program Files\desktop.ini
2007-11-08 18:53 --------- d-----w C:\Program Files\Windows Calendar
2007-11-08 18:52 --------- d-----w C:\Program Files\Windows Defender
2007-11-08 18:51 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-08 18:51 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-08 18:51 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-08 18:51 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-08 18:51 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-08 18:51 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-08 18:51 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-08 18:51 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-08 18:51 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-08 18:51 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-08 18:51 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-08 18:51 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-08 18:51 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-08 18:51 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-08 18:51 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-08 18:51 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-08 18:51 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-08 18:51 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-08 18:51 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-11-08 18:50 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-11-08 18:50 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-11-08 18:50 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-11-08 18:49 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-11-08 18:49 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-11-08 18:44 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-08 18:44 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-08 18:44 414,208 ----a-w C:\Windows\System32\msscp.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-08 19:47 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 10:07 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 09:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-06 07:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-06 07:21 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-06 07:21 81920]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2007-11-09 13:17 249896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-07 21:12 185896]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-18 04:42:57]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-03 23:44:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2007-11-09 13:17]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard Hilfsdienst;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2007-11-09 13:17]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fc440f2-afe3-11dc-aaf4-001921eb6dc8}]
\shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fc44118-afe3-11dc-aaf4-001921eb6dc8}]
\shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0fda60f-ba40-11dc-8e15-001921eb6dc8}]
\shell\AutoRun\command - J:\AutoRun.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 17:32:22
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-04 17:34:15
ComboFix-quarantined-files.txt 2008-01-04 16:34:08
ComboFix2.txt 2008-01-04 10:07:08
.
2007-12-29 08:38:05 --- E O F ---
Seitenanfang Seitenende
04.01.2008, 18:16
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#6 ««
http://www.virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

{02478D38-C3F9-4EFB-9B51-7695ECA05670}

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

{7E853D72-626A-48EC-A868-BA8D5E23E045}

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: