Hintergrund Bild kann nicht mehr angezeigt werden / Zudem Spware-Secure

#0
01.04.2008, 17:48
...neu hier

Beiträge: 1
#1 Hallo

Ich habe das Problem, dass mein Hintergrundbild nicht mehr angezeigt wird. Zudem habe ich das Programm Spyware-Secure auf meinem System.
Ich arbeite mit Vista.


Hier noch das HJT-Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:46, on 20.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Anja\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\LVCOMSX.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Anja\AppData\Local\bexsvje.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Anja\Desktop\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CamWizard] C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [bexsvje] c:\users\anja\appdata\local\bexsvje.exe bexsvje
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldde-ch.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11903 bytes



Und COMBOFIX:

ComboFix 08-03-30.3 - Anja 2008-03-31 16:27:07.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.962 [GMT 2:00]
ausgeführt von:: C:\Users\Anja\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
TimedOut: Windir.dat

((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-31 ))))))))))))))))))))))))))))))
.

2008-03-31 15:44 . 2008-03-31 15:44 <DIR> d-------- C:\ComboFix[1]
2008-03-31 15:19 . 2008-03-31 15:19 <DIR> d-------- C:\Program Files\CCleaner
2008-03-30 19:30 . 2008-03-31 15:23 <DIR> d-------- C:\Users\All Users\Google
2008-03-30 19:29 . 2008-03-31 15:23 <DIR> d-------- C:\Program Files\Google
2008-03-29 17:33 . 2008-03-29 17:34 <DIR> d-------- C:\Users\Anja\Fantasiebilder
2008-03-27 22:38 . 2008-03-27 22:38 <DIR> d-------- C:\Program Files\CleanUp!
2008-03-23 21:29 . 2008-03-23 21:30 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-21 15:50 . 2008-03-21 15:50 <DIR> d-------- C:\Users\Anja\AppData\Roaming\Grisoft
2008-03-21 15:50 . 2008-03-21 15:50 <DIR> d-------- C:\Users\All Users\Grisoft
2008-03-21 15:50 . 2008-03-21 15:50 <DIR> d-------- C:\ProgramData\Grisoft
2008-03-21 15:50 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-20 21:56 . 2008-03-20 21:56 <DIR> d-------- C:\Users\Anja\AppData\Roaming\TeamViewer
2008-03-20 21:55 . 2008-03-20 21:56 <DIR> d-------- C:\Program Files\TeamViewer3
2008-03-20 21:50 . 2008-03-20 21:50 <DIR> d-------- C:\Users\Anja\temp
2008-03-20 21:26 . 2008-03-20 21:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-16 19:04 . 2008-03-16 19:04 530 --a------ C:\Windows\eReg.dat
2008-03-16 19:03 . 2008-03-16 19:03 <DIR> d-------- C:\Program Files\Maxis
2008-03-15 11:49 . 2008-03-15 11:49 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-15 11:49 . 2007-12-04 15:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-03-15 11:49 . 2004-01-09 11:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-03-15 11:49 . 2007-12-04 14:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-03-15 11:49 . 2007-12-04 16:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-03-15 11:49 . 2007-12-04 16:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-03-15 11:49 . 2007-12-04 16:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-03-12 09:12 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 09:12 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 15:41 . 2008-03-25 23:07 <DIR> d-------- C:\Users\Anja\AppData\Roaming\LimeWire
2008-03-11 15:39 . 2008-03-11 15:41 <DIR> d-------- C:\Program Files\LimeWire
2008-03-11 15:39 . 2008-03-21 16:49 <DIR> d-------- C:\Program Files\Java
2008-03-11 15:39 . 2008-03-11 15:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-08 20:47 . 2008-03-08 20:47 <DIR> d-------- C:\Users\All Users\IncrediMail
2008-03-08 20:47 . 2008-03-08 20:48 <DIR> d-------- C:\Users\All Users\IM
2008-03-08 20:47 . 2008-03-08 20:47 <DIR> d-------- C:\ProgramData\IncrediMail
2008-03-08 20:47 . 2008-03-08 20:48 <DIR> d-------- C:\ProgramData\IM
2008-03-08 20:47 . 2008-03-08 20:48 <DIR> d-------- C:\Program Files\IncrediMail
2008-03-04 18:07 . 2008-03-31 15:30 <DIR> d-------- C:\Program Files\Macrogaming
2008-03-03 20:03 . 2008-03-03 20:03 <DIR> d-------- C:\HiTRUSTDrive
2008-03-03 19:06 . 2008-03-03 19:06 <DIR> d-------- C:\Program Files\JoWooD
2008-02-29 17:53 . 2008-03-31 13:41 27,240 --a------ C:\Users\Anja\AppData\Roaming\nvModes.dat
2008-02-29 15:46 . 2008-02-29 15:46 <DIR> d-------- C:\Users\Public\CyberLink
2008-02-29 15:46 . 2008-03-13 10:51 <DIR> d-------- C:\Users\Anja\AppData\Roaming\CyberLink
2008-02-29 14:38 . 2008-02-29 14:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 14:37 . 2008-02-29 14:37 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-02-29 14:37 . 2008-02-29 14:37 <DIR> d-------- C:\ProgramData\WLInstaller
2008-02-29 14:37 . 2008-02-29 14:43 <DIR> d-------- C:\Program Files\Windows Live
2008-02-29 14:28 . 2005-06-08 16:45 86,016 --a------ C:\Windows\System32\vatee.ax
2008-02-29 14:24 . 2005-07-19 18:31 53,248 -ra------ C:\Windows\System32\InstMed.exe
2008-02-29 14:23 . 2008-02-29 14:23 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-02-29 14:23 . 2005-05-27 11:23 2,180,096 --a------ C:\Windows\System32\drivers\lvsvf2.sys
2008-02-29 14:23 . 2005-05-27 11:32 1,317,152 --a------ C:\Windows\System32\drivers\lvcm.sys
2008-02-29 14:23 . 2005-05-27 11:36 372,736 --a------ C:\Windows\System32\LVUI2RC.dll
2008-02-29 14:23 . 1998-11-17 15:44 328,704 --a------ C:\Windows\IsUn0407.exe
2008-02-29 14:23 . 2005-05-27 11:29 204,800 --a------ C:\Windows\System32\LVUI2.dll
2008-02-29 14:23 . 2005-05-27 11:26 204,800 --a------ C:\Windows\System32\lvcodec2.dll
2008-02-29 14:23 . 2005-05-27 11:19 106,496 --a------ C:\Windows\System32\lvcoinst.dll
2008-02-29 14:23 . 2005-05-27 11:31 22,016 --a------ C:\Windows\System32\drivers\LVUSBSta.sys
2008-02-29 14:23 . 2005-05-27 11:10 9,255 --a------ C:\Windows\System32\lvcoinst.ini
2008-02-29 14:12 . 2008-03-02 23:14 16 --a------ C:\Windows\System32\coh.cache
2008-02-29 13:36 . 2008-02-29 13:36 2,923,520 --a------ C:\Windows\explorer.exe
2008-02-29 13:35 . 2008-02-29 13:35 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-29 13:35 . 2008-02-29 13:35 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-29 13:30 . 2008-02-29 13:30 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-02-29 13:30 . 2008-02-29 13:30 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-02-29 13:30 . 2008-02-29 13:30 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-02-29 13:30 . 2008-02-29 13:30 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-02-29 13:30 . 2008-02-29 13:30 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-02-29 13:28 . 2008-02-29 13:28 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-29 13:28 . 2008-02-29 13:28 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-29 13:28 . 2008-02-29 13:28 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-02-29 13:28 . 2008-02-29 13:28 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-29 13:28 . 2008-02-29 13:28 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-29 13:28 . 2008-02-29 13:28 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-29 13:28 . 2008-02-29 13:28 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-29 13:28 . 2008-02-29 13:28 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-29 13:27 . 2008-02-29 13:27 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-02-29 13:27 . 2008-02-29 13:27 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-02-29 13:27 . 2008-02-29 13:27 193,536 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-02-29 13:27 . 2008-02-29 13:27 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys
2008-02-29 13:27 . 2008-02-29 13:27 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-02-29 13:27 . 2008-02-29 13:27 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys
2008-02-29 13:27 . 2008-02-29 13:27 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-02-29 13:27 . 2008-02-29 13:27 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-02-29 13:27 . 2008-02-29 13:27 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-02-29 13:27 . 2008-02-29 13:27 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-02-29 13:26 . 2008-02-29 13:26 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-02-29 13:26 . 2008-02-29 13:26 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-29 13:26 . 2008-02-29 13:26 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-29 13:26 . 2008-02-29 13:26 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-29 13:26 . 2008-02-29 13:26 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-29 13:26 . 2008-02-29 13:26 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-29 13:25 . 2008-02-29 13:25 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-02-29 13:25 . 2008-02-29 13:25 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-02-29 13:25 . 2008-02-29 13:25 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-02-29 13:25 . 2008-02-29 13:25 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-02-29 13:25 . 2008-02-29 13:25 2,048 --a------ C:\Windows\System32\asferror.dll
2008-02-29 13:24 . 2008-02-29 13:24 269,824 --a------ C:\Windows\System32\schannel.dll
2008-02-29 13:24 . 2008-02-29 13:24 220,160 --a------ C:\Windows\System32\ntprint.dll
2008-02-29 13:24 . 2008-02-29 13:24 61,440 --a------ C:\Windows\System32\ntprint.exe
2008-02-29 13:22 . 2008-02-29 13:22 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-02-29 13:22 . 2008-02-29 13:22 84,480 --a------ C:\Windows\System32\INETRES.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 13:30 --------- d-----w C:\ProgramData\Symantec
2008-03-13 06:40 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 06:34 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-02 21:35 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-02 21:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 21:31 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-02 21:31 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-02 21:31 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-02 21:31 --------- d-----w C:\Program Files\Symantec
2008-02-29 13:46 --------- d-----w C:\ProgramData\CyberLink
2008-02-29 12:03 174 --sha-w C:\Program Files\desktop.ini
2008-02-29 11:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-29 11:56 --------- d-----w C:\Program Files\Windows Calendar
2008-02-29 11:36 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-02-29 11:33 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-29 11:23 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-02-29 11:17 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-29 11:17 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-29 11:17 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-29 10:37 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-29 10:37 --------- d-----w C:\Program Files\Realtek
2008-02-29 10:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 10:35 --------- d-----w C:\Program Files\Acer Arcade Deluxe
2008-02-29 10:25 --------- d-sh--w C:\ProgramData\Vorlagen
2008-02-29 10:25 --------- d-sh--w C:\ProgramData\Startmenü
2008-02-29 10:25 --------- d-sh--w C:\ProgramData\Favoriten
2008-02-29 10:25 --------- d-sh--w C:\ProgramData\Dokumente
2008-02-29 10:25 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2008-02-29 10:25 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-29 13:22 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-02 12:46 243072]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-28 10:54 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 06:39 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 06:36 22696]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 14:53 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 14:53 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 14:53 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 11:21 772616]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"CamWizard"="C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe" [2005-05-13 15:42 184320]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-28 11:24:58 535336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9813433C-19D2-4C2B-A1CB-ED550897727A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{443FD6FC-DF16-48F8-87D9-1559431AB8B3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EF6DB405-C6E4-4BCC-9BBC-986FFE4DA449}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{C8EE00CE-7B28-452D-84AC-6CD0ACBF9D18}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{D033DA20-65D1-4A19-80D9-462792854C0E}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{ABD333AC-86BE-4ED9-B1F6-886CED34F64E}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe;)V Wizard
"{DAA96A7E-E689-49CB-9840-598A7BC180DA}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe;)VDivine
"{754D89A5-2BB1-4B48-9330-ED049C8D0BA6}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:play Movie
"{EA54B10E-9D80-4145-8533-FF8436D1740D}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:play Movie Resident Program
"{277B3516-E4E2-4EB1-922E-742FBBB3426F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3BF30B99-F380-4E11-BC5B-8C15C1AE974D}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{6D2A669E-561C-4498-A40A-2B57CD46001E}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{DB49340C-70EA-4301-A5C2-CB53FAC01675}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{15EB1E92-F85B-4DBB-9744-7AAE44858701}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{4116281B-ADB7-4150-8E83-C33C22CF8AD0}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{F20B7BE1-CA59-4D79-8616-B8C06A525BAB}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{E52B005F-19D2-46C0-B5AA-7CEDD501C142}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{95D895AE-0832-4A94-B704-73F0DD350FF0}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080325.002\IDSvix86.sys [2008-02-14 03:51]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 17:51]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 11:53]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 TeamViewer;TeamViewer 3;"C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service []
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 15:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 02:46]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 03:05]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
S3 SiemensSiemensGigUSB(5A)(R);Siemens SiemensGigUSB(5A)(R) Service for Siemens Gigaset USB Adapter 11;C:\Windows\system32\DRIVERS\vn5a8asx.sys [2004-05-26 16:36]

*Newly Created Service* - COMHOST
.
Inhalt des "geplante Tasks" Ordners
"2008-03-21 19:15:23 C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Anja.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 16:31:06
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-31 16:32:01
ComboFix-quarantined-files.txt 2008-03-31 14:31:54
ComboFix2.txt 2008-03-21 19:02:07
11 Verzeichnis(se), 45,798,477,824 Bytes frei
20 Verzeichnis(se), 45,667,004,416 Bytes frei
.
2008-03-30 09:14:55 --- E O F ---


Vielen Dank im voraus.
Seitenanfang Seitenende
01.04.2008, 19:35
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 ViruTotal

Verborgene Dateien sichtbar machen
Arbeitsplatz öffnen >Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren
Und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.

Prüfe mal diese Datei(en) bei VirusTotal

c:\users\anja\appdata\local\bexsvje.exe

Note:Wenn bei ViruTotal die Meldung kommt ” Die Datei wurde bereits analysiert “waehle „Analisiere die Datei“
Stand alone DrWeb
Stand alone Kaspersky
__________
MfG Argus
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: