Norton Sagt bei Systemstart "Trojan Horse"

#1 Hallo ich habe das Norton 16.5.0.134 als 180 Tage Testversion.

Seit ein paar Tagen kommt bei jedem neustart des Notebooks die Meldung „Autoprotect has dectected Trojan Horse“

Allerdings verschwindet die Fehlermeldung nach ein paar Sekunden oder auf klick auf „x“
Im Verlauf von Norton oder unter Quarantäne finde ich jedoch nix was auf ein Tojanisches Pferd hinweist.

Desweiteren kommt auch eine neue Meldung die mit einem Roten X gekennzeichnet ist „Virus dectected Please install Antivirus XP“
Natürlich habe ich diese Programm installiert und über google festellen müssen dass es sich um eine Malware oder so handelt die nur Geld für eine Vollversion will, für angebliche Viren, die gar nicht existieren.
Wie kann ich dieses Programm wieder löschen und was hat es mit dem Trojaner auf sich? Wer kann mir bitte helfen.

Grüße

#2 Hallo Chevroletti und herzlich Willkommen an Board-Protecus

Hallo, ja genau du bist auf ein Fakeprogramm reingefallen, welches Dir lediglich vorgegaukelt hat, dass Du Schädlinge auf deinem System hast.

Mach dazu folgendes und poste die Logs HIER in diesem Beitrag:
http://pctipp.ch/forum/showthread.php?t=7324

Gruss Swiss

#3 ich weiß zwar nicht ob alles hier rein passt aber du wolltest ja die kompletten logs...

Malwarebytes' Anti-Malware 1.36
Datenbank Version: 2061
Windows 6.0.6001 Service Pack 1

30.04.2009 13:47:16
mbam-log-2009-04-30 (13-47-16).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 335017
Laufzeit: 1 hour(s), 19 minute(s), 43 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\AntivirusXP (Rogue.AntivirusXP) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntivirusXP.exe (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntivirusXP (Rogue.AntivirusXP) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K77GI8PT\lsp[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntivirusXP\AntivirusXP.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntivirusXP.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Users\Gast\Desktop\AntivirusXP.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Windows\System32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\acer\AppData\Local\Temp\stylrit0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\loader49.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


ComboFix 09-04-29.07 - acer 30.04.2009 14:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.1534 [GMT 2:00]
ausgeführt von:: c:\users\acer\Desktop\trojanersoftware\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *enabled*
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\uniq.tll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\x64
c:\windows\system32\x64\csnp2uvc.dll
c:\windows\system32\x64\rsnpvc64.dll
c:\windows\system32\x64\sncduvc.sys
c:\windows\system32\x64\snp2uvc.sys
c:\windows\system32\x64\vsnpvc64.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((( Dateien erstellt von 2009-05-28 bis 2009-4-30 ))))))))))))))))))))))))))))))
.

2009-04-30 10:21 . 2009-04-30 10:21 -------- d-----w c:\users\acer\AppData\Roaming\Malwarebytes
2009-04-30 10:21 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 10:21 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 09:54 . 2009-04-30 09:54 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-29 17:20 . 2009-04-29 17:42 -------- d-----w c:\program files\Enigma Software Group
2009-04-27 15:32 . 2009-04-27 15:32 31776 ----a-w c:\programdata\nvModes.dat
2009-04-27 15:32 . 2009-04-27 15:32 31776 ----a-w c:\users\All Users\nvModes.dat
2009-04-27 15:23 . 2009-02-18 13:44 1108512 ----a-w c:\windows\system32\nvcpluir.dll
2009-04-27 15:23 . 2007-08-23 15:45 307200 ----a-w c:\windows\system32\nvexpbar.dll
2009-04-27 15:23 . 2009-02-18 13:44 801312 ----a-w c:\windows\system32\nvcplui.exe
2009-04-27 13:33 . 2009-04-27 13:33 -------- d-----w c:\windows\8AAB4176A747493AA42CB63CFADFD8E3.TMP
2009-04-27 12:44 . 2009-04-27 13:15 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll
2009-04-18 12:28 . 2009-04-21 19:06 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-04-18 12:28 . 2009-04-21 19:06 17212 ----atw c:\windows\system32\SIntf32.dll
2009-04-18 12:28 . 2009-04-21 19:06 12067 ----atw c:\windows\system32\SIntf16.dll
2009-04-18 12:26 . 2009-04-21 19:11 27487 ----a-w c:\windows\DIIUnin.dat
2009-04-18 12:26 . 2009-04-18 12:26 2829 ----a-w c:\windows\DIIUnin.pif
2009-04-18 12:26 . 2009-04-18 12:26 102400 ----a-w c:\windows\DIIUnin.exe
2009-04-16 22:18 . 2009-04-16 22:18 -------- d-----w c:\users\acer\AppData\Roaming\PC Suite
2009-04-16 22:17 . 2007-09-17 13:53 21632 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-16 22:17 . 2009-04-16 22:17 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-16 22:17 . 2009-04-16 22:17 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-16 10:59 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 10:59 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 10:59 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 10:59 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-09 18:41 . 2009-03-08 11:33 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-04-09 18:41 . 2009-03-08 11:33 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-04-09 18:41 . 2009-03-08 11:33 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-04-09 18:41 . 2009-03-08 11:33 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-04-09 18:41 . 2009-03-08 11:33 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-04-09 18:41 . 2009-03-08 11:33 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-09 18:41 . 2009-03-08 11:34 914944 ----a-w c:\windows\system32\wininet.dll
2009-04-03 18:48 . 2009-04-03 18:48 -------- d-----w c:\users\acer\AppData\Roaming\Atari
2009-04-03 18:44 . 2009-04-03 18:44 -------- d-----w c:\users\acer\AppData\Roaming\Leadertech
2009-04-03 18:44 . 2002-02-27 16:50 197120 ----a-w c:\windows\patchw32.dll
2009-04-03 18:44 . 2009-04-03 18:44 -------- d-----w c:\program files\Common Files\PocketSoft
2009-04-03 11:19 . 2009-04-28 22:10 -------- d-----w c:\users\acer\Tracing
2009-04-03 11:16 . 2009-04-03 11:16 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-03 11:14 . 2009-04-03 11:14 -------- d-----w c:\program files\Microsoft
2009-04-03 11:14 . 2009-04-03 11:14 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-31 20:16 . 2008-02-25 08:59 101504 ----a-r c:\windows\system32\drivers\ewusbmdm.sys
2009-03-31 20:16 . 2008-02-25 08:59 23424 ----a-r c:\windows\system32\drivers\ewdcsc.sys
2009-03-31 20:03 . 2009-03-31 20:03 -------- d-----w c:\users\acer\{74776fe2-fba9-4533-8802-24c0ab3c638c}
2009-03-31 20:02 . 2009-03-31 20:02 -------- d-----w c:\program files\Novatel Wireless
2009-03-31 19:52 . 2009-03-31 19:52 -------- d-----w c:\users\acer\{9f644326-ce1e-47d5-aa7c-c9333d4621ef}
2009-03-31 19:50 . 2008-05-07 05:38 90624 ----a-w c:\windows\system32\nmwcdcls.dll
2009-03-31 19:50 . 2009-04-16 22:18 -------- d-----w c:\program files\Nokia
2009-03-31 17:25 . 2009-02-27 10:57 25136 ----a-r c:\windows\system32\drivers\SymIMV.sys
2009-03-31 17:25 . 2009-03-31 19:20 -------- d-----w c:\windows\system32\drivers\NAV
2009-03-31 17:25 . 2009-03-31 17:25 -------- d-----w c:\program files\Norton AntiVirus
2009-03-31 17:25 . 2009-03-31 17:27 -------- d-----w c:\programdata\Norton
2009-03-31 17:25 . 2009-03-31 17:27 -------- d-----w c:\users\All Users\Norton
2009-03-31 17:25 . 2009-03-31 17:25 -------- d-----w c:\program files\NortonInstaller
2009-03-31 17:25 . 2009-03-31 17:25 -------- d-----w c:\programdata\NortonInstaller
2009-03-31 17:25 . 2009-03-31 17:25 -------- d-----w c:\users\All Users\NortonInstaller

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 12:08 . 2007-11-09 20:45 12 ----a-w c:\windows\bthservsdp.dat
2009-04-30 09:55 . 2006-11-02 15:33 618442 ----a-w c:\windows\system32\perfh007.dat
2009-04-30 09:55 . 2006-11-02 15:33 122648 ----a-w c:\windows\system32\perfc007.dat
2009-04-28 20:25 . 2008-06-05 14:16 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-28 20:25 . 2008-06-05 14:16 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-27 15:29 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infpub.dat
2009-04-27 15:29 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-27 15:21 . 2008-06-08 11:29 1356 ----a-w c:\users\acer\AppData\Local\d3d9caps.dat
2009-04-27 15:19 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstor.dat
2009-04-27 13:33 . 2008-12-14 13:30 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-25 09:47 . 2009-03-06 19:33 2568 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-17 11:35 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-03 18:41 . 2007-08-14 13:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 11:18 . 2008-06-07 17:55 -------- d-----w c:\program files\Windows Live
2009-03-31 20:16 . 2009-03-15 21:26 -------- d-----w c:\program files\Mobile Partner
2009-03-31 17:51 . 2007-08-14 15:03 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-31 17:50 . 2007-08-14 15:05 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-31 17:50 . 2007-08-14 15:05 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-31 17:50 . 2007-08-14 15:05 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-31 17:50 . 2007-08-14 15:04 -------- d-----w c:\program files\Symantec
2009-03-29 13:06 . 2008-06-04 09:47 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-26 01:02 . 2009-03-26 01:02 -------- d-----w c:\program files\o2 Connection Manager
2009-03-26 01:02 . 2009-03-26 01:02 -------- d-----w c:\program files\Common Files\AccSys
2009-03-17 23:09 . 2007-08-14 14:58 -------- d-----w c:\program files\Acer GameZone
2009-03-17 03:38 . 2009-04-16 10:59 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-15 23:16 . 2008-12-14 13:30 -------- d-----w c:\program files\AGEIA Technologies
2009-03-15 19:04 . 2007-12-17 18:10 27240 ----a-w c:\users\acer\AppData\Roaming\nvModes.dat
2009-03-14 22:11 . 2009-03-14 22:11 -------- d-----w c:\program files\Cisco
2009-03-14 22:11 . 2009-03-14 22:11 -------- d-----w c:\program files\Common Files\Intel
2009-03-14 22:11 . 2007-08-14 13:22 -------- d-----w c:\program files\Intel
2009-03-09 13:52 . 2009-03-09 13:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-09 13:14 . 2009-03-09 13:14 -------- d-----w c:\program files\CCleaner
2009-03-08 11:34 . 2009-04-09 18:42 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-09 18:42 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-09 18:42 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-09 18:42 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-09 18:42 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-09 18:42 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-09 18:42 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-09 18:42 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-09 18:42 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-09 18:42 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-09 18:42 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 19:33 . 2009-03-06 19:33 88 --sh--r c:\windows\system32\030D01CDCA.sys
2009-03-06 19:32 . 2009-03-06 19:32 -------- d-----w c:\program files\Common Files\Corel
2009-03-03 04:46 . 2009-04-16 11:00 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 11:00 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 11:00 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 11:00 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 11:00 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 11:00 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 11:00 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 11:00 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 11:00 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 11:00 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-27 19:55 . 2007-12-05 08:48 81864 ----a-w c:\users\acer\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-27 18:58 . 2009-02-27 18:16 2516 --sha-w c:\users\All Users\KGyGaAvL.sys
2009-02-27 18:58 . 2009-02-27 18:16 2516 --sha-w c:\programdata\KGyGaAvL.sys
2009-02-27 18:57 . 2009-02-27 18:16 88 --sh--r c:\users\All Users\030D01CDCA.sys
2009-02-27 18:57 . 2009-02-27 18:16 88 --sh--r c:\programdata\030D01CDCA.sys
2009-02-25 15:47 . 2009-02-25 15:47 520192 ----a-w c:\windows\system32\Grand Theft Auto IV Screenshot.scr
2009-02-09 03:10 . 2009-03-11 20:11 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:46 . 2009-02-06 17:46 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-06-23 16:47 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]

c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon_1080.wmv [2004-4-15 109278761]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DFAFE094-D4C1-48A8-BC82-E2143ABB895B}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{CDCFD7B0-710C-4174-AF30-74AC7A130015}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{28E1812B-D1E9-48C7-8843-1A1908863A24}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{ACE8BA82-0B4D-42B9-8471-E0903EC1F831}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exeV Wizard
"{E61FF275-CAE1-4C42-A592-22E6FF02ACB7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6D4282FF-3832-4DF8-A5F3-92DEEFCAEB9C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2740C0F-3D1D-4391-A49D-461C53A0BFA6}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
"{75AFE2C4-15F2-4E4A-BB87-499D5A7E7C96}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exelay Movie
"{F43E781A-E966-4DC1-A706-8ECA8C6D4C0D}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exelay Movie Resident Program
"{93C42024-53F4-4B25-85C0-A4A4932582B2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{22C29221-A562-451B-A283-04AB94683515}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F8767A6A-E26E-4AC6-AFA3-54FEDD0731A9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{0FB1460E-5B25-4B2C-A797-1B5963565A3A}"= UDP:86:BroadCam Web Server
"{B55B5F25-9966-4039-B29F-492F61E277AC}"= UDP:d:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{B2A54BA1-2224-46A4-AFA2-B97FEFF47FC6}"= TCP:d:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{60A4D7BA-6579-42D7-97D6-2C3B20548BC9}"= UDP:d:\rockstar games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{C5052336-31E4-4961-8704-D0110133568E}"= TCP:d:\rockstar games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{7ED0D33E-05BA-4CD1-A2C7-87C4A3C90F00}d:\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:d:\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{5C136704-F640-40E7-AF23-AA7CDA233B21}d:\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:d:\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{55AD80E5-C6FE-4EAF-822B-34CE479AC4F4}d:\\icq6\\icq.exe"= UDP:d:\icq6\icq.exe:ICQ Library
"UDP Query User{13174DE7-ED9A-4367-A6B8-708FD3639807}d:\\icq6\\icq.exe"= TCP:d:\icq6\icq.exe:ICQ Library
"{28B895E2-96C0-40CF-9AD0-967D9F321B6B}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{3BFBF13C-1B84-4352-BAEE-034A072F40BD}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{31150760-CDAA-4D4B-B8EB-EBA25DACC7ED}"= UDP:c:\program files\Microsoft Games for Windows - LIVE\Client\GFWLClient.exe:GFWLClient
"{2AF23969-5FF2-486F-A0D9-D78F884BA94E}"= TCP:c:\program files\Microsoft Games for Windows - LIVE\Client\GFWLClient.exe:GFWLClient
"{29EB6BAC-7069-48E5-8DE0-A809392946AA}"= UDP:c:\program files\o2 Connection Manager\o2 Connection Manager.exe:o2 Connection Manager
"{9C2A909E-2428-4FAB-B765-94E73D92F617}"= TCP:c:\program files\o2 Connection Manager\o2 Connection Manager.exe:o2 Connection Manager
"TCP Query User{5A0881BC-9E8F-4D94-8B31-BA04D9206F9D}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{14252357-DDC8-4238-8E1B-609353730091}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{F89F261A-7903-4452-B9D3-B9AA28CC3392}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{3D881BD0-3BA0-47A3-A575-2403A93EDD9A}d:\\need for speed prostreet\\nfs.exe"= UDP:d:\need for speed prostreet\nfs.exe:nfs
"UDP Query User{2F766B74-174B-4F79-82F7-73FB7BBC794C}d:\\need for speed prostreet\\nfs.exe"= TCP:d:\need for speed prostreet\nfs.exe:nfs

R2 gupdate1c998be7228911;Google Update Service (gupdate1c998be7228911);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [2009-02-27 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NAV\1005000.086\BHDrvx86.sys [2009-02-27 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NAV\1005000.086\ccHPx86.sys [2009-03-31 482352]
S1 IDSvix86;IDSvix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090420.001\IDSvix86.sys [2009-01-29 292912]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51 13560]
S2 accvssvc;AccSys WLAN Control Service;c:\program files\Common Files\AccSys\AccVSSvc.exe [2007-10-30 131072]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 BroadCamService;BroadCam Service;c:\program files\NCH Software\BroadCam\broadCam.exe [2008-12-13 368644]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\printer\center\KodakSvc.exe [2008-02-15 18944]
S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-30 101936]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NAV\1005000.086\SYMNDISV.SYS [2009-02-27 39984]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63fafe7b-c2ea-11dd-94a9-0013e8d1e939}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6def83bb-ba3c-11dd-9df3-0013e8d1e939}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6def83f3-ba3c-11dd-9df3-0013e8d1e939}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{704dce1c-1870-11de-b6b3-aa197dddacef}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{704dce1d-1870-11de-b6b3-aa197dddacef}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e82845e-1a03-11de-abc7-806e6f6e6963}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e8284db-1a03-11de-abc7-001b386d7db7}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ba09cc7-1543-11de-8e2a-a2d0cd8f6460}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae35e969-8f01-11dc-ab83-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b41ab95b-db3e-11dd-94a6-001b386d7db7}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3c66a5e-1152-11de-b990-82b275740a2e}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e92e952e-11a1-11de-b8b4-83eeb0c35a02}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f033efb5-c619-11dd-bd21-8267b2e17600}]
\shell\AutoRun\command - H:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6e28aa7-1e28-11de-b6ee-8fce8965d8c2}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6e28c54-1e28-11de-b6ee-8fce8965d8c2}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-04-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-27 18:48]

2009-04-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 09:30]

2009-04-29 c:\windows\Tasks\User_Feed_Synchronization-{146BC678-7861-45D7-B7BD-572B62FCF012}.job
- c:\windows\system32\msfeedssync.exe [2009-04-09 11:31]

2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{5E8FEE79-A9E8-426F-89F7-8494DE8BF1AB}.job
- c:\windows\system32\msfeedssync.exe [2009-04-09 11:31]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
TCP: {BBEE83B8-AD4A-41E1-A28C-2AB97E7C33BD} = 193.189.244.205 193.189.244.197
FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\5nrhfidl.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\google\Picasa3\npPicasa2.dll
FF - plugin: d:\google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 14:15
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\windows\system32\ovfsthxbfcpvily.dat 230815 bytes
c:\windows\system32\ovfsthxiwebsose.dll 60928 bytes executable
c:\windows\system32\ovfsthxledyfvlr.dll 18432 bytes executable
c:\windows\system32\ovfsthxqiltcawc.dat 43 bytes
c:\windows\system32\ovfsthxycmshnwh.dll 18432 bytes executable
c:\windows\system32\drivers\ovfsthxruixkvtp.sys 83456 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 6

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-188183238-694703743-1776845339-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,91,86,83,55,0d,8a,79,f2,5b,fc,bf,dd,64,13,d9,be,42,29,2d,e6,ff,64,
38,f2,8c,ae,c2,ac,c8,be,3b,02,3d,f6,d5,bf,16,38,aa,95,57,0f,fd,83,d5,33,78,\
"??"=hex:03,6a,e1,e1,64,48,85,7e,36,13,9e,02,7a,19,56,c5

[HKEY_USERS\S-1-5-21-188183238-694703743-1776845339-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,2e,fa,8a,bd,69,9b,2d,34,25,94,f6,88,e1,7d,d2,b5,50,25,89,97,
69,fc,1b,63,75,a8,4d,83,a9,69,b6,90,e2,79,28,0e,f5,90,30,b1,26,b4,55,d9,3e,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5012)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PSIService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\users\acer\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-04-30 14:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-04-30 12:18

Vor Suchlauf: 21 Verzeichnis(se), 34.259.341.312 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 33.702.363.136 Bytes frei

433 --- E O F --- 2009-04-30 10:00








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:42, on 30.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\acer\Desktop\trojanersoftware\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl-start.computerbild.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBEE83B8-AD4A-41E1-A28C-2AB97E7C33BD}: NameServer = 193.189.244.205 193.189.244.197
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AccSys WLAN Control Service (accvssvc) - AccSys GmbH - C:\Program Files\Common Files\AccSys\AccVSSvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c998be7228911) (gupdate1c998be7228911) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9527 bytes



ps die fehlermeldungen am start sind nun auch alle weg. danke erstmal. was bringt dir nun dieses logfile?

#4 Hi,
du hast einen rootkit auf deinem system, verzichte auf onlinebanking und sonstige geschefte, alle passwörter müssen von nem sauberen sys aus geendert werden, wenn du nicht im netz unterwegs bist, trenne den rechner vom netz, also wlan aus oder netzwerkkabel raus.
surfe nur auf von uns genannten seiten und downloade nur das von uns geforderte.
http://virus-protect.org/artikel/tools/gmer.html
gmer laden und scannen
bitte schalte alle programme auch antivirenprogramm ab,
bitte trenne die verbindung zum internet, also kabel raus wlan aus.
befor du das log postett, nicht vergessen norton wieder einzuschalten.

#5 Hallo chevroletti,

Ich heiße Daniel und ich arbeite für den externen Symantec Foren-Support in Europa.

Wenn Du ein gültiges Abonnement hast, kannst Du Live Update und einen vollständigen Systemscan ausführen. Die Malware sollte damit erkannt und entfernt werden. Wenn Du den vollständigen Systemscan nicht ausführen kannst, versuche es im abgesicherten Modus. Starte zum Aktivieren des abgesicherten Modus den Computer neu und drücke während des Hochfahrens (je nach Computer) F8 bzw. F5.

Wenn Du die Updates nicht hochladen oder die Infektionen nicht auf diese Weise entfernen kannst, kannst Du die Norton-Wiederherstellungsumgebung verwenden. Du solltest Malware auf dem Computer suchen, bevor sie aktiviert werden kann. Folge dazu den Anweisungen auf dieser Seite:
http://www.symantec.com/de/de/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080711105633DE


Gruß Daniel
Norton Forum Assist Team

#6 Da ein scanner nie 100 % erkennt sollte er trotzdem das gesagte ausfüren.