|
Plagegeister aller Art und deren Bekämpfung: Danger! Harmful viruses detected on your computer.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.04.2010, 02:58 | #1 |
| Danger! Harmful viruses detected on your computer. hallo, genau das selbe problem habe ich auch seit gestern. was muss ich machen, bitte um hilfe... http://www.trojaner-board.de/84836-t...2-fakecog.html info.txt logfile of random's system information tool 1.06 2010-04-13 03:39:31 ======Uninstall list====== -->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0007 -removeonly ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003} Alice Greenfingers-->"C:\Program Files\eMachines GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\eMachines GameZone\Alice Greenfingers\install.log" ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE Amazing Adventures The Lost Tomb-->"C:\Program Files\eMachines GameZone\Amazing Adventures The Lost Tomb\Uninstall.exe" "C:\Program Files\eMachines GameZone\Amazing Adventures The Lost Tomb\install.log" Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Ask.com Search Assistant 1.0.1-->C:\Program Files\Ask Search Assistant\uninst.exe Azada-->"C:\Program Files\eMachines GameZone\Azada\Uninstall.exe" "C:\Program Files\eMachines GameZone\Azada\install.log" Bejeweled 2 Deluxe-->"C:\Program Files\eMachines GameZone\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\eMachines GameZone\Bejeweled 2 Deluxe\install.log" Bookworm Deluxe-->"C:\Program Files\eMachines GameZone\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\eMachines GameZone\Bookworm Deluxe\install.log" Bricks of Egypt-->"C:\Program Files\eMachines GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\eMachines GameZone\Bricks of Egypt\install.log" Cake Mania-->"C:\Program Files\eMachines GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\eMachines GameZone\Cake Mania\install.log" CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Chuzzle-->"C:\Program Files\eMachines GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\eMachines GameZone\Chuzzle\install.log" Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} Diner Dash-->"C:\Program Files\eMachines GameZone\Diner Dash\Uninstall.exe" "C:\Program Files\eMachines GameZone\Diner Dash\install.log" DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN eMachines Recovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly eMachines ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly eMachines-->"C:\Program Files\Oberon Media\eMachines\Uninstall.exe" "C:\Program Files\Oberon Media\eMachines\install.log" Farm Frenzy-->"C:\Program Files\eMachines GameZone\Farm Frenzy\Uninstall.exe" "C:\Program Files\eMachines GameZone\Farm Frenzy\install.log" FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x7 ControlPanel GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23} GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653} Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.1.249.1045\Installer\setup.exe" --uninstall --system-level Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} K-Lite Mega Codec Pack 4.8.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI Lexmark -->regsvr32.exe /s /u "C:\Program Files\Lexmark Printable Web\bho.dll" Lexmark 7600 Series-->C:\Program Files\Lexmark 7600 Series\Install\x86\Uninst.exe Lexmark Symbolleiste-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll" Mahjong Escape Ancient China-->"C:\Program Files\eMachines GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\eMachines GameZone\Mahjong Escape Ancient China\install.log" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C} Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Mystery Case Files - Huntsville-->"C:\Program Files\eMachines GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\eMachines GameZone\Mystery Case Files - Huntsville\install.log" Mystery Solitaire - Secret Island-->"C:\Program Files\eMachines GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\eMachines GameZone\Mystery Solitaire - Secret Island\install.log" Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-A098-36WX-8HWU-K375-H4WW-HU0A-XXUC" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nielsen//NetRatings-->C:\PROGRA~1\NETRAT~1\NetSight\NSSetup.exe /uninstall Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.1.0.32\InstStub.exe /X NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407 NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407 Nuclear Coffee - VideoGet 2.0.2.26-->"C:\Program Files\Nuclear Coffee\VideoGet\uninstall.exe" QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe" TASTstar 5.0 Demo-->MsiExec.exe /I{9DEA24B3-59BC-4C57-BD1C-4A261F269748} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF} Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41} Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB} Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018} Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC} Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC} Windows Live Writer-->MsiExec.exe /X{E0A4805D-280A-4DD7-9E74-3A5F85E302A1} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: 19nrn03-PC Event Code: 7036 Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Beendet". Record Number: 136098 Source Name: Service Control Manager Time Written: 20100413011036.000000-000 Event Type: Informationen User: Computer Name: 19nrn03-PC Event Code: 10029 Message: DCOM hat den Dienst TrustedInstaller mit den Argumenten "" gestartet, um den Server auszuführen: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Record Number: 136099 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20100413011043.000000-000 Event Type: Informationen User: Computer Name: 19nrn03-PC Event Code: 7036 Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Ausgeführt". Record Number: 136100 Source Name: Service Control Manager Time Written: 20100413011043.000000-000 Event Type: Informationen User: Computer Name: 19nrn03-PC Event Code: 7036 Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Beendet". Record Number: 136101 Source Name: Service Control Manager Time Written: 20100413012043.000000-000 Event Type: Informationen User: Computer Name: 19nrn03-PC Event Code: 7036 Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet". Record Number: 136102 Source Name: Service Control Manager Time Written: 20100413012543.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: 19nrn03-PC Event Code: 10 Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist. Record Number: 42976 Source Name: Microsoft-Windows-WMI Time Written: 20100413010859.000000-000 Event Type: Fehler User: Computer Name: 19nrn03-PC Event Code: 0 Message: Record Number: 42977 Source Name: gusvc Time Written: 20100413010936.000000-000 Event Type: Informationen User: Computer Name: 19nrn03-PC Event Code: 1 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 42978 Source Name: SecurityCenter Time Written: 20100413010938.000000-000 Event Type: Informationen User: Computer Name: 19nrn03-PC Event Code: 0 Message: Record Number: 42979 Source Name: gusvc Time Written: 20100413011036.000000-000 Event Type: Informationen User: Computer Name: 19nrn03-PC Event Code: 5 Message: Unsupported service control request (see data below) Record Number: 42980 Source Name: LightScribeService Time Written: 20100413013931.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: 19nrn03-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 41731 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100413013928.393822-000 Event Type: Überwachung gescheitert User: Computer Name: 19nrn03-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 41732 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100413013928.471822-000 Event Type: Überwachung gescheitert User: Computer Name: 19nrn03-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 41733 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100413013928.565422-000 Event Type: Überwachung gescheitert User: Computer Name: 19nrn03-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 41734 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100413013928.659022-000 Event Type: Überwachung gescheitert User: Computer Name: 19nrn03-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\mbamswissarmy.sys Record Number: 41735 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100413014000.779422-000 Event Type: Überwachung gescheitert User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\; "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random) Run by 19nrn03 at 2010-04-13 03:38:55 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 213 GB (72%) free of 295 GB Total RAM: 3001 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:39:29, on 13.04.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18444) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe C:\Program Files\Lexmark 7600 Series\lxdwmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe C:\Users\19nrn03\AppData\Local\Temp\davclnt.exe C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Users\19nrn03\Desktop\mbam-setup-1.45.exe C:\Users\19nrn03\AppData\Local\Temp\is-C1Q85.tmp\mbam-setup-1.45.tmp C:\Users\19nrn03\Desktop\mbam-setup-1.45.exe C:\Users\19nrn03\AppData\Local\Temp\is-EJEH6.tmp\mbam-setup-1.45.tmp C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\19nrn03\Desktop\RSIT.exe C:\Program Files\trend micro\19nrn03.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kurtlarvadisi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe" O4 - HKLM\..\Run: [lxdwamon] "C:\Program Files\Lexmark 7600 Series\lxdwamon.exe" O4 - HKLM\..\Run: [Lexmark 7600 Series Fax Server] "C:\Program Files\Lexmark 7600 Series\fm3032.exe" /s O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Ozenozoquqi] rundll32.exe "C:\Users\19nrn03\AppData\Local\KBDExwcp.dll",Startup O4 - HKCU\..\Run: [davclnt.exe] C:\Users\19nrn03\AppData\Local\Temp\davclnt.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1241898792064&h=01f3d6250ab246857af174edae9869c0/&filename=jinstall-6u13-windows-i586-jc.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1ca081fc6ed77b7) (gupdate1ca081fc6ed77b7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdwserv.exe O23 - Service: lxdw_device - - C:\Windows\system32\lxdwcoms.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- End of file - 11279 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}] Lexmark Symbolleiste - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll [2010-03-26 394608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\4.1.0.32\IPSBHO.DLL [2009-11-17 79224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-13 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-26 458736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}] Lexmark - C:\Program Files\Lexmark Printable Web\bho.dll [2009-05-11 180224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll [2010-03-26 394608] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Symbolleiste - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-10 30192] "BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-11-05 150040] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-11-05 178712] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-11-05 154136] "LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-07-25 768520] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-07-21 159744] "eRecoveryService"= [] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-27 6244896] "WarReg_PopUp"=C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [2008-05-09 49152] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-09 148888] "NielsenOnline"=C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [2009-02-25 45056] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792] "lxdwmon.exe"=C:\Program Files\Lexmark 7600 Series\lxdwmon.exe [2009-05-11 676520] "lxdwamon"=C:\Program Files\Lexmark 7600 Series\lxdwamon.exe [2009-05-11 16040] "Lexmark 7600 Series Fax Server"=C:\Program Files\Lexmark 7600 Series\fm3032.exe [2009-05-11 311976] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-29 437584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-09 68856] "RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616] "Ozenozoquqi"=C:\Users\19nrn03\AppData\Local\KBDExwcp.dll [2008-01-21 49664] "davclnt.exe"=C:\Users\19nrn03\AppData\Local\Temp\davclnt.exe [2010-04-11 260096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-10-28 221184] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSetActiveDesktop"=0 "NoActiveDesktopChanges"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSetActiveDesktop"= "NoActiveDesktopChanges"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-04-13 03:38:55 ----D---- C:\rsit 2010-04-13 03:38:55 ----D---- C:\Program Files\trend micro 2010-04-13 03:36:34 ----D---- C:\Users\19nrn03\AppData\Roaming\Malwarebytes 2010-04-13 03:36:25 ----D---- C:\ProgramData\Malwarebytes 2010-04-13 03:36:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-13 03:35:40 ----D---- C:\Program Files\CCleaner 2010-04-12 15:15:41 ----N---- C:\Windows\system32\MpSigStub.exe 2010-04-12 15:15:26 ----D---- C:\Windows\system32\N360_BACKUP 2010-04-12 14:58:20 ----RA---- C:\Windows\system32\GEARAspi.dll 2010-04-12 14:57:53 ----D---- C:\Program Files\Symantec 2010-04-12 14:56:55 ----D---- C:\Program Files\Norton 360 2010-04-12 14:56:42 ----D---- C:\Program Files\NortonInstaller 2010-04-11 21:39:53 ----D---- C:\ProgramData\PCSettings 2010-04-11 21:39:52 ----D---- C:\ProgramData\Norton 2010-04-11 21:39:36 ----D---- C:\ProgramData\NortonInstaller 2010-04-11 20:01:38 ----D---- C:\ProgramData\Norton Installer 2010-04-11 20:00:14 ----D---- C:\Program Files\Norton Utilities 14 2010-04-11 19:59:05 ----A---- C:\ProgramData\fiosejgfse.dll 2010-03-31 12:36:30 ----A---- C:\Windows\system32\wininet.dll 2010-03-31 12:36:30 ----A---- C:\Windows\system32\occache.dll 2010-03-31 12:36:30 ----A---- C:\Windows\system32\mshtml.dll 2010-03-31 12:36:29 ----A---- C:\Windows\system32\urlmon.dll 2010-03-31 12:36:28 ----A---- C:\Windows\system32\mshtmled.dll 2010-03-31 12:36:28 ----A---- C:\Windows\system32\iertutil.dll 2010-03-31 12:36:28 ----A---- C:\Windows\system32\ieframe.dll 2010-03-31 12:36:28 ----A---- C:\Windows\system32\iedkcs32.dll 2010-03-31 12:36:28 ----A---- C:\Windows\system32\ieapfltr.dll 2010-03-31 12:36:27 ----A---- C:\Windows\system32\mstime.dll 2010-03-31 12:36:27 ----A---- C:\Windows\system32\msfeeds.dll 2010-03-31 12:36:27 ----A---- C:\Windows\system32\jsproxy.dll 2010-03-31 12:36:27 ----A---- C:\Windows\system32\ieUnatt.exe 2010-03-31 12:36:27 ----A---- C:\Windows\system32\iepeers.dll 2010-03-31 12:36:27 ----A---- C:\Windows\system32\ieencode.dll 2010-03-31 12:36:27 ----A---- C:\Windows\system32\ieaksie.dll 2010-03-22 00:40:57 ----D---- C:\ProgramData\Lexmark 7600 Series 2010-03-18 02:35:29 ----A---- C:\Windows\system32\browserchoice.exe ======List of files/folders modified in the last 1 months====== 2010-04-13 03:39:00 ----D---- C:\Windows\Temp 2010-04-13 03:38:55 ----RD---- C:\Program Files 2010-04-13 03:36:27 ----D---- C:\Windows\system32\drivers 2010-04-13 03:36:25 ----HD---- C:\ProgramData 2010-04-13 03:09:46 ----D---- C:\Windows\Tasks 2010-04-13 03:07:40 ----SHD---- C:\System Volume Information 2010-04-13 02:10:31 ----D---- C:\Windows\System32 2010-04-13 02:10:31 ----D---- C:\Windows\inf 2010-04-13 02:10:31 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-04-12 21:03:15 ----D---- C:\ProgramData\Lx_cats 2010-04-12 19:54:54 ----SHD---- C:\Windows\Installer 2010-04-12 19:54:16 ----D---- C:\Program Files\Google 2010-04-12 15:39:13 ----D---- C:\Windows\system32\Tasks 2010-04-12 15:00:50 ----D---- C:\Program Files\Common Files\Symantec Shared 2010-04-12 14:58:21 ----D---- C:\Windows\system32\catroot 2010-04-12 14:58:19 ----DC---- C:\Windows\system32\DRVSTORE 2010-04-12 14:47:11 ----D---- C:\Windows 2010-04-12 14:46:53 ----D---- C:\drivers 2010-04-12 14:46:51 ----D---- C:\Intel 2010-04-12 14:46:31 ----AD---- C:\book 2010-04-12 14:46:28 ----D---- C:\Casino 2010-04-12 14:46:21 ----D---- C:\logs 2010-04-12 14:45:09 ----D---- C:\temp 2010-04-11 22:52:23 ----D---- C:\Windows\system32\catroot2 2010-04-11 21:42:24 ----D---- C:\ProgramData\Symantec 2010-04-11 21:41:49 ----D---- C:\Users\19nrn03\AppData\Roaming\Symantec 2010-04-11 21:13:48 ----AD---- C:\ProgramData\TEMP 2010-04-11 19:21:26 ----D---- C:\Windows\Prefetch 2010-04-05 22:57:27 ----D---- C:\Windows\system32\spool 2010-04-04 17:08:13 ----D---- C:\Program Files\Mozilla Firefox 2010-04-01 00:00:11 ----D---- C:\Program Files\Internet Explorer 2010-03-31 23:24:45 ----D---- C:\Windows\winsxs 2010-03-22 00:40:53 ----D---- C:\Users\19nrn03\AppData\Roaming\7600 Series ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [2010-03-24 536112] R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-26 501888] R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-12-09 371248] R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100409.001\IDSvix86.sys [2009-11-17 343088] R1 nnrnstdi;nnrnstdi; C:\Windows\system32\drivers\nnrnstdi.sys [2009-08-21 15360] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0401000.020\SRTSPX.SYS [2010-02-27 43696] R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784] R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0401000.020\SYMTDIV.SYS [2009-11-22 340016] R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-06-11 15392] R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-18 166960] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-11-04 952320] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-04-12 102448] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-19 26600] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-10-28 2476544] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-27 2147928] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100412.003\NAVENG.SYS [2010-04-12 84912] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100412.003\NAVEX15.SYS [2010-04-12 1324720] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-06-10 123904] R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0401000.020\SRTSP.SYS [2010-02-27 325680] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-04-12 124976] R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-26 1044984] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 ETService;Empowering Technology Service; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 lxdw_device;lxdw_device; C:\Windows\system32\lxdwcoms.exe [2008-05-16 594600] R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2010-02-26 126392] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] S2 gupdate1ca081fc6ed77b7;Google Update Service (gupdate1ca081fc6ed77b7); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-19 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-19 190448] S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdwserv.exe [2008-05-16 98984] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-10 30192] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- |
13.04.2010, 12:31 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Danger! Harmful viruses detected on your computer.__________________
__________________ |
13.04.2010, 12:49 | #3 |
| Danger! Harmful viruses detected on your computer. doch hab ich aber ich kann es leider nicht zu ende führen weil mein laptop andauernd eine meldung anzeigt das einige dateien geschädigt sind und nach dieser meldung bricht alles ab und das laptop führt neustart durch
__________________ |
13.04.2010, 13:17 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Danger! Harmful viruses detected on your computer. Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen: 3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete: C:\Users\19nrn03\AppData\Local\KBDExwcp.dll C:\Users\19nrn03\AppData\Local\Temp\davclnt.exe 5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken
__________________ Logfiles bitte immer in CODE-Tags posten |
13.04.2010, 14:20 | #5 |
| Danger! Harmful viruses detected on your computer. ich glaube es hat geplappt die komischen meldungen zeigt er nicht mehr an. ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6001, Service Pack 1) Tue Apr 13 15:11:30 2010 15:11:30: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6001, Service Pack 1) Tue Apr 13 15:11:45 2010 15:11:45: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, (c) by Swandog46 hxxp://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\Users\19nrn03\AppData\Local\KBDExwcp.dll" not found! Deletion of file "C:\Users\19nrn03\AppData\Local\KBDExwcp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Users\19nrn03\AppData\Local\Temp\davclnt.exe" not found! Deletion of file "C:\Users\19nrn03\AppData\Local\Temp\davclnt.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. hxxp://www.file-upload.net/download-2432082/avenger.rar.html |
13.04.2010, 14:56 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Danger! Harmful viruses detected on your computer. Ok, dann mach jetzt den Durchgang mit Malwarebytes und poste das Log.
__________________ --> Danger! Harmful viruses detected on your computer. |
Themen zu Danger! Harmful viruses detected on your computer. |
device driver, disabletaskmgr, emachines, eraser, gupdate, hdaudio.sys, home premium, install.exe, intrusion prevention, local\temp, msiexec.exe, plug-in, problem gelöst, programdata, seaport.exe, trustedinstaller, usbvideo.sys, windows-sicherheitscenterdienst, wireless lan |