AntiSpywareExpert - Web Technologies |
||
---|---|---|
#0
| ||
12.07.2008, 19:17
Member
Beiträge: 61 |
||
|
||
12.07.2008, 19:35
Moderator
Beiträge: 7805 |
#2
Ueberpruefe C:\Windows\System32\acovcnt.exe bei Virustotal und poste das komplette Ergebniss...
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
12.07.2008, 19:50
Member
Themenstarter Beiträge: 61 |
#3
ich hoffe das ist das richtige
Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.7.11.0 2008.07.11 - AntiVir 7.8.0.64 2008.07.11 - Authentium 5.1.0.4 2008.07.11 - Avast 4.8.1195.0 2008.07.12 - AVG 7.5.0.516 2008.07.12 - BitDefender 7.2 2008.07.12 - CAT-QuickHeal 9.50 2008.07.11 - ClamAV 0.93.1 2008.07.11 - DrWeb 4.44.0.09170 2008.07.12 - eSafe 7.0.17.0 2008.07.10 - eTrust-Vet 31.6.5949 2008.07.12 - Ewido 4.0 2008.07.12 - F-Prot 4.4.4.56 2008.07.11 - F-Secure 7.60.13501.0 2008.07.12 - Fortinet 3.14.0.0 2008.07.12 - GData 2.0.7306.1023 2008.07.12 - Ikarus T3.1.1.26.0 2008.07.12 - Kaspersky 7.0.0.125 2008.07.12 - McAfee 5337 2008.07.11 - Microsoft 1.3704 2008.07.12 - NOD32v2 3263 2008.07.11 - Norman 5.80.02 2008.07.11 - Panda 9.0.0.4 2008.07.12 - Prevx1 V2 2008.07.12 - Rising 20.52.52.00 2008.07.12 - Sophos 4.31.0 2008.07.12 - Sunbelt 3.1.1536.1 2008.07.12 - Symantec 10 2008.07.12 - TheHacker 6.2.96.376 2008.07.10 - TrendMicro 8.700.0.1004 2008.07.11 - VBA32 3.12.6.9 2008.07.12 - VirusBuster 4.5.11.0 2008.07.12 - Webwasher-Gateway 6.6.2 2008.07.11 - weitere Informationen File size: 45056 bytes MD5...: 6bcaf46e2b7fa9ace92b4d39f3037c5c SHA1..: 6d5a81e3cf59832d73f28d6e87f51d073c3e4095 SHA256: aaf659e3d38ad04848a9c3ed6250b30dc13acc8ac9f527a11f0c14e6ec8735b2 SHA512: 03b62753530e1adba2af3feede5e3903d41d8b102289bb03f4ad2520ead6ec9c aea29acae81846eb4484310c0bc1c0a69934a02fadb1a015383e0ebee7c007f3 PEiD..: Armadillo v1.71 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401613 timedatestamp.....: 0x425539fb (Thu Apr 07 13:47:39 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x4ee6 0x5000 6.60 f7aa46b67e4004a80db01ad39b5c4bd7 .rdata 0x6000 0xb32 0x1000 4.20 f3ceef6b97b6aad02714644497ad4da9 .data 0x7000 0x413c 0x3000 0.56 af4abe2835a3f5bf87330b627a696dbf .rsrc 0xc000 0xc0 0x1000 0.14 c85d6206afcdfed0fe16bdc48441d945 ( 5 imports ) > DDRAW.dll: DirectDrawCreateEx > KERNEL32.dll: CreateEventA, SetEvent, CloseHandle, GetModuleFileNameA, SetHandleCount, GetStdHandle, GetEnvironmentStringsW, SetStdHandle, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, FlushFileBuffers, LCMapStringW, LCMapStringA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, HeapDestroy, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetCPInfo, HeapFree, RtlUnwind, GetFileType, GetEnvironmentVariableA, GetVersionExA, MultiByteToWideChar, HeapCreate, VirtualFree, GetStringTypeA, WriteFile, SetFilePointer, GetLastError, GetStringTypeW, HeapAlloc > USER32.dll: TranslateMessage, DispatchMessageA, CreateWindowExA, TranslateAcceleratorA, GetMessageA, LoadStringA, RegisterClassExA, DefWindowProcA, PostQuitMessage, LoadCursorA, LoadIconA > ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegDeleteValueA, RegCreateKeyA > ole32.dll: CoInitializeEx, CoUninitialize ( 0 exports ) |
|
|
||
12.07.2008, 20:24
Moderator
Beiträge: 7805 |
#4
Ja, das ist richtig. Schicke die Datei bitte an virus@protecus.de
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
12.07.2008, 21:24
Member
Themenstarter Beiträge: 61 |
#5
meinst du jetzt das was ich überprüfen sollte?
ich schick einfach mal |
|
|
||
12.07.2008, 23:55
Ehrenmitglied
Beiträge: 29434 |
#6
Kipcha
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere in das weisse Feld: Zitat Registry values to delete:schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten) Klicke: Execute bestätige, dass der Rechner neu gestartet wird - klicke "yes" ----------- nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt),kopiere es ab - mit rechtem Mausklick - kopieren - einfügen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.07.2008, 14:15
Member
Themenstarter Beiträge: 61 |
#7
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\Windows\System32\ubpr01.exe" not found! Deletion of file "C:\Windows\System32\ubpr01.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Windows\system32\acovcnt.exe" deleted successfully. Error: folder "C:\Program Files\AntiSpywareExpert" not found! Deletion of folder "C:\Program Files\AntiSpywareExpert" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Folder "C:\Program Files\Enigma Software Group" deleted successfully. Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AntiSpywareExpert" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AntiSpywareExpert" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
|
|
||
13.07.2008, 14:21
Ehrenmitglied
Beiträge: 29434 |
#8
von meiner Seite sollte alles wieder o.k. sein.
Gibt es noch Probleme mit dem Rechner ? Popups ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.07.2008, 14:31
Member
Themenstarter Beiträge: 61 |
#9
kaspersky zeigt aber immer noch an das der Computer gefährdet sein soll. was könnte das sein?
ich kann trotzdem nichts desinfizieren oder löschen was wohl an der testversion liegt. kann ich das auch irgendwie anders machen. es ist noch ein Problem aufgetreten. Seit ich diesen Avenger runtergeladen habe, ist ist mein Desktophintergrund rot und es lässt sich kein anderer einstellen außerdem werden die Symbole in der Miniaturansicht nicht angezeigt. und ich kann nichts mehr runterladen (download dauert nur wenige sekunden und ist unvollständig) Dieser Beitrag wurde am 13.07.2008 um 17:03 Uhr von Kipcha editiert.
|
|
|
||
13.07.2008, 18:03
Ehrenmitglied
Beiträge: 29434 |
#10
scanne noch mal mit malwarebytes, am besten im abgesicherten modus + berichte
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.07.2008, 19:35
Member
Themenstarter Beiträge: 61 |
#11
Malwarebytes' Anti-Malware 1.20
Datenbank Version: 930 Windows 6.0.6000 17:27:16 12.07.2008 mbam-log-7-12-2008 (17-27-16).txt Scan Art: Komplett Scan (C:\|D:\|) Objekte gescannt: 120943 Scan Dauer: 32 minute(s), 46 second(s) Infizierte Speicher Prozesse: 3 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 13 Infizierte Registrierungswerte: 17 Infizierte Datei Objekte der Registrierung: 14 Infizierte Verzeichnisse: 3 Infizierte Dateien: 9 Infizierte Speicher Prozesse: C:\Program Files\Web Technologies\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\Web Technologies\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\WAV\wav.exe (Rogue.WindowsAntivirus2008) -> Unloaded process successfully. Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot. Infizierte Datei Objekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Program Files\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\AAV (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WAV (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Program Files\Web Technologies\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Web Technologies\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\AAV\aav.cpl (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Program Files\AAV\aav.exe (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Program Files\AAV\aav.ooo (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Program Files\AAV\aav0.dat (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Program Files\AAV\aav1.dat (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WAV\wav.exe (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully. C:\Users\Batteux\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. |
|
|
||
13.07.2008, 20:53
Ehrenmitglied
Beiträge: 29434 |
#12
nun poste bitte ein neues Log von Combofix
http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.07.2008, 21:22
Member
Themenstarter Beiträge: 61 |
#13
Combofix funktionert nicht mehr. das Programm lässt sich öffnen, aber dann bleibt es irgendwann hängen. was soll ich jetzt machen.
|
|
|
||
13.07.2008, 21:24
Ehrenmitglied
Beiträge: 29434 |
#14
lade sdfix
http://virus-protect.org/artikel/tools/sdfix.html im normalmodus: RunThis.bat doppelt klicken schreibe rein: A poste dann den systemreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.07.2008, 21:37
Member
Themenstarter Beiträge: 61 |
#15
System Report
************* Run on 2008-07-13 at 21:34 Microsoft Windows [Version 6.0.6000] Current user is not an administrator Running Processes: C:\Windows\system32\Dwm.exe [284] C:\Windows\Explorer.EXE [488] C:\Windows\system32\taskeng.exe [432] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [360] C:\Windows\RtHDVCpl.exe [1216] C:\Program Files\ASUS\ATK Media\DMedia.exe [2068] C:\Program Files\Apoint2K\Apoint.exe [2076] C:\Program Files\PowerForPhone\PowerForPhone.exe [2088] C:\Windows\ASScrPro.exe [2104] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE [2140] C:\Program Files\FlashGet\flashget.exe [2148] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2176] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2196] C:\Program Files\Windows Sidebar\sidebar.exe [2224] C:\Windows\ehome\ehtray.exe [2232] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2240] C:\Program Files\Windows Media Player\wmpnscfg.exe [2248] C:\Windows\ehome\ehmsas.exe [2568] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2752] C:\Program Files\Mozilla Firefox\firefox.exe [2960] C:\Program Files\Apoint2K\Apntex.exe [1448] C:\Program Files\Apoint2K\HidFind.exe [1248] C:\Program Files\Apoint2K\Apvfb.exe [3880] C:\Windows\system32\conime.exe [1528] Drivers - Running: ACPI AFD AsDsm ASMMAP atapi Beep bowser cdrom CLFS Compbatt crcdisk DfsC disk Ecache FileInfo FltMgr ghaio HTTP i8042prt kbdclass kl1 klbg KLIF KLIM6 KSecDD lltdio luafv mouclass MountMgr mpsdrv MRxDAV mrxsmb mrxsmb10 mrxsmb20 Msfs msisadrv Mup NativeWifiP NDIS Ndisuio NetBIOS netbt Npfs nsiproxy Null partmgr pci pciide PEAUTH PSched RasAcd rdbss RDPCDD RDPENCDD rimmptsk rimsptsk rismxdp rspndr secdrv Smb spldr srv srv2 srvnet Tcpip tcpipreg tdx TermDD VgaSave volmgr volmgrx volsnap Wanarpv6 Wdf01000 Drivers - Stopped: adp94xx adpahci adpu160m adpu320 agp440 aic78xx aliide amdagp amdide AmdK7 AmdK8 ApfiltrService arc arcsas AsyncMac athr atikmdag blbdrive BrFiltLo BrFiltUp Brserid BrSerWdm BrUsbMdm BrUsbSer BthEnum BTHMODEM BthPan BTHPORT BTHUSB cdfs circlass CmBatt cmdide Crusoe drmkaud DXGKrnl E1G60 elxstor fastfat fdc Filetrace flpydisk gagp30kx HdAudAddService HDAudBus HidBth HidIr HidUsb HpCISSs i2omp iaStorV iirsp IntcAzAudAddService intelide intelppm IpFilterDriver IpInIp IPMIDRV IPNAT IRENUM isapnp iScsiPrt iteatapi iteraid kbdhid kbfiltr LSI_FC LSI_SAS LSI_SCSI megasas Modem MODEMCSA monitor mouhid mpio Mraid35x msahci msdsm MSKSSRV MSPCLOCK MSPQM MsRPC mssmbios MSTEE MTsensor NdisTapi NdisWan NDProxy NETw3v32 nfrd960 Ntfs ntrigdigi nvlddmkm nvraid nvstor nv_agp NwlnkFlt NwlnkFwd ohci1394 Parport Parvdm pcmcia PptpMiniport Processor ql2300 ql40xx QWAVEdrv Rasl2tp RasPppoe rdpdr RDPWD RFCOMM RTL8169 sbp2port sdbus Serenum Serial sermouse sffdisk sffp_mmc sffp_sd sfloppy sisagp SiSRaid2 SiSRaid4 smserial SNP2UVC swenum Symc8xx Sym_hi Sym_u3 Tcpip6 TDPIPE TDTCP TPM tssecsrv tunmp tunnel uagp35 udfs uliagpkx uliahci UlSata ulsata2 umbus usbccgp usbcir usbehci usbhub usbohci usbprint USBSTOR usbuhci usbvideo vga viaagp ViaC7 viaide vsmraid WacomPen Wanarp Wd WmiAcpi ws2ifsl WUDFRd Services - Running: ADSMService AeLookupSvc Appinfo ASLDRService Ati ATKGFNEXSrv AudioEndpointBuilder Audiosrv AVP BFE BITS Browser BthServ CryptSvc DcomLaunch Dhcp DPS EapHost EMDMgmt Eventlog EventSystem fdPHost FDResPub gpsvc IKEEXT iphlpsvc KeyIso KtmRm LanmanServer LanmanWorkstation LightScribeService lmhosts MMCSS MpsSvc Netman netprofm NlaSvc nsi PcaSvc PlugPlay PolicyAgent ProfSvc RasMan RpcSs SamSs Schedule seclogon SENS ShellHWDetection slsvc spmgr Spooler SSDPSRV stisvc SysMain TabletInputService TapiSrv TermService Themes TrkWks upnphost UxSms W32Time WdiSystemHost WebClient WerSvc WinDefend WinHttpAutoProxySvc Winmgmt Wlansvc WMPNetworkSvc WPDBusEnum wscsvc WSearch wuauserv wudfsvc Services - Stopped: ALG CertPropSvc clr_optimization_v2.0.50727_32 COMSysApp DFSR Dnscache dot3svc ehRecvr ehSched ehstart FontCache3.0.0.0 hidserv hkmsvc idsvc IPBusEnum lltdsvc Mcx2Svc MSDTC MSiSCSI msiserver napagent Netlogon NetTcpPortSharing NMIndexingService odserv ose p2pimsvc p2psvc pla PNRPAutoReg PNRPsvc ProtectedStorage QWAVE RasAuto RemoteAccess RemoteRegistry RpcLocator SCardSvr SCPolicySvc SDRSVC SessionEnv SharedAccess SLUINotify SNMPTRAP swprv TBS THREADORDER TrustedInstaller UI0Detect vds VSS wcncsvc WcsPlugInService WdiServiceHost Wecsvc wercplsupport WinRM wmiApSrv WPCSvc Files Created/Modified - 60 Days: C:\ 13 Jul 2008 14:08:48 2.616 A.... "C:\avenger.txt" 13 Jul 2008 14:08:48 2.616 A.... "C:\avenger.txt" 13 Jul 2008 21:14:40 5.067 A.... "C:\Bug.txt" 13 Jul 2008 21:20:12 2.146.656.256 A.SH. "C:\hiberfil.sys" 13 Jul 2008 21:20:10 2.460.581.888 A.SH. "C:\pagefile.sys" C:\Windows\ 13 Jul 2008 21:20:16 67.584 A.S.. "C:\Windows\bootstat.dat" 13 Jul 2008 18:49:52 12 A.... "C:\Windows\bthservsdp.dat" 13 Jul 2008 14:09:34 256.437.154 A.... "C:\Windows\MEMORY.DMP" 12 Jul 2008 17:30:48 69 A.... "C:\Windows\NeroDigital.ini" 13 Jul 2008 19:20:02 126.484 A.... "C:\Windows\ntbtlog.txt" 13 Jul 2008 21:20:10 1.632 A.... "C:\Windows\PFRO.log" 12 Jul 2008 19:54:06 34 A.... "C:\Windows\setupact.log" 12 Jul 2008 19:54:06 0 A.... "C:\Windows\setuperr.log" 12 Jul 2008 18:49:38 215 A.... "C:\Windows\system.ini" 13 Jul 2008 21:15:58 1.964.001 A.... "C:\Windows\WindowsUpdate.log" 9 Jul 2008 3:08:48 749 A..HR "C:\Windows\WindowsShell.Manifest" 13 Jul 2008 21:20:16 0 A.... "C:\Windows\Debug\PASSWD.LOG" 5 Jul 2008 3:06:14 34.598 A.... "C:\Windows\inf\bth.inf" 5 Jul 2008 3:06:14 39.712 A.... "C:\Windows\inf\bth.PNF" 5 Jul 2008 3:06:14 665.600 A.... "C:\Windows\inf\drvindex.dat" 12 Jul 2008 13:54:30 1.803.648 A.... "C:\Windows\inf\INFCACHE.1" 12 Jul 2008 13:54:30 51.200 A.... "C:\Windows\inf\infpub.dat" 12 Jul 2008 13:54:30 86.016 A.... "C:\Windows\inf\infstor.dat" 12 Jul 2008 13:54:30 86.016 A.... "C:\Windows\inf\infstrng.dat" 12 Jul 2008 13:54:28 2.811 A.... "C:\Windows\inf\oem13.inf" 12 Jul 2008 13:54:34 8.620 A.... "C:\Windows\inf\oem13.PNF" 12 Jul 2008 19:54:04 13.968 A.... "C:\Windows\inf\setupapi.ev1" 12 Jul 2008 19:54:04 15.896 A.... "C:\Windows\inf\setupapi.ev2" 12 Jul 2008 19:54:04 86.016 A.... "C:\Windows\inf\setupapi.ev3" 13 Jul 2008 21:23:12 846.930 A.... "C:\Windows\inf\setupapi.app.log" 12 Jul 2008 19:54:06 7.772.423 A.... "C:\Windows\inf\setupapi.dev.log" 13 Jul 2008 21:20:26 3.072 A..H. "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0" 13 Jul 2008 21:20:26 3.072 A..H. "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0" 13 Jul 2008 21:20:26 3.072 A..H. "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0" 13 Jul 2008 14:09:12 45.056 A.... "C:\Windows\System32\acovcnt.exe" 12 Jul 2008 1:41:14 3 A.... "C:\Windows\System32\amp.ini" 12 Jul 2008 1:41:18 48.882 A.... "C:\Windows\System32\c__0593.nls" 12 Jul 2008 1:41:18 130 A.... "C:\Windows\System32\c__10983.nls" 12 Jul 2008 1:41:18 130 A.... "C:\Windows\System32\c__2303.nls" 12 Jul 2008 1:41:18 82 A.... "C:\Windows\System32\c__23732.nls" 12 Jul 2008 1:41:18 658 A.... "C:\Windows\System32\c__3478.nls" 12 Jul 2008 1:41:18 418 A.... "C:\Windows\System32\c__3480.nls" 12 Jul 2008 1:41:18 98 A.... "C:\Windows\System32\c__3481.nls" 12 Jul 2008 1:41:18 290 A.... "C:\Windows\System32\c__3482.nls" 12 Jul 2008 1:41:18 178 A.... "C:\Windows\System32\c__34895.nls" 12 Jul 2008 1:41:18 930 A.... "C:\Windows\System32\c__374.nls" 12 Jul 2008 1:41:18 66 A.... "C:\Windows\System32\c__3948.nls" 5 Jul 2008 3:08:30 380.096 A.... "C:\Windows\System32\FNTCACHE.DAT" 29 May 2008 16:35:12 17.486.968 A.... "C:\Windows\System32\mrt.exe" 13 Jul 2008 21:25:54 116.706 A.... "C:\Windows\System32\perfc007.dat" 13 Jul 2008 21:25:54 103.924 A.... "C:\Windows\System32\perfc009.dat" 13 Jul 2008 21:25:54 641.344 A.... "C:\Windows\System32\perfh007.dat" 13 Jul 2008 21:25:54 610.142 A.... "C:\Windows\System32\perfh009.dat" 13 Jul 2008 21:25:54 1.461.736 A.... "C:\Windows\System32\PerfStringBackup.INI" 13 Jul 2008 21:20:22 6 A..H. "C:\Windows\Tasks\SA.DAT" 13 Jul 2008 18:49:52 32.624 A.... "C:\Windows\Tasks\SCHEDLGU.TXT" 13 Jul 2008 15:02:26 13.908 A.... "C:\Windows\TEMP\lpksetup-20080713-150213-0.log" 13 Jul 2008 15:02:28 624 A.... "C:\Windows\TEMP\lpksetup-20080713-150225-0.log" 13 Jul 2008 19:48:46 624 A.... "C:\Windows\TEMP\lpksetup-20080713-194843-0.log" 13 Jul 2008 19:48:44 13.908 A.... "C:\Windows\TEMP\lpksetup-20080713-194829-0.log" 12 Jul 2008 22:17:56 13.908 A.... "C:\Windows\TEMP\lpksetup-20080712-221736-0.log" 12 Jul 2008 22:17:58 624 A.... "C:\Windows\TEMP\lpksetup-20080712-221755-0.log" 13 Jul 2008 14:24:12 13.908 A.... "C:\Windows\TEMP\lpksetup-20080713-142359-0.log" 13 Jul 2008 14:24:12 624 A.... "C:\Windows\TEMP\lpksetup-20080713-142410-0.log" 9 Jul 2008 3:06:48 359 A.... "C:\Windows\winsxs\poqexec.log" 13 Jul 2008 21:11:56 0 A.... "C:\Windows\Debug\UserMode\ChkAcc.bak" 13 Jul 2008 21:20:18 0 A.... "C:\Windows\Debug\UserMode\ChkAcc.log" 13 Jul 2008 21:15:36 18.362.368 A.... "C:\Windows\erdnt\Hiv-backup\COMPON~1" 13 Jul 2008 21:15:34 159.744 A.... "C:\Windows\erdnt\Hiv-backup\DEFAULT" 13 Jul 2008 21:15:38 814 A.... "C:\Windows\erdnt\Hiv-backup\ERDNT.CON" 13 Jul 2008 21:15:38 1.051 A.... "C:\Windows\erdnt\Hiv-backup\ERDNT.INF" 13 Jul 2008 21:15:34 57.344 A.... "C:\Windows\erdnt\Hiv-backup\SAM" 13 Jul 2008 21:15:30 24.576 A.... "C:\Windows\erdnt\Hiv-backup\SECURITY" 13 Jul 2008 21:15:32 33.583.104 A.... "C:\Windows\erdnt\Hiv-backup\SOFTWARE" 13 Jul 2008 21:15:34 16.089.088 A.... "C:\Windows\erdnt\Hiv-backup\SYSTEM" 13 Jul 2008 21:25:18 3.953 A.... "C:\Windows\inf\WmiApRpl\WmiApRpl.h" 13 Jul 2008 19:58:32 5.212.171 A.... "C:\Windows\Logs\CBS\CBS.log" 7 Jul 2008 5:00:46 56.957.175 A.... Program Folders: C:\Program Files\ Activation Assistant for the 2007 Microsoft Office suites Adobe Alawar Apoint2K ASUS Atheros ATI ATI Technologies ATK Hotkey ATKGFNEX ATKOSD2 Common Files EA GAMES FlashGet ICQToolbar InstallShield Installation Information Internet Explorer Java Kaspersky Lab Microsoft Games Microsoft Office Microsoft Visual Studio Microsoft Works Microsoft.NET Motorola Movie Maker Mozilla Firefox MSBuild MSN MSXML 4.0 Nero OpenOffice.org 2.3 P4G Power4Gear eXtreme PowerForPhone Realtek Reference Assemblies ReflexiveArcade Trend Micro Uninstall Information VideoLAN Windows Calendar Windows Collaboration Windows Defender Windows Journal Windows Mail Windows Media Player Windows NT Windows Photo Gallery Windows Sidebar WinRAR Wireless Console 2 XMedia Recode C:\Program Files\Common Files\ Adobe Ahead DESIGNER InstallShield Java LightScribe microsoft shared Oberon Media Panda Software Services SpeechEngines Symantec Shared System Add/Remove Programs: Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player ActiveX Adobe Flash Player Plugin Asus_Camera_ScreenSaver FlashGet 1.9.6.1073 Kaspersky Anti-Virus 2009 Mozilla Firefox (2.0.0.15) 2007 Microsoft Office system Motorola SM56 Speakerphone Modem USB 2.0 1.3M UVC WebCam VideoLAN VLC media player 0.8.6e WinRAR XMedia Recode 1.0.1.1 Catalyst Control Center Localization Finnish Catalyst Control Center Localization German ATK Media ASUS Data Security Manager LifeFrame2 Skins Atheros Driver Installation Program Catalyst Control Center Localization Portuguese Java(TM) 6 Update 3 Catalyst Control Center Localization Czech CCC Help Spanish Catalyst Control Center Localization Dutch CCC Help Dutch CCC Help Hungarian CCC Help Chinese Traditional MSXML 4.0 SP2 (KB927978) ATK Hotkey ATI Catalyst Install Manager CCC Help Chinese Standard Catalyst Control Center Localization Italian CCC Help Japanese Catalyst Control Center Graphics Full New Catalyst Control Center Localization Spanish neroxml CCC Help Danish ASUS InstantFun CCC Help Turkish RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 ATKOSD2 Catalyst Control Center Localization Hungarian ccc-core-static CCC Help Russian ICQ6 CCC Help Finnish NB Probe Kaspersky Anti-Virus 2009 Activation Assistant for the 2007 Microsoft Office suites Catalyst Control Center Localization Polish OpenOffice.org 2.3 Catalyst Control Center Graphics Light CCC Help Czech Catalyst Control Center Localization Turkish Catalyst Control Center Localization Greek Catalyst Control Center Graphics Previews Vista Catalyst Control Center Graphics Full Existing CCC Help Polish Wireless Console 2 CCC Help Portuguese CCC Help German Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Catalyst Control Center Localization French Power4Gear eXtreme Microsoft Office Access MUI (German) 2007 Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (French) 2007 Microsoft Office Access MUI (Italian) 2007 Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Excel MUI (Italian) 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office PowerPoint MUI (Italian) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Publisher MUI (German) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Publisher MUI (Italian) 2007 Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office Outlook MUI (Italian) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Office Word MUI (Italian) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Proofing (Italian) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Shared MUI (Italian) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Need for Speed Underground 2 Microsoft Office Professional Hybrid 2007 Catalyst Control Center Localization Russian CCC Help Greek Catalyst Control Center Localization Chinese Traditional ccc-utility CCC Help Swedish CCC Help French ALPS Touch Pad Driver Microsoft Visual C++ 2005 Redistributable Catalyst Control Center Localization Danish Catalyst Control Center Localization Chinese Standard Adobe Reader 8 Catalyst Control Center Localization Thai Nero 7 Essentials MSXML 4.0 SP2 (KB936181) ASUS Splendid Video Enhancement Technology Catalyst Control Center Localization Korean CCC Help Korean Catalyst Control Center Localization Japanese CCC Help Italian LightScribe 1.8.13.1 Catalyst Control Center Core Implementation ATK Generic Function Service CCC Help English WinFlash CCC Help Norwegian ASUS Live Update Catalyst Control Center Localization Swedish Realtek High Definition Audio Driver CCC Help Thai Catalyst Control Center Localization Norwegian PowerForPhone Vogue Tales Deluxe Run Values: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SMSERIAL"="C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe" "StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe" "RtHDVCpl"="RtHDVCpl.exe" "Skytel"="Skytel.exe" "ATKMEDIA"="C:\\Program Files\\ASUS\\ATK Media\\DMEDIA.EXE" "Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe" "PowerForPhone"="C:\\Program Files\\PowerForPhone\\PowerForPhone.exe" "ASUS Screen Saver Protector"="C:\\Windows\\ASScrPro.exe" "ASUS Camera ScreenSaver"="C:\\Windows\\ASScrProlog.exe" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "Flashget"="C:\\Program Files\\FlashGet\\FlashGet.exe /min" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\"" "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe\"" "Malwarebytes Anti-Malware Reboot"="\"C:\\Downloads\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" "ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe" "LightScribe Control Panel"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" Bot Check: SERVICE_NAME: wscsvc DISPLAY_NAME : Sicherheitscenter START_TYPE : 2 AUTO_START SERVICE_NAME: sharedaccess DISPLAY_NAME : Gemeinsame Nutzung der Internetverbindung START_TYPE : 3 DEMAND_START SERVICE_NAME: wuauserv DISPLAY_NAME : Windows Update START_TYPE : 2 AUTO_START [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "disableregistrytools"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "restrictanonymous"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update] "AUOptions"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "AntiSpywareOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "WaitToKillServiceTimeout"="20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCDisable"=dword:00000000 "Shell"="Explorer.exe" "Userinit"="C:\\Windows\\system32\\userinit.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] "TransportBindName"="\\Device\\" ShellExecuteHooks: Environment: HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe OS REG_SZ Windows_NT Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC TEMP REG_EXPAND_SZ %SystemRoot%\TEMP TMP REG_EXPAND_SZ %SystemRoot%\TEMP USERNAME REG_SZ SYSTEM windir REG_EXPAND_SZ %SystemRoot% configsetroot REG_EXPAND_SZ %SystemRoot%\ConfigSetRoot SecurityProviders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders SecurityProviders REG_SZ credssp.dll Authentication Packages: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Subsystem Startup: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" Midi Drivers: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midi"="wdmaud.drv" Non-Default IFEO Debugger: Non-Default Installed Components: HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880d85-aad9-4558-abdc-2ab1552d831f} <NO NAME> REG_SZ LightScribe Control Panel Version REG_SZ 1,8,13,1 StubPath REG_SZ "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" Non-Default Safeboot Minimal: HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\appinfo <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\keyiso <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ntds <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\profsvc <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\psexesvc <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\swprv <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\tabletinputservice <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\tbs <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\trustedinstaller <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys <NO NAME> REG_SZ Driver HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys <NO NAME> REG_SZ Driver HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\windefend <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6bdd1fc1-810f-11d0-bec7-08002be2092f} <NO NAME> REG_SZ IEEE 1394 Bus host controllers HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{d48179be-ec20-11d1-b6b8-00c04fa372a7} <NO NAME> REG_SZ SBP2 IEEE 1394 Devices HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6} <NO NAME> REG_SZ SecurityDevices File Associations: [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\cmdfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" "IsolatedCommand"="\"%1\" %*" [HKEY_CLASSES_ROOT\htafile\shell\open\command] @="C:\\Windows\\system32\\mshta.exe \"%1\" %*" [HKEY_CLASSES_ROOT\http\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\htmlfile\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\regedit\shell\open\command] @="regedit.exe %1" [HKEY_CLASSES_ROOT\regfile\shell\open\command] @="regedit.exe \"%1\"" [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @="\"%1\" /S" [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @="%SystemRoot%\system32\NOTEPAD.EXE %1" Finished! |
|
|
||
Da ich nur eine Testversion von Kaspersky besitze kann ich die datei weder desinfizieren noch löschen. (Weil die Rechte zum Schreiben fehlen).
Daraufhin habe ich mal den ganzen Laptop überprüfen lassen und es sind noch einige gefährdete Dateien angefallen. Die konnte ich dann aber auch nicht löschen oder desinfizieren.
Da ich überhaupt keine Ahnung von PC's oder ähnlichem habe, bitte einfach antworten
Malwarebytes
Malwarebytes' Anti-Malware 1.20
Datenbank Version: 930
Windows 6.0.6000
17:27:16 12.07.2008
mbam-log-7-12-2008 (17-27-16).txt
Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 120943
Scan Dauer: 32 minute(s), 46 second(s)
Infizierte Speicher Prozesse: 3
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 13
Infizierte Registrierungswerte: 17
Infizierte Datei Objekte der Registrierung: 14
Infizierte Verzeichnisse: 3
Infizierte Dateien: 9
Infizierte Speicher Prozesse:
C:\Program Files\Web Technologies\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully.
C:\Program Files\Web Technologies\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully.
C:\Program Files\WAV\wav.exe (Rogue.WindowsAntivirus2008) -> Unloaded process successfully.
Infizierte Speicher Module:
(Keine Malware Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
Infizierte Datei Objekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
C:\Program Files\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\AAV (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\WAV (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Program Files\Web Technologies\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Web Technologies\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\AAV\aav.cpl (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\AAV\aav.exe (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\AAV\aav.ooo (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\AAV\aav0.dat (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\AAV\aav1.dat (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\WAV\wav.exe (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
C:\Users\Batteux\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
Combofix
ComboFix 08-07-11.1 - Batteux 2008-07-12 18:30:04.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1256 [GMT 2:00]
ausgeführt von:: C:\Users\Batteux\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\msiesetup.exe
.
((((((((((((((((((((((( Dateien erstellt von 2008-06-12 bis 2008-07-12 ))))))))))))))))))))))))))))))
.
Keine neuen Dateien erstellt in diesem Zeitraum
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 16:27 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-12 16:25 352,288 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-07-12 16:25 24,780 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-07-12 16:25 2,899,488 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-07-12 16:25 2,284 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-07-12 15:33 --------- d-----w C:\Users\Batteux\AppData\Roaming\OpenOffice.org2
2008-07-12 14:52 --------- d-----w C:\Users\Batteux\AppData\Roaming\Malwarebytes
2008-07-12 14:52 --------- d-----w C:\ProgramData\Malwarebytes
2008-07-12 12:04 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-07-12 12:04 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-12 11:46 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-07-12 11:45 --------- d-----w C:\Program Files\Google
2008-07-12 11:35 --------- d---a-w C:\ProgramData\TEMP
2008-07-12 11:32 --------- d-----w C:\ProgramData\Avira
2008-07-12 11:32 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-07-12 08:27 --------- d-----w C:\Program Files\Enigma Software Group
2008-07-12 00:52 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-12 00:17 --------- d-----w C:\Program Files\ICQToolbar
2008-07-11 23:54 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-07-11 23:15 --------- d-----w C:\Users\Batteux\AppData\Roaming\Azureus
2008-07-11 23:12 --------- d-----w C:\ProgramData\Azureus
2008-07-11 23:05 --------- d-----w C:\Users\Batteux\AppData\Roaming\BitSpirit
2008-07-11 23:04 --------- d-----w C:\Users\Batteux\AppData\Roaming\uTorrent
2008-07-09 01:08 174 --sha-w C:\Program Files\desktop.ini
2008-07-07 15:35 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-07-07 15:35 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-05 11:22 --------- d-----w C:\Users\Batteux\AppData\Roaming\Zylom
2008-07-05 11:22 --------- d-----w C:\ProgramData\Vogue Tales
2008-07-05 11:18 --------- d-----w C:\ProgramData\Zylom
2008-07-05 11:11 --------- d-----w C:\Program Files\Alawar
2008-07-05 08:35 --------- d-----w C:\ProgramData\VirtualFarm
2008-07-04 18:40 --------- d-----w C:\Users\Batteux\AppData\Roaming\ICQ Toolbar
2008-07-04 16:43 --------- d-----w C:\Users\Batteux\AppData\Roaming\ICQ
2008-07-04 16:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 17:01 --------- d-----w C:\Program Files\EA GAMES
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 16:22 206,088 ----a-w C:\Windows\System32\klogon.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-23 11:58 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-23 11:58 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-23 11:58 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 03:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-01 15:47 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 13:49 451872]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 18:27 61440]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-12 03:22 155648]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 20:10 778240]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-11-07 18:49 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-11-07 18:49 37232]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 11:29 2007088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
"Malwarebytes Anti-Malware Reboot"="C:\Downloads\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-07 17:35 1175160]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 12:39 4702208 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe]
C:\Users\Batteux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 11:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 10:01:50 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{04D571EC-6D31-495D-B3B8-524EF2E80A23}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{680A2BE8-06F7-4D6E-8DF7-C0337C9A7705}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{4345B08D-6B68-4001-8A3F-DF29495D9088}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{C7A42883-65D0-47FB-AE39-FE9FD47E565F}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{C5A17595-915B-4E7D-9E33-0BFE4B830535}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{E155315D-97EC-4D2D-8CAB-A04E12CE984C}C:\\users\\batteux\\documents\\icq\\icq6\\icq.exe"= UDP:C:\users\batteux\documents\icq\icq6\icq.exe:ICQ Library
"UDP Query User{F3C6BB7F-B623-4D80-AD83-B0BD40FD544B}C:\\users\\batteux\\documents\\icq\\icq6\\icq.exe"= TCP:C:\users\batteux\documents\icq\icq6\icq.exe:ICQ Library
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 17:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{128a4bda-8d40-11dc-993d-806e6f6e6963}]
\shell\AutoRun\command - E:\KIS6.EXE
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-wblogon - C:\Windows\System32\ubpr01.exe
HKLM-Run-AntiSpywareExpert - C:\Program Files\AntiSpywareExpert\ase.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 18:49:42
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AntiSpywareExpert = C:\Program Files\AntiSpywareExpert\ase.exe?exe?????????????????????????????????????
??????????????????????????????
???????????????????????????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????????
Scanne versteckte Dateien...
C:\Windows\TEMP\TMP0000006642D1751E70F52139 524288 bytes
C:\ADSM_PData_0150
Scan erfolgreich abgeschlossen
versteckte Dateien: 2
**************************************************************************
.
Zeit der Fertigstellung: 2008-07-12 18:51:33
ComboFix-quarantined-files.txt 2008-07-12 16:51:29
Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
14 Verzeichnis(se), 58,630,303,744 Bytes frei
148 --- E O F --- 2008-07-09 01:01:09
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:11, on 12.07.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Downloads\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Batteux\Documents\ICQ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Batteux\Documents\ICQ\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 7498 bytes
datfind
Datentr„ger in Laufwerk C: ist VistaOS
Volumeseriennummer: 448C-46D0
Verzeichnis von C:\Windows\system32
12.07.2008 18:32 610.142 perfh009.dat
12.07.2008 18:32 103.924 perfc009.dat
12.07.2008 18:32 641.344 perfh007.dat
12.07.2008 18:32 116.706 perfc007.dat
12.07.2008 18:32 1.461.736 PerfStringBackup.INI
12.07.2008 18:26 3.072 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
12.07.2008 18:26 3.072 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
12.07.2008 13:46 45.056 acovcnt.exe
12.07.2008 01:41 66 c__3948.nls
12.07.2008 01:41 290 c__3482.nls
12.07.2008 01:41 98 c__3481.nls
12.07.2008 01:41 418 c__3480.nls
12.07.2008 01:41 658 c__3478.nls
12.07.2008 01:41 130 c__10983.nls
12.07.2008 01:41 48.882 c__0593.nls
12.07.2008 01:41 82 c__23732.nls
12.07.2008 01:41 930 c__374.nls
12.07.2008 01:41 178 c__34895.nls
12.07.2008 01:41 130 c__2303.nls
12.07.2008 01:41 3 amp.ini
05.07.2008 03:08 380.096 FNTCACHE.DAT
29.05.2008 16:35 17.486.968 mrt.exe
10.05.2008 05:30 14.848 wshrm.dll