Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV 2009 and Virus remover 2008 infection


  • Please log in to reply
11 replies to this topic

#1 LukeIamYourFather

LukeIamYourFather

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 20 December 2008 - 03:59 PM

Hello,

I have a laptop (german exchange student staying with us) which is infected with Antivirus 2009. I ran MALWAREBYTES this morning (with latest updates), and it detected and removed a bunch of stuff. The worst of the issues went away, such as blocking web sites, and tying up the internet connection. However, I still get popups when starting and using explorer.The latest is calling itself Virus Remover 2008. Any help or guideance appreciated. I am including Kaspersky scan log and hijack this logs.

thanks!

Logfile of random's system information tool 1.05 (written by random/random)
Microsoft Windows XP Professional Service Pack 2
System drive C: has 35 GB (48%) free of 73 GB
Total RAM: 2038 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:27, on 20.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\WINDOWS\BR040286.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\iFinger\iFinger.exe
C:\DOKUME~1\anna\LOKALE~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\igfxext.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Dokumente und Einstellungen\anna\Lokale Einstellungen\Temp\jkos-anna\binaries\ScanningProcess.exe
C:\Dokumente und Einstellungen\anna\Lokale Einstellungen\Temp\jkos-anna\binaries\ScanningProcess.exe
C:\Dokumente und Einstellungen\anna\Desktop\RSIT.exe
C:\Programme\trend micro\anna.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\Programme\iFinger\plugins\IE.ifp
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\WINDOWS\BR040286.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [A00F53A8F.exe] C:\DOKUME~1\anna\LOKALE~1\Temp\_A00F53A8F.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: iFinger 2.1.lnk = C:\Programme\iFinger\iFinger.exe
O4 - Global Startup: iFinger.lnk = C:\Programme\iFinger\iFinger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209519691015
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\crypt3232.dll
O20 - Winlogon Notify: d8f7973d509 - C:\WINDOWS\System32\crypt3232.dll
O20 - Winlogon Notify: __c00F97E4 - C:\WINDOWS\system32\__c00F97E4.dat
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 11954 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-17 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll [2006-12-14 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-19 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A114D52B-870C-4F15-8021-B6D7F91A054B}]
iFinger plugin / Browser helper object - C:\Programme\iFinger\plugins\IE.ifp [2001-07-09 349184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Programme\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2007-05-28 106496]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Programme\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"preload"=C:\Windows\RUNXMLPL.exe [2007-04-20 20480]
"IAAnotif"=C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2007-09-07 1015808]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Programme\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-03 110592]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]
"SynTPStart"=C:\Programme\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-01-08 68640]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2007-03-02 208896]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2007-07-04 475136]
"Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-05-28 342528]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2007-07-11 421888]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-10-17 858632]
"F-PROT Antivirus Tray application"=C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [2007-10-24 1428064]
"TrueImageMonitor.exe"=C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-04-10 1127976]
"AcronisTimounterMonitor"=C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe [2006-04-10 1845995]
"Acronis Scheduler2 Service"=C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [2006-04-07 126976]
"BisonInst0402"=C:\WINDOWS\BR040286.exe [2007-05-08 53248]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-03 160768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2008-09-23 21755688]
"MsnMsgr"=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Picasa Media Detector"=C:\Programme\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]
"A00F53A8F.exe"=C:\DOKUME~1\anna\LOKALE~1\Temp\_A00F53A8F.exe [2008-12-20 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\91935739832950341377016507111755]
C:\Programme\Antivirus 2009\av2009.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
iFinger 2.1.lnk - C:\Programme\iFinger\iFinger.exe
iFinger.lnk - C:\Programme\iFinger\iFinger.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\crypt3232.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\d8f7973d509]
C:\WINDOWS\System32\crypt3232.dll [2008-12-08 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00F97E4]
C:\WINDOWS\system32\__c00F97E4.dat [2008-12-20 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FPAVServer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Far\Far.exe"="C:\Programme\Far\Far.exe:*:Enabled:File and archive manager"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9972deb3-4390-11dd-b7bb-001f3c07adab}]
shell\AutoRun\command - F:\PTStart.exe enystar_setup.exe


======List of files/folders created in the last 1 months======

2008-12-20 11:36:11 ----D---- C:\rsit
2008-12-20 11:36:11 ----D---- C:\Programme\trend micro
2008-12-19 12:50:26 ----SHD---- C:\WINDOWS\system32\GroupPolicyManifest
2008-12-14 18:30:34 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\Malwarebytes
2008-12-14 18:30:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-12-14 18:30:13 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2008-12-13 12:44:49 ----D---- C:\Programme\Spybot - Search & Destroy
2008-12-13 12:44:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-12-13 12:23:10 ----SHD---- C:\WINDOWS\CSC
2008-12-13 12:15:30 ----A---- C:\WINDOWS\system32\winsrc.dll.tmp
2008-12-13 11:50:47 ----D---- C:\WINDOWS\pss
2008-12-10 21:17:36 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-10 14:32:21 ----D---- C:\Programme\Angle Interactive
2008-12-10 14:32:21 ----D---- C:\ProgramData
2008-12-08 13:44:36 ----A---- C:\WINDOWS\GnuHashes.ini
2008-12-08 13:37:01 ----A---- C:\WINDOWS\system32\crypt3232.dll
2008-11-28 16:14:53 ----D---- C:\WINDOWS\system32\LogFiles

======List of files/folders modified in the last 1 months======

2008-12-20 11:36:11 ----D---- C:\Programme
2008-12-20 10:56:59 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\Skype
2008-12-20 10:45:13 ----D---- C:\WINDOWS\Prefetch
2008-12-20 10:09:10 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-20 10:00:07 ----D---- C:\WINDOWS\system32
2008-12-20 09:57:25 ----A---- C:\WINDOWS\win.ini
2008-12-20 09:57:22 ----D---- C:\WINDOWS\Temp
2008-12-20 09:57:06 ----D---- C:\WINDOWS
2008-12-20 09:54:33 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 09:53:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 09:53:08 ----RASH---- C:\boot.ini
2008-12-20 09:53:08 ----A---- C:\WINDOWS\system.ini
2008-12-20 08:44:47 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\skypePM
2008-12-19 16:06:54 ----D---- C:\Programme\Mozilla Firefox
2008-12-14 14:23:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-13 14:55:58 ----SHD---- C:\WINDOWS\Installer
2008-12-07 22:06:26 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\LimeWire
2008-11-27 11:16:45 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-26 23:05:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-26 12:22:02 ----SD---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40192]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-04-29 21425]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-08-06 32224]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 Cam5607;Acer Crystal Eye webcam; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-10-29 829096]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-01-20 17408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 NETw4x32;Intel® Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-03 28672]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2007-08-10 6144]
R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-07 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-01 290816]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-20 58240]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-03 275200]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-04 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-04 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-04 21488]
S3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-11-02 32512]
S3 PCX500;Cisco drahtloser LAN-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\pcx500.sys [2004-08-03 169984]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2006-04-07 204800]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-03-31 273256]
R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-01 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 FPAVServer;F-PROT Antivirus for Windows system; C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2007-10-24 18016]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-13 28933976]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared Files\RichVideo.exe [2007-01-08 171040]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-13 69632]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2005-11-02 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-13 87840]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programme\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]
S4 SQLBrowser;SQL Server-Browser; C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-13 240416]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2008-12-20 11:36:29

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer Crystal Eye Webcam-->C:\Programme\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\Setup.exe -runfromtemp -l0x0007 -removeonly
Acer Crystal Eye-->C:\Programme\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\Setup.exe -runfromtemp -l0x0007 -removeonly
Acer eDataSecurity Management 2.0.4088-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1031
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer eLock Management-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x7 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x7 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x7 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x7 -removeonly
Acer eSettings Management-->"C:\Programme\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acronis True Image Home-->MsiExec.exe /X{7F129516-73AD-4232-8FD0-C7BC2508B274}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A71000000002}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Business Contact Manager für Outlook 2007-->"C:\Programme\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {4cb9f93c-9edc-4be9-ae61-af128ddbecfa}
Business Contact Manager für Outlook 2007-->MsiExec.exe /X{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}
Canon Camera Access Library-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1031
Canon Camera Support Core Library-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1031
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{93973C6B-F862-4C16-84D1-7B675D650103}
Canon Internet Library for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D0E8C34D-19D2-49FD-A900-88DEB788FF86}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities PhotoStitch 3.1-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (G)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
FAR file manager-->C:\Programme\Far\Uninstall.exe
F-PROT Antivirus for Windows-->MsiExec.exe /X{484E1A3C-94D9-4230-9AE4-467EE6B40180}
F-PROT Antivirus Updater Fix-->MsiExec.exe /I{F8A3A6BC-D68F-445B-B1BA-6F03A4352865}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcZUnM5k.inf
Hervorhebe-Funktion (Windows Live Toolbar)-->MsiExec.exe /X{00D0200F-3B4D-4A2F-869E-533ED835A943}
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
iFinger 2.1-->C:\PROGRA~1\iFinger\UNWISE.EXE C:\PROGRA~1\iFinger\INSTALL.LOG
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Launch Manager-->C:\WINDOWS\UnInst32.exe LManager.UNI
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Messenger Plus! Live-->"C:\Programme\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010407-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40407-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"C:\Programme\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.19)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
NTI Backup NOW! 4.7-->"C:\Programme\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly
NTI Backup NOW! 4.7-->C:\Programme\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0407
NTI CD & DVD-Maker-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1031 CDM7
NTI Shadow-->"C:\Programme\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe" -removeonly
NTI Shadow-->C:\Programme\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe -runfromtemp -l0x0407
Picasa 2-->"C:\Programme\Picasa2\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Programme\InstallShield Installation Information\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}\setup.exe -runfromtemp -l0x0407
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Favorites für Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Live Toolbar-->"C:\Programme\Windows Live Toolbar\UnInstall.exe" {0AC49543-9CE2-4434-AD42-5AA6E2967FA5}
Windows Live Toolbar-->MsiExec.exe /X{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}
Windows Live Toolbar-Erweiterung (Windows Live Toolbar)-->MsiExec.exe /X{218761F6-CBF6-4973-B910-A33E6563A1EA}
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
WinZip-->C:\Programme\WinZip\WINZIP32.EXE /uninstall

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: F-PROT Antivirus for Windows (outdated)

System event log

Computer Name: NB-ANNA
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet.

Record Number: 9881
Source Name: Service Control Manager
Time Written: 20081119142612.000000-540
Event Type: Informationen
User: NB-ANNA\anna

Computer Name: NB-ANNA
Event Code: 7036
Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt".

Record Number: 9880
Source Name: Service Control Manager
Time Written: 20081119142612.000000-540
Event Type: Informationen
User:

Computer Name: NB-ANNA
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 9879
Source Name: Service Control Manager
Time Written: 20081119142610.000000-540
Event Type: Informationen
User:

Computer Name: NB-ANNA
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 9878
Source Name: Service Control Manager
Time Written: 20081119142610.000000-540
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: NB-ANNA
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "psdvdisk" gesendet.

Record Number: 9877
Source Name: Service Control Manager
Time Written: 20081119142603.000000-540
Event Type: Informationen
User: NB-ANNA\anna

Application event log

Computer Name: NB-ANNA
Event Code: 1000
Message: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.3119, Fehleradresse 0x00012a5b.

Record Number: 13908
Source Name: Application Error
Time Written: 20081203202149.000000-540
Event Type: Fehler
User:

Computer Name: NB-ANNA
Event Code: 11729
Message: Product: F-PROT Antivirus Updater Fix -- Configuration failed.

Record Number: 13907
Source Name: MsiInstaller
Time Written: 20081203201946.000000-540
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: NB-ANNA
Event Code: 4096
Message: Software update successfully initiated

For more information please visit http://www.f-prot.com/support/index.html

Record Number: 13906
Source Name: F-PROT Antivirus
Time Written: 20081203201940.000000-540
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: NB-ANNA
Event Code: 1000
Message: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.3119, Fehleradresse 0x00012a5b.

Record Number: 13905
Source Name: Application Error
Time Written: 20081203194030.000000-540
Event Type: Fehler
User:

Computer Name: NB-ANNA
Event Code: 11729
Message: Product: F-PROT Antivirus Updater Fix -- Configuration failed.

Record Number: 13904
Source Name: MsiInstaller
Time Written: 20081203193034.000000-540
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Microsoft SQL Server\90\Tools\binn\;C:\Programme\Intel\Wireless\Bin\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 20, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 20, 2008 17:59:53
Records in database: 1492345


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
C:\Dokumente und Einstellungen\anna\Startmenü\Programme\Autostart
C:\Program Files
C:\Programme
C:\WINDOWS

Scan statistics
Files scanned 28935
Threat name 3
Infected objects 59
Suspicious objects 0
Duration of the scan 00:26:35

File name Threat name Threats count
C:\WINDOWS\System32\crypt3232.dll/C:\WINDOWS\System32\crypt3232.dll Infected: Trojan-Downloader.Win32.Agent.arsg 51

C:\WINDOWS\system32\crypt3232.dll Infected: Trojan-Downloader.Win32.Agent.arsg 1

C:\WINDOWS\system32\GroupPolicyManifest\1.music.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1

C:\WINDOWS\system32\GroupPolicyManifest\10.setup.zip Infected: Trojan-Downloader.Win32.Agent.aseo 1

C:\WINDOWS\system32\GroupPolicyManifest\11.unpack.zip Infected: Trojan-Downloader.Win32.Agent.aseo 1

C:\WINDOWS\system32\GroupPolicyManifest\12.limepro.zip Infected: Trojan-Downloader.Win32.Agent.aseo 1

C:\WINDOWS\system32\GroupPolicyManifest\13.keygen.zip Infected: Trojan-Downloader.Win32.Agent.aseo 1

C:\WINDOWS\system32\GroupPolicyManifest\2.crack.zip Infected: Trojan-Downloader.Win32.Agent.aseo 1

C:\WINDOWS\system32\GroupPolicyManifest\9.remix.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:32 PM

Posted 28 December 2008 - 03:22 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 LukeIamYourFather

LukeIamYourFather
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 29 December 2008 - 07:42 PM

Orange Blossom,

Thanks for the reply. The laptop is still infected. I ran malwarebytes with updates this morning, and it reported and fixed 6 infections (trojanagent and trojanvundo). The worst of the virus behavior is gone for the time being, but I still get pop ups when starting internet explorer. such as
"warning..various signs of viruses.Spywareguard2008 will clean you up...etc.
"dialog from http//sgviralscan.com doing its scanning thing"
"another your computer is infected msg"
"and a warning of scan results, infections, etc.

For fun I ran malwarebytes again after that...sez the system is clean. Spybot S&D found nothing either.

So...I downloaded and ran DDS. Here is the DDS.txt log. I did not Attach the zipped attach.txt log. I couldnt figure out how to add one. When I fiure it out i will send it on.

thanks much.
Luke

DDS (Version 1.1.0) - NTFSx86
Run by anna at 15:11:20,00 on 29.12.2008
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.2038.1348 [GMT -9:00]

AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\DOKUME~1\anna\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\BR040286.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\iFinger\iFinger.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Windows Live Toolbar\msn_sl.exe
C:\Dokumente und Einstellungen\anna\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar mit Pop-Up-Blocker: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre1.5.0_11\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: iFinger plugin / Browser helper object: {a114d52b-870c-4f15-8021-b6d7f91a054b} - c:\programme\ifinger\plugins\IE.ifp
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programme\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programme\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar mit Pop-Up-Blocker: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: iFinger: {0cbd5120-990b-11d3-8abd-00c04fa95ee0} - c:\windows\system32\SHDOCVW.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MsnMsgr] "c:\programme\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Picasa Media Detector] c:\programme\picasa2\PicasaMediaDetector.exe
mRun: [preload] c:\windows\RUNXMLPL.exe
mRun: [IAAnotif] "c:\programme\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\programme\realtek\installshield\AzMixerSel.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPStart] c:\programme\synaptics\syntp\SynTPStart.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [F-PROT Antivirus Tray application] c:\programme\frisk software\f-prot antivirus for windows\FProtTray.exe
mRun: [TrueImageMonitor.exe] c:\programme\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\programme\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\programme\gemeinsame dateien\acronis\schedule2\schedhlp.exe"
mRun: [BisonInst0402] c:\windows\BR040286.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\adober~1.lnk - c:\programme\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\bttray.lnk - c:\programme\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\ifinge~1.lnk - c:\programme\ifinger\iFinger.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\ifinger.lnk - c:\programme\ifinger\iFinger.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office\OSA9.EXE
IE: &Windows Live Search - c:\programme\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Senden an &Bluetooth-Gerät... - c:\programme\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\programme\java\jre1.5.0_11\bin\ssv.dll
IE: {936E5D60-596C-11D3-BB96-00600816DF55} - {0CBD5120-990B-11D3-8ABD-00C04FA95EE0} - c:\windows\system32\SHDOCVW.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: d8f7973d509 - c:\windows\system32\crypt3232.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\crypt3232.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\anna\anwend~1\mozilla\firefox\profiles\36sd0orx.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.firesearch.com/

============= SERVICES / DRIVERS ===============

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2008-4-29 579808]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2008-4-29 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2008-4-29 78208]
R2 FPAVServer;F-PROT Antivirus for Windows system;"c:\programme\frisk software\f-prot antivirus for windows\FPAVServer.exe" [2007-10-24 18016]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\programme\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -sMSSMLBIZ [2006-4-13 28933976]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-4-29 32512]
S3 PCX500;Cisco drahtloser LAN-Adaptertreiber;c:\windows\system32\drivers\pcx500.sys [2008-11-27 169984]

=============== Created Last 30 ================

2008-12-24 04:45 373,760 a--sh--- c:\windows\system32\2CC.tmp
2008-12-20 11:36 <DIR> --d----- c:\programme\trend micro
2008-12-19 12:50 <DIR> --dsh--- c:\windows\system32\GroupPolicyManifest
2008-12-18 17:09 1,226 a------- C:\xcrashdump.dat
2008-12-14 18:30 <DIR> --d----- c:\dokume~1\anna\anwend~1\Malwarebytes
2008-12-14 18:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-14 18:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 18:30 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Malwarebytes
2008-12-14 18:30 <DIR> --d----- c:\programme\Malwarebytes' Anti-Malware
2008-12-13 12:44 <DIR> --d----- c:\programme\Spybot - Search & Destroy
2008-12-13 12:44 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Spybot - Search & Destroy
2008-12-13 12:15 0 a------- c:\windows\system32\winsrc.dll.tmp
2008-12-13 11:50 <DIR> --d----- c:\windows\pss
2008-12-10 14:32 <DIR> --d----- c:\programme\Angle Interactive
2008-12-10 14:32 <DIR> --d----- C:\ProgramData
2008-12-08 15:06 1 a------- c:\windows\system32\tb.dr
2008-12-08 14:59 1 a------- c:\windows\system32\edl.dat
2008-12-08 13:44 9,677 a------- c:\windows\GnuHashes.ini
2008-12-08 13:37 1,531 a--sh--- c:\windows\system32\GroupPolicy000.dat
2008-12-08 13:37 135,168 a------- c:\windows\system32\crypt3232.dll

==================== Find3M ====================

2008-11-26 23:05 480,674 a------- c:\windows\system32\perfh007.dat
2008-11-26 23:05 101,700 a------- c:\windows\system32\perfc007.dat



============= FINISH: 15:13:03,03 ===============

#4 LukeIamYourFather

LukeIamYourFather
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 29 December 2008 - 07:55 PM

Here's the zipped attach.txt

Attached Files



#5 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 31 December 2008 - 07:34 AM

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).
Click Scan.
When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.
Click the Logs tab.
Double-click log-mm.dd.yyyy [xxxxxx].txt.

In your next reply, please include:
-The log from Malwarebytes' Anti-Malware.
- A new HijackThis log
- How things are running.
Posted Image
Proud member of ASAP since 2007

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:06:32 PM

Posted 31 December 2008 - 07:34 AM

Dupe post.

Edited by Thunder, 31 December 2008 - 07:35 AM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 LukeIamYourFather

LukeIamYourFather
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 01 January 2009 - 01:33 PM

Happy New Year.

I reran an updated malwarebytes (DB version 1565). It removed 5 infections. I then launched internet explorer, and did not see the immediate pop up that my computer is infected. So, it appears that problem has been eliminated by the last MWB run. I will use the laptop a bit more and continue to monitor its behavior.

Here is the last MWBytes log and an updated HJT log.

Thanks!

Malwarebytes' Anti-Malware 1.31
Database version: 1589
Windows 5.1.2600 Service Pack 2

01.01.2009 09:15:20
mbam-log-2009-01-01 (09-15-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 127228
Time elapsed: 43 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\crypt3232.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\d8f7973d509 (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Downloader) -> Data: c:\windows\system32\crypt3232.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Downloader) -> Data: system32\crypt3232.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\crypt3232.dll (Trojan.Downloader) -> Delete on reboot.


Logfile of random's system information tool 1.05 (written by random/random)
Run by anna at 2009-01-01 09:23:10
Microsoft Windows XP Professional Service Pack 2
System drive C: has 34 GB (46%) free of 73 GB
Total RAM: 2038 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:23:22, on 01.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\BR040286.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOKUME~1\anna\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Dokumente und Einstellungen\anna\Desktop\RSIT.exe
C:\Programme\trend micro\anna.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\Programme\iFinger\plugins\IE.ifp
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\WINDOWS\BR040286.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: iFinger 2.1.lnk = C:\Programme\iFinger\iFinger.exe
O4 - Global Startup: iFinger.lnk = C:\Programme\iFinger\iFinger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209519691015
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 11073 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-17 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll [2006-12-14 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-19 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A114D52B-870C-4F15-8021-B6D7F91A054B}]
iFinger plugin / Browser helper object - C:\Programme\iFinger\plugins\IE.ifp [2001-07-09 349184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Programme\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2007-05-28 106496]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Programme\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"preload"=C:\Windows\RUNXMLPL.exe [2007-04-20 20480]
"IAAnotif"=C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2007-09-07 1015808]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Programme\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-03 110592]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]
"SynTPStart"=C:\Programme\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-01-08 68640]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2007-03-02 208896]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2007-07-04 475136]
"Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-05-28 342528]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2007-07-11 421888]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-10-17 858632]
"F-PROT Antivirus Tray application"=C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [2007-10-24 1428064]
"TrueImageMonitor.exe"=C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-04-10 1127976]
"AcronisTimounterMonitor"=C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe [2006-04-10 1845995]
"Acronis Scheduler2 Service"=C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [2006-04-07 126976]
"BisonInst0402"=C:\WINDOWS\BR040286.exe [2007-05-08 53248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2008-09-23 21755688]
"MsnMsgr"=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Picasa Media Detector"=C:\Programme\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\91935739832950341377016507111755]
C:\Programme\Antivirus 2009\av2009.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
iFinger 2.1.lnk - C:\Programme\iFinger\iFinger.exe
iFinger.lnk - C:\Programme\iFinger\iFinger.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FPAVServer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Far\Far.exe"="C:\Programme\Far\Far.exe:*:Enabled:File and archive manager"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9972deb3-4390-11dd-b7bb-001f3c07adab}]
shell\AutoRun\command - F:\PTStart.exe enystar_setup.exe


======List of files/folders created in the last 1 months======

2008-12-24 04:45:12 ----ASH---- C:\WINDOWS\system32\2CC.tmp
2008-12-20 11:36:11 ----D---- C:\rsit
2008-12-20 11:36:11 ----D---- C:\Programme\trend micro
2008-12-19 12:50:26 ----SHD---- C:\WINDOWS\system32\GroupPolicyManifest
2008-12-14 18:30:34 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\Malwarebytes
2008-12-14 18:30:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-12-14 18:30:13 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2008-12-13 12:44:49 ----D---- C:\Programme\Spybot - Search & Destroy
2008-12-13 12:44:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-12-13 12:23:10 ----SHD---- C:\WINDOWS\CSC
2008-12-13 12:15:30 ----A---- C:\WINDOWS\system32\winsrc.dll.tmp
2008-12-13 11:50:47 ----D---- C:\WINDOWS\pss
2008-12-10 21:17:36 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-10 14:32:21 ----D---- C:\Programme\Angle Interactive
2008-12-10 14:32:21 ----D---- C:\ProgramData
2008-12-08 13:44:36 ----A---- C:\WINDOWS\GnuHashes.ini

======List of files/folders modified in the last 1 months======

2009-01-01 09:20:01 ----A---- C:\WINDOWS\win.ini
2009-01-01 09:19:13 ----D---- C:\WINDOWS
2009-01-01 09:18:14 ----D---- C:\WINDOWS\Temp
2009-01-01 09:17:00 ----D---- C:\WINDOWS\system32\drivers
2009-01-01 09:17:00 ----D---- C:\WINDOWS\system32
2009-01-01 09:16:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-01 08:23:21 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\skypePM
2008-12-31 16:49:03 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\Skype
2008-12-31 16:10:39 ----D---- C:\Programme\Mozilla Firefox
2008-12-31 13:53:28 ----D---- C:\WINDOWS\Prefetch
2008-12-29 15:48:12 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-29 13:29:05 ----D---- C:\Programme
2008-12-27 17:17:35 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-25 08:43:17 ----D---- C:\Programme\Launch Manager
2008-12-20 09:53:08 ----RASH---- C:\boot.ini
2008-12-20 09:53:08 ----A---- C:\WINDOWS\system.ini
2008-12-13 14:55:58 ----SHD---- C:\WINDOWS\Installer
2008-12-07 22:06:26 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40192]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-04-29 21425]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-08-06 32224]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 Cam5607;Acer Crystal Eye webcam; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-10-29 829096]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-01-20 17408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 NETw4x32;Intel® Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-03 28672]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2007-08-10 6144]
R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-07 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-01 290816]
R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-20 58240]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-03 275200]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-04 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-04 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-04 21488]
S3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-11-02 32512]
S3 PCX500;Cisco drahtloser LAN-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\pcx500.sys [2004-08-03 169984]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2006-04-07 204800]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-03-31 273256]
R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-01 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 FPAVServer;F-PROT Antivirus for Windows system; C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2007-10-24 18016]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-13 28933976]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared Files\RichVideo.exe [2007-01-08 171040]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-13 69632]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2005-11-02 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-13 87840]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programme\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]
S4 SQLBrowser;SQL Server-Browser; C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-13 240416]

-----------------EOF-----------------

#8 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 01 January 2009 - 02:40 PM

Hi,

open HijackThis, click do a scan only and place a check next to the following entries:

R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BisonInst0402] C:\WINDOWS\BR040286.exe

Close all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis.

It is also important to keep your Java updated as there is the possibility that some malware uses out of date Java installs to infect pc's. Test if your version is the latest here.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 update 11 .
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 update 11, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.9 MB).
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Post a new HijackThis log and let me know how things are running.
Posted Image
Proud member of ASAP since 2007

#9 LukeIamYourFather

LukeIamYourFather
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 02 January 2009 - 06:45 PM

I followed the steps you outlined. The only thing that didn't work was the update of the latest Java runtime environment. The file that was downloaded didn't have the expected name either. It's 1230918701136-integrated.jnlp. When I try to open it it, it will not open (porgramnotfoound). Not sure what the issue is. I'll try this step again later.

The laptop is running alot better. Everything seems to be working ok....no hint of the previous problems. I've provided the latest HJT log.

thanks!


Logfile of random's system information tool 1.05 (written by random/random)
Run by anna at 2009-01-02 14:39:40
Microsoft Windows XP Professional Service Pack 2
System drive C: has 34 GB (46%) free of 73 GB
Total RAM: 2038 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:52, on 02.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programme\Skype\Phone\Skype.exe
C:\DOKUME~1\anna\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\iFinger\iFinger.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\anna\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\anna.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\Programme\iFinger\plugins\IE.ifp
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: iFinger 2.1.lnk = C:\Programme\iFinger\iFinger.exe
O4 - Global Startup: iFinger.lnk = C:\Programme\iFinger\iFinger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209519691015
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10493 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-17 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-19 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A114D52B-870C-4F15-8021-B6D7F91A054B}]
iFinger plugin / Browser helper object - C:\Programme\iFinger\plugins\IE.ifp [2001-07-09 349184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Programme\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2007-05-28 106496]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Programme\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"preload"=C:\Windows\RUNXMLPL.exe [2007-04-20 20480]
"IAAnotif"=C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2007-09-07 1015808]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"AzMixerSel"=C:\Programme\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-03 110592]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]
"SynTPStart"=C:\Programme\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-01-08 68640]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2007-03-02 208896]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2007-07-04 475136]
"Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-05-28 342528]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2007-07-11 421888]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-10-17 858632]
"F-PROT Antivirus Tray application"=C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [2007-10-24 1428064]
"TrueImageMonitor.exe"=C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-04-10 1127976]
"AcronisTimounterMonitor"=C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe [2006-04-10 1845995]
"Acronis Scheduler2 Service"=C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [2006-04-07 126976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2008-09-23 21755688]
"MsnMsgr"=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Picasa Media Detector"=C:\Programme\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\91935739832950341377016507111755]
C:\Programme\Antivirus 2009\av2009.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
iFinger 2.1.lnk - C:\Programme\iFinger\iFinger.exe
iFinger.lnk - C:\Programme\iFinger\iFinger.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FPAVServer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Far\Far.exe"="C:\Programme\Far\Far.exe:*:Enabled:File and archive manager"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9972deb3-4390-11dd-b7bb-001f3c07adab}]
shell\AutoRun\command - F:\PTStart.exe enystar_setup.exe


======List of files/folders created in the last 1 months======

2009-01-02 08:59:24 ----SHD---- C:\Config.Msi
2008-12-24 04:45:12 ----ASH---- C:\WINDOWS\system32\2CC.tmp
2008-12-20 11:36:11 ----D---- C:\rsit
2008-12-20 11:36:11 ----D---- C:\Programme\trend micro
2008-12-19 12:50:26 ----SHD---- C:\WINDOWS\system32\GroupPolicyManifest
2008-12-14 18:30:34 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\Malwarebytes
2008-12-14 18:30:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-12-14 18:30:13 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2008-12-13 12:44:49 ----D---- C:\Programme\Spybot - Search & Destroy
2008-12-13 12:44:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-12-13 12:23:10 ----SHD---- C:\WINDOWS\CSC
2008-12-13 12:15:30 ----A---- C:\WINDOWS\system32\winsrc.dll.tmp
2008-12-13 11:50:47 ----D---- C:\WINDOWS\pss
2008-12-10 21:17:36 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-10 14:32:21 ----D---- C:\Programme\Angle Interactive
2008-12-10 14:32:21 ----D---- C:\ProgramData
2008-12-08 13:44:36 ----A---- C:\WINDOWS\GnuHashes.ini

======List of files/folders modified in the last 1 months======

2009-01-02 14:39:46 ----D---- C:\WINDOWS\Prefetch
2009-01-02 14:36:32 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\Skype
2009-01-02 13:29:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-02 11:41:58 ----A---- C:\WINDOWS\win.ini
2009-01-02 09:02:30 ----D---- C:\WINDOWS\Temp
2009-01-02 09:02:22 ----D---- C:\WINDOWS
2009-01-02 08:59:42 ----SHD---- C:\WINDOWS\Installer
2009-01-02 08:59:35 ----D---- C:\Programme\Gemeinsame Dateien
2009-01-02 08:59:24 ----D---- C:\WINDOWS\system32
2009-01-02 08:34:06 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\skypePM
2009-01-01 09:17:00 ----D---- C:\WINDOWS\system32\drivers
2008-12-31 16:10:39 ----D---- C:\Programme\Mozilla Firefox
2008-12-29 15:48:12 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-29 13:29:05 ----D---- C:\Programme
2008-12-27 17:17:35 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-25 08:43:17 ----D---- C:\Programme\Launch Manager
2008-12-20 09:53:08 ----RASH---- C:\boot.ini
2008-12-20 09:53:08 ----A---- C:\WINDOWS\system.ini
2008-12-07 22:06:26 ----D---- C:\Dokumente und Einstellungen\anna\Anwendungsdaten\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40192]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-04-29 21425]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-08-06 32224]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 Cam5607;Acer Crystal Eye webcam; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-10-29 829096]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-01-20 17408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 NETw4x32;Intel® Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-03 28672]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2007-08-10 6144]
R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-07 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-01 290816]
R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-20 58240]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-03 275200]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-04 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-04 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-04 21488]
S3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-11-02 32512]
S3 PCX500;Cisco drahtloser LAN-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\pcx500.sys [2004-08-03 169984]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2006-04-07 204800]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-03-31 273256]
R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-01 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 FPAVServer;F-PROT Antivirus for Windows system; C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2007-10-24 18016]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-13 28933976]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared Files\RichVideo.exe [2007-01-08 171040]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-13 69632]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2005-11-02 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-13 87840]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programme\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]
S4 SQLBrowser;SQL Server-Browser; C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-13 240416]

-----------------EOF-----------------

#10 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 03 January 2009 - 02:37 AM

Hi,
this log looks clean to me. :thumbsup:
  • Clean out Temporary Files etc.
    This program is for Vista, XP and Windows 2000 only
    Please download ATF Cleaner by Atribune.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All. Then remove the check mark for cookies
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • Remove the check mark for Cookies
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .
    If you use Opera browser
    • Click Opera at the top and
    • choose: Select All.
    • Remove the check mark for Cookies
    • Click the Empty Selected button.
    It is a good idea to do this every few weeks as a lot of junk collects there over time.

  • Create a new, clean System Restore point which you can use in case of future system problems:
    Press Start->All Programs->Accessories->System Tools->System Restore
    Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

    Now remove old, infected System Restore points:
    Next click Start->Run and type cleanmgr in the box and press OK
    Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
    Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
    Press OK and Yes to confirm

  • Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK
  • Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.
  • if you are using Internet Explorer v. 6
    Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    There are good reasons to upgrade to Internet Explorer v. 7. Do look into this. You can find a lot of information about it on Microsoft's website.
  • Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.
    Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.
  • Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.
  • Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miekiem...prevention.html that will give you more information on some of the points above.

  • Please check out Tony Klein's article "How did I get infected in the first place?"
Follow this list and your potential for being infected again will reduce dramatically. (preventionspeech by Elrond)
Posted Image
Proud member of ASAP since 2007

#11 LukeIamYourFather

LukeIamYourFather
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 03 January 2009 - 01:06 PM

Rosty,

Thanks for all of your help, and the tips for being more secure going forward. One final question. On other threads on Malware in Bleeping Computer, c:\windows\GnuHashes.ini, C:\windows\system32\2CC.tmp, and C:\windows\system32\GroupPolicyManifest are all identified as being hostile files to be removed. I have these three on the laptop. Your opinion on these?

thanks!

#12 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 03 January 2009 - 01:11 PM

Hi,

if you're sure the file's are the same you may remove them.
And the help is given with pleasure. :thumbsup:
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users