Home » Viren, Trojaner & Malware Forum » Wie werd ich "Trojan.DNS_Changer" wieder los ?? » Themenansicht
Wie werd ich "Trojan.DNS_Changer" wieder los ?? |
||
|---|---|---|
| #0
| ||
|
15.03.2009, 14:25
Member
Beiträge: 47 |
||
 
|
|
|
|
15.03.2009, 14:41
Member
Beiträge: 3716 |
#2
hallo, mach keine andern scans als die, die wir dir sagen ;-)
arbeite diese seite genau ab: http://board.protecus.de/t23187.htm achtung, Vista User müssen alle Programme als Administrator ausfüren, Rechtsklick, als administrator ausfüren wählen. Poste die logs. Verzichte auf Online Banking etc. Den Rechner vom Internet trennen wenn du nicht dran bist, und surfe nur auf den von uns genannten Seiten |
|
|
|
|
|
|
15.03.2009, 16:09
Member
Themenstarter Beiträge: 47 |
#3
Vielen Dank für die schnelle Antwort :-)
Habe Malwarebytes laufen lassen: -> Keine Funde LOG: Malwarebytes' Anti-Malware 1.34 Datenbank Version: 1851 Windows 6.0.6001 Service Pack 1 15.03.2009 15:28:12 mbam-log-2009-03-15 (15-28-12).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 59650 Laufzeit: 3 minute(s), 18 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Combo Fix LOG: ComboFix 09-03-14.01 - Jaws 2009-03-15 15:41:14.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.3066.1519 [GMT 1:00] ausgeführt von:: c:\users\Jaws\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . ADS - Windows: deleted 48 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Jaws\AppData\Roaming\.# . ((((((((((((((((((((((( Dateien erstellt von 2009-02-15 bis 2009-03-15 )))))))))))))))))))))))))))))) . 2009-03-15 15:05 . 2009-03-15 15:05 <DIR> d-------- c:\users\Jaws\AppData\Roaming\Malwarebytes 2009-03-15 15:05 . 2009-03-15 15:05 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-03-15 15:05 . 2009-03-15 15:05 <DIR> d-------- c:\programdata\Malwarebytes 2009-03-15 15:05 . 2009-03-15 15:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-15 15:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-03-15 15:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-03-15 13:35 . 2009-03-15 13:35 <DIR> d-------- c:\users\Jaws\AppData\Roaming\eurowin 2009-03-15 13:34 . 2004-08-19 14:06 2,760,192 --a------ c:\windows\System32\Cull10.dll 2009-03-15 13:34 . 2004-08-18 13:59 1,388,544 --a------ c:\windows\System32\Cmll10ob.llx 2009-03-15 13:34 . 2004-08-31 10:56 1,232,896 --a------ c:\windows\System32\Cuct10.dll 2009-03-15 13:34 . 2004-08-19 13:29 1,215,488 --a------ c:\windows\System32\culs10.dll 2009-03-15 13:34 . 2004-08-19 13:36 713,728 --a------ c:\windows\System32\Cubr10.dll 2009-03-15 13:34 . 2004-04-21 08:54 678,400 --a------ c:\windows\System32\Cudw10.dll 2009-03-15 13:34 . 2003-11-04 18:53 378,368 --a------ c:\windows\System32\cull1000.lng 2009-03-15 13:34 . 2004-07-12 07:51 225,280 --a------ c:\windows\System32\Cupr10.dll 2009-03-15 13:34 . 2004-07-12 07:51 212,992 --a------ c:\windows\System32\Cmpr10.dll 2009-03-15 13:34 . 2004-05-03 14:09 177,152 --a------ c:\windows\System32\Cuut10.dll 2009-03-15 13:34 . 2003-11-05 08:27 164,248 --a------ c:\windows\System32\cull10o.ocx 2009-03-15 13:34 . 2004-05-03 14:09 159,232 --a------ c:\windows\System32\Cmut10.dll 2009-03-15 13:28 . 2009-03-15 13:28 <DIR> d-------- c:\users\All Users\eurowin 2009-03-15 13:28 . 2009-03-15 13:28 <DIR> d-------- c:\programdata\eurowin 2009-03-15 13:28 . 2009-03-15 13:28 <DIR> d-------- c:\program files\Eurowin 2009-03-15 12:15 . 2008-06-19 16:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys 2009-03-15 12:13 . 2009-03-15 12:13 <DIR> d-------- c:\program files\Panda Security 2009-03-15 11:19 . 2009-03-15 11:34 <DIR> d-------- c:\program files\a-squared Free 2009-03-14 23:46 . 2009-03-14 23:46 <DIR> d-------- c:\program files\Alwil Software 2009-03-14 19:58 . 2009-03-14 19:58 <DIR> d-------- c:\program files\AVG 2009-03-14 19:02 . 2009-03-14 23:31 5,438,752 --ahs---- c:\windows\System32\drivers\fidbox.dat 2009-03-14 19:02 . 2009-03-14 23:31 74,960 --ahs---- c:\windows\System32\drivers\fidbox.idx 2009-03-14 19:01 . 2009-03-14 19:01 2,041 --a------ C:\rollback.ini 2009-03-14 18:45 . 2009-03-14 23:28 <DIR> d-------- c:\users\All Users\ParetoLogic 2009-03-14 18:45 . 2009-03-14 23:28 <DIR> d-------- c:\programdata\ParetoLogic 2009-03-14 18:45 . 2009-03-14 23:28 <DIR> d-------- c:\program files\Common Files\ParetoLogic 2009-03-14 10:35 . 2009-03-14 10:35 <DIR> d-------- c:\program files\Trend Micro 2009-03-13 20:38 . 2009-03-13 20:38 <DIR> d-------- c:\users\All Users\ESET 2009-03-13 20:38 . 2009-03-13 20:38 <DIR> d-------- c:\programdata\ESET 2009-03-12 13:19 . 2009-03-12 13:19 <DIR> d--h----- c:\users\All Users\CanonBJ 2009-03-12 13:19 . 2009-03-12 13:19 <DIR> d--h----- c:\programdata\CanonBJ 2009-03-12 13:14 . 2009-03-12 13:14 <DIR> d-------- c:\windows\System32\Adobe 2009-03-12 11:54 . 2001-10-26 23:16 16,384 --a------ c:\windows\System32\FileOps.exe 2009-03-12 11:43 . 2009-03-12 11:43 <DIR> d-------- c:\windows\Adobe Illustrator CS 2009-03-11 17:52 . 2009-03-11 17:52 <DIR> d-------- c:\users\All Users\WindowsSearch 2009-03-11 17:52 . 2009-03-11 17:52 <DIR> d-------- c:\programdata\WindowsSearch 2009-03-11 12:34 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-11 12:34 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-11 12:34 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-11 12:34 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-11 12:34 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-11 12:34 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-10 14:50 . 2009-03-10 14:50 <DIR> d-------- c:\program files\Bonjour 2009-03-10 00:51 . 2009-03-10 00:51 <DIR> d-------- c:\users\Jaws\AppData\Roaming\metaspinner net GmbH 2009-03-10 00:45 . 2009-03-10 00:52 <DIR> d-------- c:\program files\Preispiraten6 2009-03-09 22:35 . 2009-03-14 21:56 <DIR> d-------- c:\program files\Elaborate Bytes 2009-03-09 21:54 . 2009-03-09 21:54 <DIR> d-------- c:\program files\Kaminfeuer Titanium Edition II 2009-03-09 21:54 . 2008-06-19 19:54 7,907,328 --a------ c:\windows\Kaminfeuer Titanium Edition II.scr 2009-03-09 21:54 . 2008-06-19 19:54 193,296 --a------ c:\windows\System32\MCI32.OCX 2009-03-09 21:54 . 2008-06-19 19:54 34,816 --a------ c:\windows\System32\MCIDE.dll 2009-03-09 21:53 . 2008-06-19 19:54 1,355,776 --a------ c:\windows\System32\MSVBVM50.dll 2009-03-09 21:53 . 2008-06-19 19:54 99,866 --a------ c:\windows\System32\VB5DE.dll 2009-03-09 21:53 . 2008-06-19 19:54 72,704 --a------ c:\windows\ST5UNST.EXE 2009-03-09 21:53 . 2008-06-19 19:54 29,696 --a------ c:\windows\System32\VB5StKit.dll 2009-03-09 21:52 . 2009-03-09 22:37 <DIR> d-------- c:\program files\Sim AQUARIUM 2 2009-03-09 21:52 . 2006-12-01 09:24 2,759,082 --a------ c:\windows\Sim AQUARIUM 2.scr 2009-03-09 21:49 . 2009-03-09 21:49 <DIR> d-------- c:\program files\Cities of Earth 2009-03-09 21:49 . 2007-09-23 23:08 2,789,376 --a------ c:\windows\System32\Cities.scr 2009-03-09 21:31 . 2009-03-09 21:31 <DIR> d-------- c:\program files\WorldOfGoo 2009-03-09 21:00 . 2009-03-09 21:00 <DIR> d-------- c:\users\Jaws\AppData\Roaming\Ashampoo 2009-03-09 20:56 . 2009-03-09 20:56 <DIR> d-------- c:\users\Jaws\AppData\Roaming\Thunderbird 2009-03-09 20:56 . 2009-03-09 20:56 0 --a------ c:\windows\nsreg.dat 2009-03-09 20:54 . 2009-03-09 20:54 <DIR> d-------- c:\users\All Users\ashampoo 2009-03-09 20:54 . 2009-03-09 20:54 <DIR> d-------- c:\programdata\ashampoo 2009-03-09 20:54 . 2009-03-09 20:54 <DIR> d-------- c:\program files\Ashampoo 2009-03-08 20:08 . 2009-03-08 20:08 <DIR> d-------- c:\users\Jaws\AppData\Roaming\OpenOffice.org 2009-03-08 18:52 . 2009-03-08 18:52 <DIR> d-------- c:\users\All Users\Avira 2009-03-08 18:52 . 2009-03-08 18:52 <DIR> d-------- c:\programdata\Avira 2009-03-08 18:52 . 2009-03-08 18:52 <DIR> d-------- c:\program files\Avira 2009-03-08 18:25 . 2009-03-08 18:25 <DIR> d-------- c:\users\Jaws\AppData\Roaming\eSobi 2009-03-08 17:54 . 2009-03-15 11:44 <DIR> d-------- c:\program files\SpywareBlaster 2009-03-08 17:51 . 2009-03-08 17:51 <DIR> d-------- c:\program files\PokerStars.NET 2009-03-08 16:57 . 2009-03-08 16:57 410,984 --a------ c:\windows\System32\deploytk.dll 2009-03-08 16:47 . 2009-03-08 16:47 <DIR> d-------- c:\users\All Users\NOS 2009-03-08 16:47 . 2009-03-08 16:47 <DIR> d-------- c:\programdata\NOS 2009-03-08 16:47 . 2009-03-08 16:47 <DIR> d-------- c:\program files\NOS 2009-03-08 15:49 . 2009-03-08 15:49 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-03-08 15:46 . 2009-03-08 15:46 <DIR> d-------- c:\program files\Microsoft IntelliPoint 2009-03-08 15:41 . 2009-03-08 15:41 <DIR> d-------- c:\program files\Canon 2009-03-08 15:33 . 2009-03-08 15:33 <DIR> d-------- c:\program files\CD-LabelPrint 2009-03-08 15:30 . 2009-03-08 15:30 <DIR> d-------- c:\program files\Common Files\Canon 2009-03-08 14:42 . 2009-03-08 14:42 <DIR> d-------- c:\program files\RocketDock 2009-03-08 14:39 . 2009-03-08 14:39 <DIR> d-------- c:\program files\eRightSoft 2009-03-08 14:33 . 2009-03-08 14:38 <DIR> d-------- c:\program files\teXXas 2009-03-08 14:31 . 2009-03-08 14:31 <DIR> d-------- c:\program files\Opera 2009-03-08 14:30 . 2009-03-08 18:12 <DIR> d-------- c:\program files\MP3Gain 2009-03-08 14:26 . 2009-03-08 14:26 <DIR> d-------- c:\program files\OpenOffice.org 3 2009-03-08 14:26 . 2009-03-08 14:26 <DIR> d-------- c:\program files\JRE 2009-03-08 14:24 . 2009-03-08 16:57 <DIR> d-------- c:\program files\Java 2009-03-08 14:24 . 2009-03-08 14:24 <DIR> d-------- c:\program files\Common Files\Java 2009-03-08 14:18 . 2009-03-08 14:18 <DIR> d-------- c:\program files\Mp3tag 2009-03-08 14:07 . 2009-03-08 14:07 <DIR> d-------- c:\users\Jaws\AppData\Roaming\Apple Computer 2009-03-08 14:07 . 2009-03-08 14:07 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-03-08 14:07 . 2009-03-08 14:07 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-03-08 14:07 . 2009-03-08 14:07 <DIR> d-------- c:\program files\iTunes 2009-03-08 14:07 . 2009-03-08 14:07 <DIR> d-------- c:\program files\iPod 2009-03-08 14:07 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2009-03-08 14:07 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2009-03-08 14:06 . 2009-03-08 14:07 <DIR> d-------- c:\users\All Users\Apple Computer 2009-03-08 14:06 . 2009-03-08 14:07 <DIR> d-------- c:\programdata\Apple Computer 2009-03-08 14:06 . 2009-03-08 14:06 <DIR> d-------- c:\program files\QuickTime 2009-03-08 14:05 . 2009-03-08 14:05 <DIR> d-------- c:\program files\Apple Software Update 2009-03-08 14:04 . 2009-03-08 14:04 <DIR> d-------- c:\users\All Users\Apple 2009-03-08 14:04 . 2009-03-08 14:04 <DIR> d-------- c:\programdata\Apple 2009-03-08 14:04 . 2009-03-08 14:07 <DIR> d-------- c:\program files\Common Files\Apple 2009-03-08 14:01 . 2009-03-08 14:01 <DIR> d-------- c:\windows\uninstall\Audiograbber 2009-03-08 14:01 . 2009-03-08 14:01 <DIR> d-------- c:\windows\uninstall 2009-03-08 14:01 . 2009-03-08 14:01 <DIR> d-------- c:\program files\audiograbber 2009-03-05 21:11 . 2009-03-05 21:11 <DIR> d-------- c:\users\Jaws\AppData\Roaming\SoftDMA 2009-03-05 21:11 . 2009-03-05 21:11 <DIR> d-------- c:\users\Jaws\AppData\Roaming\CyberLink 2009-03-05 14:58 . 2009-03-10 00:46 <DIR> d-------- c:\users\Jaws\AppData\Roaming\Winamp 2009-03-05 14:58 . 2009-03-05 14:59 <DIR> d-------- c:\program files\Winamp 2009-03-05 14:45 . 2009-03-14 23:32 31,776 --a------ c:\users\All Users\nvModes.dat 2009-03-05 14:45 . 2009-03-14 23:32 31,776 --a------ c:\programdata\nvModes.dat 2009-03-05 14:44 . 2009-03-05 14:58 <DIR> d-------- c:\program files\Common Files\PX Storage Engine 2009-03-05 14:43 . 2009-03-05 14:43 <DIR> d-------- c:\windows\System32\IOSUBSYS 2009-03-05 14:32 . 2009-03-14 15:35 <DIR> d-------- c:\users\All Users\Google Updater 2009-03-05 14:32 . 2009-03-14 15:35 <DIR> d-------- c:\programdata\Google Updater . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-15 14:36 --------- d---a-w c:\programdata\Temp 2009-03-12 12:14 --------- d-----w c:\program files\Common Files\Adobe 2009-03-12 10:48 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-12 09:04 --------- d-----w c:\program files\Windows Mail 2009-03-08 17:30 --------- d-----w c:\program files\Acer GameZone 2009-03-08 17:25 --------- d-----w c:\programdata\eSobi 2009-03-08 17:05 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-08 14:12 --------- d-----w c:\programdata\CyberLink 2009-03-04 12:23 --------- d-----w c:\programdata\McAfee 2009-03-04 12:16 --------- d-----w c:\programdata\SiteAdvisor 2009-03-04 11:41 --------- d-----w c:\program files\Acer 2009-03-04 11:36 --------- d-sh--w c:\programdata\Vorlagen 2009-03-04 11:36 --------- d-sh--w c:\programdata\Startmenü 2009-03-04 11:36 --------- d-sh--w c:\programdata\Favoriten 2009-03-04 11:36 --------- d-sh--w c:\programdata\Dokumente 2009-03-04 11:36 --------- d-sh--w c:\programdata\Anwendungsdaten 2009-03-04 11:36 --------- d-sh--w c:\program files\Gemeinsame Dateien 2009-01-20 19:41 212,480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys 2009-01-20 19:41 147,456 ----a-w c:\windows\System32\Faultrep.dll 2009-01-20 19:41 125,952 ----a-w c:\windows\System32\wersvc.dll 2009-01-20 19:40 443,392 ----a-w c:\windows\System32\win32spl.dll 2009-01-20 19:40 1,334,272 ----a-w c:\windows\System32\msxml6.dll 2009-01-20 19:40 1,191,936 ----a-w c:\windows\System32\msxml3.dll 2009-01-20 19:39 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2009-01-20 19:39 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2009-01-20 11:12 --------- d-----w c:\program files\Acer Incorporated 2009-01-20 11:05 --------- d-----w c:\program files\Acer Inc 2009-01-20 11:05 --------- d-----w c:\program files\Acer Arcade Deluxe 2009-01-20 10:59 --------- d-----w c:\program files\MSXML 4.0 2009-01-20 10:55 --------- d-----w c:\program files\Launch Manager 2009-01-20 10:54 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_nuvotonhidgeneric_01007.Wdf 2009-01-20 10:54 --------- d-----w c:\program files\Nuvoton Technology Corporation 2009-01-20 10:52 319,488 ----a-w c:\windows\HideWin.exe 2009-01-20 10:52 319,456 ----a-w c:\windows\DIFxAPI.dll 2009-01-20 10:52 --------- d-----w c:\programdata\NVIDIA 2009-01-20 10:52 --------- d-----w c:\program files\Realtek 2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2006-05-03 10:06 163,328 --sh--r c:\windows\System32\flvDX.dll 2007-02-21 11:47 31,232 --sh--r c:\windows\System32\msfDX.dll 2008-03-16 13:30 216,064 --sh--r c:\windows\System32\nbDX.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-07-29 17:52 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-22 13601312] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-22 92704] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-17 858632] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-04 24064] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-04 515416] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 136600] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RtHDVCpl"="RtHDVCpl.exe" [2008-09-19 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2008-09-19 c:\windows\SkyTel.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-03-12 110592] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A77DB892-D6B4-4FD7-BBAD-2901843261C6}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{2CC80CE2-5955-4C72-9152-A5BE4EBC4F79}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{5C6E19D7-D66F-4527-8874-F4A29E302BC6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{152688F3-1D21-40C5-AF86-D38B85855A15}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{8ED7A5E9-400F-4476-933B-CF8DCA042A09}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{44484ABD-DD77-408B-8C79-E689A99E38CF}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{4D9140AE-A55D-4D42-8CC2-3F0E74E0DA6B}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{2EC0276E-F33B-42D4-9EF9-22AFC158B5C2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F866B6BD-DCB3-46C5-AEFF-F06CB60C36CC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2E1F91A0-8794-4023-BA7A-C7D75B6B537B}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{29B4204A-EA44-4E0F-B0E3-F26CABF681EA}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{70A1AF16-484E-486C-8CCB-B941D1056A53}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{B50A50AB-720E-4776-8424-0FE2858018DC}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{28F9E1B7-5377-48FF-A1D6-BD7F6CBFCB22}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{67284F07-5885-4241-B893-4F9BDF54849F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{18E6AF33-F482-4C0A-BC84-F06C8F588DA9}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary "UDP Query User{2BEE58C6-FFB9-4C33-9B47-779F012BBBF3}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary "{21282FFF-8641-4FBF-A0F7-8F18F7BB9AFE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{5FA60B2D-DAAF-482E-8526-01B43BD24943}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Users\\Jaws\\AppData\\Local\\Temp\\RarSFX0\\StsInstall.exe"= c:\users\Jaws\AppData\Local\Temp\RarSFX0\StsInstall.exe:*:Enabled:StsInstall "c:\\Program Files\\Eurowin\\MaxTax Starter\\MAXTAX.exe"= c:\program files\Eurowin\MaxTax Starter\MAXTAX.exe:*:Enabled:MAXTAX "c:\\Program Files\\Eurowin\\MaxTax Starter\\STMAXTAX.exe"= c:\program files\Eurowin\MaxTax Starter\STMAXTAX.exe:*:Enabled:STMAXTAX R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-04 64160] R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2009-03-04 130424] R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2009-03-04 159600] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-11-20 69632] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-20 24576] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [2009-03-04 73840] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-03-04 1153368] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-06-26 212992] R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\System32\drivers\hidshim.sys [2008-10-08 5632] R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\System32\drivers\NETw5v32.sys [2009-01-20 3663360] R3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\System32\drivers\nuvotonhidgeneric.sys [2008-10-08 22528] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2009-01-20 45600] S2 gupdate1c99d96f2f1fc10;Google Update Service (gupdate1c99d96f2f1fc10);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-08 33752] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-04 24064] S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2009-03-04 110576] S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2009-03-04 95640] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-04 348752] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - ASWFSBLK *NewlyCreated* - ASWMONFLT *NewlyCreated* - ASWRDR *NewlyCreated* - ASWSP *NewlyCreated* - ASWTDI *Deregistered* - mchInjDrv . Inhalt des "geplante Tasks" Ordners 2009-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-04 13:27] 2009-03-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-05 14:32] 2009-03-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 14:33] 2009-03-14 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [] . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-eRecoveryService - (no file) . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730 uInternet Settings,ProxyOverride = *.local IE: &Preispiratensuche nach markiertem Text - c:\\Program Files\\Preispiraten6\\preispiraten.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home IE: {{E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe FF - ProfilePath - c:\users\Jaws\AppData\Roaming\Mozilla\Firefox\Profiles\0caqrp3j.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (de) FF - prefs.js: browser.startup.homepage - www.google.de FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-15 15:44:42 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(8620) c:\program files\Spyware Doctor\pctgmhk.dll c:\program files\RocketDock\RocketDock.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\windows\System32\SysHook.dll . Zeit der Fertigstellung: 2009-03-15 15:47:08 ComboFix-quarantined-files.txt 2009-03-15 14:47:02 Vor Suchlauf: 21 Verzeichnis(se), 98.929.135.616 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 98,588,934,144 Bytes frei Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 347 --- E O F --- 2009-03-15 00:33:58 HiJackThis LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:03:57, on 15.03.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Jaws\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Jaws\Downloads\Firefox\HiJackThis\HJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\PROGRA~1\PREISP~1\IEBUTT~2.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\PREISP~1\IEBUTT~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~1\PREISP~1\IEBUTT~3.DLL O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra 'Tools' menuitem: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de (file missing) O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.112.151,85.255.112.207 O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c99d96f2f1fc10) (gupdate1c99d96f2f1fc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - c:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13108 bytes HiJackThis Uninstall-List: 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 7-Zip 4.65 Acer Arcade Deluxe Acer Arcade Deluxe Acer Crystal Eye webcam Ver:1.1.57.409 Acer eAudio Management Acer eDataSecurity Management Acer Empowering Technology Acer ePower Management Acer eRecovery Management Acer eSettings Management Acer GridVista Acer Mobility Center Plug-In Acer Product Registration Acer ScreenSaver Ad-Aware Ad-Aware Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Illustrator CS Adobe Reader 9 - Deutsch Adobe SVG Viewer 3.0 Apple Mobile Device Support Apple Software Update Ashampoo Burning Studio 2009 a-squared Free 4.0 Audiograbber 1.83 SE Avira AntiVir Personal - Free Antivirus Beetle Junior Bonjour Bricks of Egypt Broadcom Gigabit Integrated Controller C:\Program Files\Acer GameZone\GameConsole Cake Mania Canon Inkjet Printer Driver Add-On Module Canon Utilities Easy-PhotoPrint CCleaner (remove only) CD-LabelPrint Chicken Invaders 2 Cities of Earth 3D Screensaver v. 2.1 Cradle of Rome CyberLink PowerDirector CyberLink PowerDirector Dream Day First Home eSobi v2 eurowin maxtax FLV Player 2.0 (build 25) Galapago Go-Go Gourmet Google Desktop Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater HDAUDIO Soft Data Fax Modem with SmartCP HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) iTunes Java(TM) 6 Update 11 Java(TM) 6 Update 7 Kaminfeuer Titanium Edition II Launch Manager Magic Farm Magic Match Adventures Malwarebytes' Anti-Malware Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Office Excel MUI (German) 2007 Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (German) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox (3.0.7) Mp3tag v2.42 MSXML 4.0 SP2 (KB954430) Mystery Solitaire - Secret Island Mythic Mahjong NTI Backup Now 5 NTI Media Maker 8 Nuvoton EC Generic HID Driver NVIDIA Drivers OpenOffice.org 3.0 Opera 9.64 Panda ActiveScan 2.0 PC Tools Firewall Plus 5.0 PhotoNow! Picasa 3 PokerStars.net Preispiraten QuickTime Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader RocketDock 1.3.5 Sim AQUARIUM 2 Spybot - Search & Destroy Spyware Doctor 6.0 SpywareBlaster 4.1 SUPER © Version 2009.bld.35 (Jan 5, 2009) Synaptics Pointing Device Driver teXXas The Rise of Atlantis Tiks Texas Hold em Update for Office 2007 (KB946691) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 0.9.8a Winamp xp-AntiSpy 3.97-2 |
|
|
|
|
|
|
15.03.2009, 17:10
Member
Beiträge: 3716 |
#4
öffne hijackthis klicke scan hake an:
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe klicke fix cheked, starte den PC neu, update malwareBytes scanne erneut poste das log. Bist du hinter nem router? |
|
|
|
|
|
|
15.03.2009, 17:55
Member
Themenstarter Beiträge: 47 |
#5
HiJack und MalwareBytes erneut laufen lassen. Ist schon richtig Malware auf Quickscan laufen zu lassen (wieso nicht komplett?).
Habe halt einen DSL-Router (von Arcor W200). Log jetzt: Malwarebytes' Anti-Malware 1.34 Datenbank Version: 1851 Windows 6.0.6001 Service Pack 1 15.03.2009 17:52:15 mbam-log-2009-03-15 (17-52-15).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 58469 Laufzeit: 1 minute(s), 59 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
|
|
|
|
|
15.03.2009, 18:10
Member
Beiträge: 3716 |
#6
Ein quick scan reicht für den anfang.
bitte mache einen reset deines routers, achtung merke deine Zugangsdaten, poste dann ein frisches hjt-log |
|
|
|
|
|
|
15.03.2009, 20:08
Member
Themenstarter Beiträge: 47 |
#7
Hat ein bißchen gedauert, hatte natürlich keine Vista DSL-Router Software und keinen Internetzugang. Wusste natürlich die IP nicht auswending.
Also weiter: LOG HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:06:19, on 15.03.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Jaws\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Users\Jaws\Downloads\Firefox\HiJackThis\HJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\PROGRA~1\PREISP~1\IEBUTT~2.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\PREISP~1\IEBUTT~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~1\PREISP~1\IEBUTT~3.DLL O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra 'Tools' menuitem: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de (file missing) O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.112.151,85.255.112.207 O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c99d96f2f1fc10) (gupdate1c99d96f2f1fc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - c:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12796 bytes Mir fällt auf, daß der Trojaner sich in: O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.112.151,85.255.112.207 oder O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 befinden soll (Zahlencode fehlt bei der Meldung) Nochmals vielen Dank schonmal im voraus..... Dieser Beitrag wurde am 15.03.2009 um 22:38 Uhr von DoktorMorph editiert.
|
|
|
|
|
|
|
16.03.2009, 17:07
Member
Beiträge: 3716 |
#8
Ja ich weiß ;-)
download http://home.hetnet.nl/~stefsmeenk/tools/FixWareOut.exe Doppelklick Fixwareout.exe um es zu starten Klicke Next und dan auf Install, achte darauf das Run fixit angehaakt ist und klick Finish. Der Fix fängt an und folge die Instruktion im Fenster Wenn gefragt wird dein Rechner neu zu starten,starte neu Dein Rechner startet jetzt langsamer das ist normal Poste den Inhalt von C:\fixwareout\report.txt (report.txt). |
|
|
|
|
|
|
17.03.2009, 13:16
Member
Themenstarter Beiträge: 47 |
#9
So jetzt scheints nicht mehr so zu klappen:
Programm runtergeladen, ist aber exe zum Entpacken. Wird auf c:/ entpackt und sofort gestartet. Install gibt es sogesehen nicht, auch kann ich nix anhaken, da sich eine Art Dos-Fenster öffnet und ich irgendeine Taste drücken soll. Daraufhin startet der Recher neu. Am Ende steht Syntaxfehler, Windows startet und folgende report.txt entsteht: Username "Jaws" - 17.03.2009 13:04:13 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Der DNS-Aufl”sungscache wurde geleert. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "BkupTray"="\"C:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BkupTray.exe\"" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "ArcadeDeluxeAgent"="\"C:\\Program Files\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\ArcadeDeluxeAgent.exe\"" "CLMLServer"="\"C:\\Program Files\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\Kernel\\CLML\\CLMLSvc.exe\"" "NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit" "RtHDVCpl"="RtHDVCpl.exe" "Skytel"="Skytel.exe" "PLFSetI"="C:\\Windows\\PLFSetI.exe" "LManager"="C:\\PROGRA~1\\LAUNCH~1\\LManager.exe" "ePower_DMC"="C:\\Program Files\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe" "eDataSecurity Loader"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSloader.exe" "eAudio"="\"C:\\Program Files\\Acer\\Empowering Technology\\eAudio\\eAudio.exe\"" "PlayMovie"="\"C:\\Program Files\\Acer Arcade Deluxe\\PlayMovie\\PMVService.exe\"" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "00PCTFW"="\"C:\\Program Files\\PC Tools Firewall Plus\\FirewallGUI.exe\" -s" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"" "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" "WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\"" "avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "ISTray"="\"C:\\Program Files\\Spyware Doctor\\pctsTray.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="\"C:\\Program Files\\Acer\\WR_PopUp\\ProductReg.exe\"" "RocketDock"="\"C:\\Program Files\\RocketDock\\RocketDock.exe\"" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" .... Hosts file was reset, If you use a custom hosts file please replace it... C:\Windows\repair\autoexec.nt missing C:\Windows\repair\Config.nt missing ~~~~~ End report ~~~~~ Hoffe trotzdem alles richtig gemacht, weil wie gesagt ich nix anklicken kann. |
|
|
|
|
|
|
17.03.2009, 13:18
Member
Beiträge: 3716 |
#10
ein neues hijackthis log bitte.
|
|
|
|
|
|
|
17.03.2009, 13:39
Member
Themenstarter Beiträge: 47 |
#11
Neues hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:38:14, on 17.03.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\a-squared Free\a2service.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe C:\Program Files\Acer\Empowering Technology\Service\ETService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\Windows\system32\svchost.exe c:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Users\Jaws\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Users\Jaws\Downloads\Firefox\HiJackThis\HJT.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\PROGRA~1\PREISP~1\IEBUTT~2.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\PREISP~1\IEBUTT~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~1\PREISP~1\IEBUTT~3.DLL O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra 'Tools' menuitem: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de (file missing) O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.112.151,85.255.112.207 O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c99d96f2f1fc10) (gupdate1c99d96f2f1fc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - c:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 15331 bytes |
|
|
|
|
|
|
17.03.2009, 13:47
Member
Beiträge: 3716 |
#12
regsearch:
http://www.virus-protect.org/artikel...regsearch.html dieses suchen lassen: 85.255.112.151 85.255.112.207 log posten. |
|
|
|
|
|
|
17.03.2009, 13:49
Member
Themenstarter Beiträge: 47 |
#13
Url von regsearch falsch "404 not found"
|
|
|
|
|
|
|
17.03.2009, 13:52
Member
Beiträge: 3716 |
||
|
|
|
|
|
17.03.2009, 13:56
Member
Themenstarter Beiträge: 47 |
#15
Schon gefunden.....
Also weiter gehts mit: Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.6.0 ; Results at 17.03.2009 13:53:56 for strings: ; '85.255.112.151 85.255.112.207' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Was muß ich machen um den wieder loszuwerden? Langsam glaube ich PCTools Spyware Doktor einfach nichtmehr.
Vielen Dank schonmal im voraus...
Schönen Sonntag
Juergen alias DoktorMorph
P.S. Panda und Stinger laufen gerade.
P.S.: Hier die log-datei von hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:34, on 15.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Users\Jaws\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Windows\system32\conime.exe
C:\Users\Jaws\Downloads\Firefox\stinger10000482.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\PROGRA~1\PREISP~1\IEBUTT~2.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\PREISP~1\IEBUTT~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~1\PREISP~1\IEBUTT~3.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe
O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing)
O9 - Extra 'Tools' menuitem: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.112.151,85.255.112.207
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c99d96f2f1fc10) (gupdate1c99d96f2f1fc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - c:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 17250 bytes