|
Plagegeister aller Art und deren Bekämpfung: Trojaner nicht löschbar + kaputter I.E.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.01.2010, 16:40 | #1 |
| Trojaner nicht löschbar + kaputter I.E. Hallo liebes Expertenteam, Ich öffne hier meinen Thread nochmal neu. Habe durch das Durchlesen der Regeln und anderen Threads jetzt das Wissen für ein richtigen Post. Nochmals kurz zum Problem: Habe mehrere Viren, die sich nicht löschen lassen. Kein Antivirenscanner kann ausgeführt werden. Der I.E ruft selbstständig jede Minute irgendeine neue Seite auf. Habe den CCleaner ausgeführt. MBAM konnte ich nicht installieren. RSIT habe ich auch ausgeführt. Hier der Bericht: RSIT BERICHT: Logfile of random's system information tool 1.06 (written by random/random) Run by ** at 2010-01-07 16:09:57 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 74 GB (31%) free of 239 GB Total RAM: 3326 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:10:02, on 07.01.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18349) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\msb.exe C:\Program Files\Acer\Empowering Technology\SysMonitor.exe C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\MSI\MSI.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Windows\System32\rundll32.exe C:\Users\**\AppData\Local\Temp\settdebugx.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Users\**\AppData\Local\Temp\wscsvc32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\**\Downloads\RSIT.exe C:\Users\**\Downloads\Domi.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *CQ.com Suche R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *ahoo! Deutschland R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *ing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *ing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *ahoo! Deutschland R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [MSI] "C:\Program Files\MSI\MSI.exe" -nogui O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas.dll,AddConsoleAliasAW O4 - HKCU\..\Run: [settdebugx.exe] C:\Users\Domi\AppData\Local\Temp\settdebugx.exe O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe O4 - Global Startup: Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - h**ps://stream.web.de/mail/activex/m...load_11213.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: MSI Configuration Service (ACS) - Unknown owner - C:\Windows\system32\acs.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9f1a85e1af34e) (gupdate1c9f1a85e1af34e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 11161 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-10-20 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-03-04 312880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-20 268816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04 142896] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "Acer Empowering Technology Monitor"=C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [2008-04-25 319488] "EmpoweringTechnology"=C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [2008-04-25 319488] "eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896] "PCMMediaSharing"=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-25 204908] "BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-02-25 34040] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-26 5369856] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-04-22 13535776] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-04-22 92704] "eRecoveryService"= [] "WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344] "MSI"=C:\Program Files\MSI\MSI.exe [2007-01-13 311296] "NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles [] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "AdobeBridge"= [] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408] "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-09-03 3342336] "LosAlamos"=C:\Windows\system32\sshnas.dll [2010-01-01 240128] "settdebugx.exe"=C:\Users\Domi\AppData\Local\Temp\settdebugx.exe [2010-01-04 716800] "Malware Defense"=C:\Program Files\Malware Defense\mdefense.exe [2010-01-07 1756088] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Nokia Ovi Suite.lnk - C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe C:\Users\Domi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2009-10-20 219664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "C:\Program Files\PPMate\ppmate.exe"="C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate" "C:\Program Files\PPMate\ppamnet.exe"="C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cd0e95-c9e2-11dd-9a77-001fe259b938}] shell\AutoRun\command - J:\InstallSeagateManager.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3911e1d-8548-11dd-890d-806e6f6e6963}] shell\AutoRun\command - E:\aoesetup.exe /autorun shell\directx\command - E:\DirectX\dxsetup.exe shell\dplay\command - E:\DirectX\dplay61a.exe shell\dxdiag\command - E:\goodies\ar40deu.exe shell\dxinfo\command - E:\goodies\DirectX\dxinfo.exe shell\dxtest\command - E:\DirectX\dxdiag.exe shell\dxtool\command - E:\goodies\DirectX\dxtool.exe shell\log\command - E:\goodies\machine\machine.exe -l shell\machine\command - E:\goodies\machine\machine.exe shell\setup\command - E:\aoesetup.exe /autorun shell\zone\command - E:\goodies\mszone\zonea600.exe ======List of files/folders created in the last 1 months====== 2010-01-07 16:09:57 ----D---- C:\rsit 2010-01-07 15:54:26 ----D---- C:\Program Files\CCleaner 2010-01-07 15:33:00 ----D---- C:\Program Files\Malware Defense 2010-01-07 14:22:16 ----A---- C:\Windows\system32\javaws.exe 2010-01-07 14:22:16 ----A---- C:\Windows\system32\javaw.exe 2010-01-07 14:22:16 ----A---- C:\Windows\system32\java.exe 2010-01-07 14:00:50 ----D---- C:\ProgramData\Kaspersky Lab 2010-01-07 14:00:50 ----D---- C:\Program Files\Kaspersky Lab 2010-01-07 13:53:29 ----D---- C:\ProgramData\Kaspersky Lab Setup Files 2010-01-04 19:37:15 ----D---- C:\ProgramData\Malwarebytes 2010-01-04 19:37:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-01-04 19:32:32 ----D---- C:\ProgramData\Avira 2010-01-04 19:29:25 ----D---- C:\Users\Domi\AppData\Roaming\Tific 2010-01-04 19:16:18 ----D---- C:\ProgramData\Norton 2010-01-04 19:16:04 ----D---- C:\ProgramData\NortonInstaller 2010-01-04 12:43:28 ----D---- C:\Windows\Minidump 2010-01-04 12:41:54 ----D---- C:\Program Files\Avira 2010-01-04 12:09:38 ----A---- C:\Windows\system32\krl32mainweq.dll 2010-01-04 12:07:12 ----A---- C:\ProgramData\sysReserve.ini 2010-01-02 07:16:27 ----A---- C:\Windows\msb.exe 2010-01-01 16:55:43 ----A---- C:\Windows\msa.exe 2010-01-01 16:55:27 ----A---- C:\Windows\system32\sshnas.dll 2009-12-31 22:45:41 ----D---- C:\ProgramData\Electronic Arts 2009-12-31 18:02:36 ----D---- C:\Program Files\Electronic Arts 2009-12-30 16:53:35 ----D---- C:\Users\**\AppData\Roaming\Amazon 2009-12-30 16:52:44 ----D---- C:\Program Files\Amazon 2009-12-26 19:22:51 ----D---- C:\ProgramData\Sports Interactive 2009-12-26 19:22:31 ----D---- C:\Users\Domi\AppData\Roaming\Sports Interactive 2009-12-26 19:12:06 ----A---- C:\Windows\system32\XAudio2_5.dll 2009-12-26 19:12:04 ----A---- C:\Windows\system32\xactengine3_5.dll 2009-12-26 19:12:04 ----A---- C:\Windows\system32\D3DX9_42.dll 2009-12-26 19:12:04 ----A---- C:\Windows\system32\d3dx11_42.dll 2009-12-26 19:12:04 ----A---- C:\Windows\system32\d3dx10_42.dll 2009-12-26 19:12:04 ----A---- C:\Windows\system32\d3dcsx_42.dll 2009-12-26 19:12:04 ----A---- C:\Windows\system32\D3DCompiler_42.dll 2009-12-26 19:12:03 ----A---- C:\Windows\system32\D3DX9_41.dll 2009-12-26 19:12:03 ----A---- C:\Windows\system32\d3dx10_41.dll 2009-12-26 19:12:03 ----A---- C:\Windows\system32\D3DCompiler_41.dll 2009-12-26 19:12:02 ----A---- C:\Windows\system32\XAudio2_4.dll 2009-12-26 19:12:02 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2009-12-26 19:11:59 ----A---- C:\Windows\system32\xactengine3_4.dll 2009-12-26 19:11:59 ----A---- C:\Windows\system32\X3DAudio1_6.dll 2009-12-26 19:11:57 ----A---- C:\Windows\system32\XAudio2_2.dll 2009-12-26 19:11:57 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2009-12-26 19:11:56 ----A---- C:\Windows\system32\xactengine3_2.dll 2009-12-26 19:09:31 ----D---- C:\Windows\system32\directx 2009-12-26 19:07:08 ----D---- C:\Program Files\Sports Interactive 2009-12-26 19:07:07 ----HD---- C:\Program Files\Zero G Registry 2009-12-20 10:25:19 ----D---- C:\Program Files\Zattoo 2009-12-12 11:05:41 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-12 11:05:39 ----A---- C:\Windows\system32\httpapi.dll 2009-12-11 15:16:53 ----A---- C:\Windows\system32\winhttp.dll 2009-12-11 15:16:46 ----A---- C:\Windows\system32\occache.dll 2009-12-11 15:16:46 ----A---- C:\Windows\system32\mshtml.dll 2009-12-11 15:16:45 ----A---- C:\Windows\system32\wininet.dll 2009-12-11 15:16:45 ----A---- C:\Windows\system32\urlmon.dll 2009-12-11 15:16:44 ----A---- C:\Windows\system32\ieframe.dll 2009-12-11 15:16:42 ----A---- C:\Windows\system32\iertutil.dll 2009-12-11 15:16:42 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-11 15:16:42 ----A---- C:\Windows\system32\ieapfltr.dll 2009-12-11 15:16:41 ----A---- C:\Windows\system32\mstime.dll 2009-12-11 15:16:41 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-11 15:16:41 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-11 15:16:41 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-11 15:16:41 ----A---- C:\Windows\system32\ieencode.dll 2009-12-11 15:16:41 ----A---- C:\Windows\system32\ieaksie.dll 2009-12-11 15:15:47 ----A---- C:\Windows\system32\rastls.dll 2009-12-11 15:15:47 ----A---- C:\Windows\system32\raschap.dll ======List of files/folders modified in the last 1 months====== 2010-01-07 16:09:21 ----D---- C:\Windows\Temp 2010-01-07 16:04:07 ----D---- C:\Windows\system32\drivers 2010-01-07 15:57:35 ----D---- C:\Windows\Debug 2010-01-07 15:57:35 ----D---- C:\Windows 2010-01-07 15:54:26 ----D---- C:\Program Files 2010-01-07 15:23:53 ----RSD---- C:\Windows\assembly 2010-01-07 15:23:53 ----D---- C:\Windows\Microsoft.NET 2010-01-07 15:11:51 ----D---- C:\Windows\rescache 2010-01-07 15:02:17 ----D---- C:\Windows\Tasks 2010-01-07 15:01:54 ----D---- C:\Windows\System32 2010-01-07 15:01:54 ----D---- C:\Windows\inf 2010-01-07 15:01:54 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-01-07 15:01:28 ----D---- C:\Windows\winsxs 2010-01-07 14:58:58 ----D---- C:\Windows\system32\catroot 2010-01-07 14:57:24 ----D---- C:\Windows\system32\catroot2 2010-01-07 14:53:47 ----D---- C:\Program Files\Windows Mail 2010-01-07 14:53:47 ----D---- C:\Program Files\Windows Calendar 2010-01-07 14:53:47 ----D---- C:\Program Files\Movie Maker 2010-01-07 14:53:46 ----D---- C:\Windows\servicing 2010-01-07 14:53:46 ----D---- C:\Windows\ehome 2010-01-07 14:53:46 ----D---- C:\Program Files\Windows Sidebar 2010-01-07 14:53:46 ----D---- C:\Program Files\Windows Photo Gallery 2010-01-07 14:53:46 ----D---- C:\Program Files\Windows Media Player 2010-01-07 14:53:46 ----D---- C:\Program Files\Windows Journal 2010-01-07 14:53:46 ----D---- C:\Program Files\Windows Defender 2010-01-07 14:53:46 ----D---- C:\Program Files\Windows Collaboration 2010-01-07 14:53:46 ----D---- C:\Program Files\Internet Explorer 2010-01-07 14:53:46 ----D---- C:\Program Files\Common Files\System 2010-01-07 14:53:45 ----D---- C:\Windows\system32\XPSViewer 2010-01-07 14:53:45 ----D---- C:\Windows\system32\sk-SK 2010-01-07 14:53:45 ----D---- C:\Windows\system32\lv-LV 2010-01-07 14:53:45 ----D---- C:\Windows\system32\ko-KR 2010-01-07 14:53:45 ----D---- C:\Windows\system32\hr-HR 2010-01-07 14:53:45 ----D---- C:\Windows\system32\et-EE 2010-01-07 14:53:45 ----D---- C:\Windows\system32\en-US 2010-01-07 14:53:45 ----D---- C:\Windows\system32\da-DK 2010-01-07 14:53:45 ----D---- C:\Windows\IME 2010-01-07 14:53:44 ----D---- C:\Windows\system32\zh-TW 2010-01-07 14:53:44 ----D---- C:\Windows\system32\zh-CN 2010-01-07 14:53:44 ----D---- C:\Windows\system32\uk-UA 2010-01-07 14:53:44 ----D---- C:\Windows\system32\sv-SE 2010-01-07 14:53:44 ----D---- C:\Windows\system32\sr-Latn-CS 2010-01-07 14:53:44 ----D---- C:\Windows\system32\SLUI 2010-01-07 14:53:44 ----D---- C:\Windows\system32\sl-SI 2010-01-07 14:53:44 ----D---- C:\Windows\system32\setup 2010-01-07 14:53:44 ----D---- C:\Windows\system32\ru-RU 2010-01-07 14:53:44 ----D---- C:\Windows\system32\ro-RO 2010-01-07 14:53:44 ----D---- C:\Windows\system32\pt-PT 2010-01-07 14:53:44 ----D---- C:\Windows\system32\pl-PL 2010-01-07 14:53:44 ----D---- C:\Windows\system32\oobe 2010-01-07 14:53:44 ----D---- C:\Windows\system32\migration 2010-01-07 14:53:44 ----D---- C:\Windows\system32\manifeststore 2010-01-07 14:53:44 ----D---- C:\Windows\system32\ja-JP 2010-01-07 14:53:44 ----D---- C:\Windows\system32\it-IT 2010-01-07 14:53:44 ----D---- C:\Windows\system32\hu-HU 2010-01-07 14:53:44 ----D---- C:\Windows\system32\he-IL 2010-01-07 14:53:44 ----D---- C:\Windows\system32\fr-FR 2010-01-07 14:53:44 ----D---- C:\Windows\system32\fi-FI 2010-01-07 14:53:44 ----D---- C:\Windows\system32\es-ES 2010-01-07 14:53:44 ----D---- C:\Windows\system32\el-GR 2010-01-07 14:53:44 ----D---- C:\Windows\system32\de-DE 2010-01-07 14:53:44 ----D---- C:\Windows\system32\cs-CZ 2010-01-07 14:53:44 ----D---- C:\Windows\system32\bg-BG 2010-01-07 14:53:44 ----D---- C:\Windows\system32\AdvancedInstallers 2010-01-07 14:53:43 ----D---- C:\Windows\system32\wbem 2010-01-07 14:53:43 ----D---- C:\Windows\system32\tr-TR 2010-01-07 14:53:43 ----D---- C:\Windows\system32\th-TH 2010-01-07 14:53:42 ----D---- C:\Windows\system32\nl-NL 2010-01-07 14:53:42 ----D---- C:\Windows\system32\nb-NO 2010-01-07 14:53:42 ----D---- C:\Windows\system32\lt-LT 2010-01-07 14:53:42 ----D---- C:\Windows\system32\ar-SA 2010-01-07 14:53:41 ----D---- C:\Windows\system32\pt-BR 2010-01-07 14:53:41 ----D---- C:\Windows\system32\migwiz 2010-01-07 14:53:37 ----RSD---- C:\Windows\Fonts 2010-01-07 14:53:37 ----D---- C:\Windows\AppPatch 2010-01-07 14:53:28 ----D---- C:\Windows\system32\Boot 2010-01-07 14:52:12 ----D---- C:\Windows\system32\RTCOM 2010-01-07 14:43:14 ----SHD---- C:\System Volume Information 2010-01-07 14:22:20 ----SHD---- C:\Windows\Installer 2010-01-07 14:22:15 ----D---- C:\Program Files\Java 2010-01-07 14:00:50 ----D---- C:\ProgramData 2010-01-07 13:58:27 ----D---- C:\Program Files\Common Files 2010-01-07 13:57:10 ----D---- C:\Program Files\Mozilla Firefox 2010-01-04 12:43:42 ----D---- C:\Windows\system32\Tasks 2010-01-02 18:44:15 ----D---- C:\Users\**\AppData\Roaming\ICQ 2010-01-01 12:34:30 ----D---- C:\Program Files\EA SPORTS 2010-01-01 12:29:45 ----D---- C:\Downloads 2009-12-31 19:47:46 ----D---- C:\Windows\Prefetch 2009-12-31 18:02:41 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-29 14:36:28 ----D---- C:\Program Files\ICQ6.5 2009-12-21 08:12:12 ----SD---- C:\Users\**\AppData\Roaming\Microsoft 2009-12-19 17:59:57 ----D---- C:\Users\**\AppData\Roaming\foobar2000 2009-12-12 11:05:30 ----D---- C:\ProgramData\Microsoft Help ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-09-01 128016] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-01-07 311312] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-11-03 21520] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 ACEDRV07;ACEDRV07; \??\C:\Windows\system32\drivers\ACEDRV07.sys [2009-01-09 101376] R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2008-07-30 277736] R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720] R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-04-25 15392] R2 PSDNServ;PSDNServ; C:\Windows\system32\drivers\PSDNServ.sys [2008-03-04 16944] R2 psdvdisk;PSDVdisk; C:\Windows\system32\drivers\psdvdisk.sys [2008-03-04 60464] R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2008-02-25 14544] R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2008-02-25 6080] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-26 2103512] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-04-22 7451040] R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver; C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-01-24 341504] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496] S3 AF15BDA;AF9015 BDA Filter; C:\Windows\system32\DRIVERS\AF15BDA.sys [2008-06-24 449664] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-09-15 17664] S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-21 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752] R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-04 500784] R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576] R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-04-22 118784] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544] S2 ACS;MSI Configuration Service; C:\Windows\system32\acs.exe [2005-12-30 36864] S2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] S2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456] S2 gupdate1c9f1a85e1af34e;Google Update Service (gupdate1c9f1a85e1af34e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-20 133104] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-06 655624] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] |
10.01.2010, 14:03 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nicht löschbar + kaputter I.E. Hallo und
__________________1.) Zwei Virenscanner (Kaspersky + AntiVir) mit Hintergrundwächter sind bei Dir installiert. Mehrere verträgt das System idR nicht - bitte einen davon deinstallieren!! 2.) Bitte mal den Avenger anwenden Vorbereitungen: a) Deaktiviere den Hintergrundwächter vom Virenscanner. b) Stöpsele alle externen Datenträger vom Rechner ab. Danach: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen: 3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete: C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job C:\Users\Domi\AppData\Local\Temp\settdebugx.exe C:\Users\Domi\AppData\Local\Temp\wscsvc32.exe C:\Windows\system32\sshnas.dll C:\Windows\msb.exe C:\Windows\msa.exe C:\Windows\msc.exe folders to delete: C:\Program Files\Malware Defense 5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.
__________________ |
Themen zu Trojaner nicht löschbar + kaputter I.E. |
antivir guard, avgnt, avgnt.exe, avira, avp.exe, bho, browser, desktop, device driver, diagnostics, error, firefox, google, gupdate, hdaudio.sys, helper, hijack, hijackthis, home, home premium, kaspersky, local\temp, malwarebytes' anti-malware, neue seite, nvlddmkm.sys, plug-in, popup, problem, programdata, realtek, registry, scan, senden, software, start menu, svchost.exe, system, trojaner, trojaner nicht löschbar, viren, windows |