Internet Explorer auf Vista, öffnet sich automatisch mit werbung.

#1 Hallo Leute,

Ich hab ein problem mit meinem Internet Explorer, auf meinem Vista System.
Seitdem ich einen Crack für ein spiel installiert habe, öffnet sich nach einer Zeit der Internet Explorer von selbst, mit Werbung.Habe den chrack auch schon wieder entfernt. Ich habe schon alles mögliche versucht, mit Spybot, Counterspy, Ad-Aware,VundoVix und meinem Virenscanner. Da wurden auch immer etwas gefunden und gleich behoben, aber das problem ist immer wieder aufgetaucht!!

Ich habe mal ein HiJack erstellt, vieleicht kann mir ja einer von euch helfen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:09, on 15.12.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Users\Dominik\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dominik\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BlahHope] "C:\ProgramData\listlessless.dqxxs5n"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\DEBUG PLAN TEST.lboi4fu"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10126 bytes

#2 ComboFix
Download ComboFix und speichert es auf den Desktop!
Alle Fenster schliessen und combofix.exe starten
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
Wenn dein Virenscanner meckert,ignorieren !
__________
MfG Argus

#3 Danke, für die schnelle antwort.
Hier mein log:

ComboFix 07-12-15.5 - Dominik 2007-12-15 16:38:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1108 [GMT 1:00]
ausgeführt von:: C:\Users\Dominik\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\setup.exe

.
((((((((((((((((((((((( Dateien erstellt von 2007-11-15 bis 2007-12-15 ))))))))))))))))))))))))))))))
.

2007-12-15 12:56 . 2007-12-15 12:56 0 --a------ C:\Windows\System32\SBRC.dat
2007-12-15 12:56 . 2007-12-15 12:56 0 --a------ C:\Windows\System32\SBFC.dat
2007-12-15 12:55 . 2007-12-15 12:55 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\Sunbelt Software
2007-12-15 12:55 . 2007-12-15 12:55 <DIR> d-------- C:\Users\All Users\Sunbelt Software
2007-12-15 12:55 . 2007-12-15 12:55 <DIR> d-------- C:\ProgramData\Sunbelt Software
2007-12-15 12:54 . 2007-12-15 12:54 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-12-13 16:39 . 2007-12-13 16:39 <DIR> d-------- C:\Users\All Users\Lavasoft
2007-12-13 16:39 . 2007-12-13 16:39 <DIR> d-------- C:\ProgramData\Lavasoft
2007-12-13 16:39 . 2007-12-13 16:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-12 19:02 . 2007-12-12 19:02 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\Sierra
2007-12-12 18:43 . 2007-12-12 18:58 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\BitTorrent
2007-12-12 18:42 . 2007-12-12 18:42 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-12 17:14 . 2007-12-13 14:44 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-12 17:14 . 2007-12-13 14:44 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-12 17:06 . 2007-12-12 17:06 <DIR> d-a------ C:\Windows\zts2.exe
2007-12-12 17:06 . 2007-12-12 17:06 <DIR> d-a------ C:\Windows\System32\vcmgcd32.dll
2007-12-12 17:06 . 2007-12-12 17:06 <DIR> d-a------ C:\Windows\System32\iifgfgf.dll
2007-12-12 17:06 . 2007-12-12 17:06 <DIR> d-a------ C:\Windows\rundll16.exe
2007-12-12 17:06 . 2007-12-12 17:06 <DIR> d-a------ C:\Windows\rundl132.dll
2007-12-12 17:06 . 2007-12-12 17:06 <DIR> d-a------ C:\Windows\logo1_.exe
2007-12-12 17:04 . 2007-12-12 17:04 26 --a------ C:\Windows\Lic.xxx
2007-12-12 13:58 . 2007-12-12 13:58 <DIR> d-------- C:\Windows\System32\AGEIA
2007-12-12 13:58 . 2007-12-12 13:58 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-12-10 20:51 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2007-12-10 20:29 . 2007-12-10 22:45 <DIR> d-------- C:\VundoFix Backups
2007-12-10 18:24 . 2007-12-10 18:24 <DIR> d-------- C:\Program Files\Player Tool
2007-12-10 18:18 . 2007-12-10 18:18 <DIR> d-------- C:\Program Files\torrent_search
2007-12-10 18:18 . 2007-12-10 18:18 <DIR> d-------- C:\Program Files\BitTorrent Fastest Tool
2007-12-10 18:15 . 2007-12-10 18:15 <DIR> d-------- C:\Users\All Users\Slowfordsave
2007-12-10 18:15 . 2007-12-10 18:15 <DIR> d-------- C:\Users\All Users\each new axis love
2007-12-10 18:15 . 2007-12-10 18:15 <DIR> d-------- C:\ProgramData\Slowfordsave
2007-12-10 18:15 . 2007-12-10 18:15 <DIR> d-------- C:\ProgramData\each new axis love
2007-12-09 22:41 . 2007-12-10 17:24 <DIR> d-------- C:\Program Files\vLite
2007-12-09 22:41 . 2006-11-02 01:50 128,104 --a------ C:\Windows\System32\drivers\WimFltr.sys
2007-12-09 22:26 . 2007-12-09 22:26 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\TuneUp Software
2007-12-09 22:25 . 2007-12-09 22:25 <DIR> d-------- C:\Users\All Users\TuneUp Software
2007-12-09 22:25 . 2007-12-09 22:25 <DIR> d-------- C:\ProgramData\TuneUp Software
2007-12-09 22:25 . 2007-12-09 22:25 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-12-09 22:25 . 2007-05-16 09:41 29,704 --a------ C:\Windows\System32\uxtuneup.dll
2007-12-09 22:25 . 2007-04-26 15:57 16,904 --a------ C:\Windows\System32\authuitu.dll
2007-12-09 22:23 . 2007-12-13 16:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 22:08 . 2007-12-12 19:19 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\VMware
2007-12-07 18:05 . 2007-08-21 19:56 436,784 --a------ C:\Windows\System32\vnetlib.dll
2007-12-07 18:05 . 2007-08-21 19:56 150,064 --a------ C:\Windows\System32\vmnat.exe
2007-12-07 18:05 . 2007-08-21 19:57 121,392 --a------ C:\Windows\System32\vmnetdhcp.exe
2007-12-07 18:05 . 2007-08-21 19:25 50,992 -ra------ C:\Windows\System32\vmnetbridge.dll
2007-12-07 18:05 . 2007-08-21 19:25 28,592 -ra------ C:\Windows\System32\drivers\vmnetbridge.sys
2007-12-07 18:05 . 2007-08-21 19:57 25,008 --a------ C:\Windows\System32\drivers\vmnetuserif.sys
2007-12-07 18:05 . 2007-08-21 19:57 20,912 --a------ C:\Windows\System32\drivers\VMkbd.sys
2007-12-07 18:05 . 2007-08-21 19:25 17,712 -ra------ C:\Windows\System32\drivers\vmnet.sys
2007-12-07 18:05 . 2007-08-21 19:25 16,816 --a------ C:\Windows\System32\drivers\vmnetadapter.sys
2007-12-07 18:05 . 2007-08-21 19:25 13,104 --a------ C:\Windows\System32\vnetinst.dll
2007-12-07 18:04 . 2007-12-15 13:38 <DIR> d-------- C:\Users\All Users\VMware
2007-12-07 18:04 . 2007-12-15 13:38 <DIR> d-------- C:\ProgramData\VMware
2007-12-07 18:04 . 2007-12-07 18:04 <DIR> d-------- C:\Program Files\VMware
2007-12-07 18:04 . 2007-12-07 18:04 <DIR> d-------- C:\Program Files\Common Files\VMware
2007-12-07 18:01 . 2007-12-08 15:04 <DIR> d-------- C:\Program Files\ICQLite
2007-12-07 17:31 . 2007-12-07 17:31 <DIR> d-------- C:\Program Files\SlySoft
2007-12-07 13:30 . 2006-09-19 15:47 80,744 --a------ C:\Windows\System32\drivers\WSVD.sys
2007-12-07 10:15 . 2007-12-07 15:15 358,656,635 --a------ C:\Windows\MEMORY.DMP
2007-12-06 22:32 . 2007-12-06 22:32 <DIR> d--hs---- C:\Windows\System32\ShellDHCP
2007-12-06 22:32 . 2007-12-06 22:32 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-12-06 21:50 . 2007-03-08 00:51 129,784 --------- C:\Windows\System32\pxafs.dll
2007-12-06 21:44 . 2003-01-13 10:59 106,496 --------- C:\Windows\UPSCR.Scr
2007-12-06 21:43 . 2007-12-06 21:43 <DIR> d-------- C:\Windows\msdownld.tmp
2007-12-06 21:43 . 2007-12-06 21:43 <DIR> d-------- C:\Program Files\Windows Media-Komponenten
2007-12-06 21:43 . 2004-03-23 15:51 24,576 --------- C:\Windows\System32\UleadPhotoExplorer85_Res.dll
2007-12-06 21:43 . 2005-08-30 12:02 24,576 --------- C:\Windows\System32\Ulead Photo Explorer 86.scr
2007-12-06 21:40 . 2007-12-06 21:40 <DIR> d-------- C:\Windows\ulead.dat
2007-12-06 21:40 . 2007-12-06 21:40 <DIR> d-------- C:\Users\All Users\Ulead Systems
2007-12-06 21:40 . 2007-12-06 21:40 <DIR> d-------- C:\ProgramData\Ulead Systems
2007-12-06 21:40 . 2007-12-06 21:44 <DIR> d-------- C:\Program Files\Ulead Systems
2007-12-06 21:40 . 2007-12-06 21:42 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2007-12-06 21:40 . 2007-12-07 09:59 204 --a------ C:\Windows\ulead32.ini
2007-12-06 20:53 . 2007-12-06 20:53 13,824 --a------ C:\Windows\System32\drivers\splitcam.sys
2007-12-06 20:51 . 2003-05-14 21:07 389,120 --a------ C:\Windows\System32\actskn43.ocx
2007-12-06 20:50 . 2007-12-06 20:51 <DIR> d-------- C:\Program Files\SplitCam
2007-12-05 18:22 . 2007-12-05 18:22 0 --a------ C:\Users\Dominik\AppData\Roaming\wklnhst.dat
2007-12-05 18:16 . 2007-12-05 18:16 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-12-05 18:12 . 2007-12-05 18:12 685,816 --a------ C:\Windows\System32\drivers\sptd.sys
2007-12-05 11:58 . 2007-12-14 15:08 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\temp
2007-12-05 11:58 . 2007-12-05 11:58 <DIR> dr-h----- C:\Users\Dominik\AppData\Roaming\SecuROM
2007-12-05 10:27 . 2007-12-05 10:27 <DIR> d-------- C:\Temp
2007-12-04 12:51 . 2007-12-04 12:53 <DIR> d-a------ C:\Users\All Users\TEMP
2007-12-04 12:51 . 2007-12-04 12:53 <DIR> d-a------ C:\ProgramData\TEMP
2007-12-04 10:22 . 2007-12-04 10:22 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\AdobeUM
2007-12-04 10:21 . 2007-12-04 10:21 <DIR> d-------- C:\Users\All Users\Adobe
2007-12-04 10:21 . 2007-12-04 10:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-04 09:50 . 2007-12-04 09:50 <DIR> d-------- C:\Program Files\BearShare Applications
2007-12-04 09:50 . 2007-12-10 18:52 <DIR> d-------- C:\My Downloads
2007-12-04 09:50 . 2006-11-12 11:39 483,328 --a------ C:\Windows\System32\actskn45.ocx
2007-12-03 22:05 . 2007-12-03 22:05 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\PeerNetworking
2007-12-03 21:56 . 2007-12-14 17:48 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\Skype
2007-12-03 21:41 . 2007-12-03 21:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-03 21:41 . 2007-12-03 21:41 <DIR> d-------- C:\Program Files\Ahead
2007-12-03 21:41 . 2004-07-20 17:24 1,568,768 --------- C:\Windows\System32\ImagX7.dll
2007-12-03 21:41 . 2004-07-20 17:24 476,320 --------- C:\Windows\System32\ImagXpr7.dll
2007-12-03 21:41 . 2004-07-20 17:24 471,040 --------- C:\Windows\System32\ImagXRA7.dll
2007-12-03 21:41 . 2004-07-09 09:43 364,544 --------- C:\Windows\System32\TwnLib4.dll
2007-12-03 21:41 . 2004-07-20 17:24 262,144 --------- C:\Windows\System32\ImagXR7.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 14:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-07 16:07 --------- d-----w C:\ProgramData\CyberLink
2007-12-07 16:07 --------- d-----w C:\Program Files\CyberLink
2007-12-04 11:57 --------- d-----w C:\Program Files\Acer GameZone
2007-12-03 19:26 --------- d-----w C:\Program Files\Intel
2007-12-03 19:25 --------- d-sh--w C:\ProgramData\Vorlagen
2007-12-03 19:25 --------- d-sh--w C:\ProgramData\Startmenü
2007-12-03 19:25 --------- d-sh--w C:\ProgramData\Favoriten
2007-12-03 19:25 --------- d-sh--w C:\ProgramData\Dokumente
2007-12-03 19:25 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2007-12-03 19:25 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
2007-12-03 15:28 --------- d-----w C:\Program Files\Microsoft Works
2007-12-03 14:29 --------- d-----w C:\ProgramData\~0
2007-12-03 14:15 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-03 14:08 --------- d-----w C:\Program Files\NewTech Infosystems
2007-12-03 14:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-03 14:01 --------- d-----w C:\ProgramData\Symantec
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
2005-05-13 16:12 217,073 --sha-r C:\Windows\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\Windows\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\Windows\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\Windows\System32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\Windows\System32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\Windows\System32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\Windows\System32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\Windows\System32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\Windows\System32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\Windows\System32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\Windows\System32\yv12vfw.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 12:53]
"BlahHope"="C:\ProgramData\listlessless.dqxxs5n" [2007-12-10 18:15]
"axis love poll lite"="C:\ProgramData\DEBUG PLAN TEST.lboi4fu" [2007-12-10 18:15]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 10:10 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 06:09]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 13:54]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-24 10:49]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-06-26 08:35]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 14:37]
"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 17:49]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-05 10:30]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:15]
"VMware hqtray"="C:\Program Files\VMware\VMware Player\hqtray.exe" [2007-08-21 19:56]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-05 10:30]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-13 10:48:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-03 15:30 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=C:\Windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathAdder]
2007-05-07 17:40 159744 --a------ C:\Program Files\Razer\DeathAdder\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
2007-01-09 13:50 167936 --a------ C:\PROGRA~1\MEDIAK~1\MagicKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2005-05-23 09:57 90112 --a------ C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe -hide

R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
R2 int15;int15;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe -p
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe -k netsvcs
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\Windows\system32\DRIVERS\DKbFltr.sys
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys
R3 vmkbd;VMware kbd;\??\C:\Windows\system32\drivers\VMkbd.sys
R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys
S3 WimFltr;WimFltr;C:\Windows\system32\DRIVERS\wimfltr.sys
S3 WSVD;WSVD;\??\C:\Windows\system32\drivers\WSVD.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7429ec86-a355-11dc-be11-001b2464d53b}]
\shell\AutoRun\command - E:\AutoRun.exe /s

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
"2007-12-14 16:16:07 C:\Windows\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 16:40:47
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-12-15 16:41:28

#4 Spybot S&D TeaTimer
Bitte den TeaTimer von Spybot S & D deaktivieren:
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
abstellen!
Starte dazu Spybot S&D, deaktiviere den "Resident "TeaTimer".
Klicke auf "Advanced mode" > "JA" > "Tools" -Menu > klicke auf "Resident" >
das Häkchen entfernen aus der "Resident TeaTimer" (Schutz aller
Systemeinstellungen) > "exit".
(der TeaTimer be- bzw. verhindert alle weiteren Reinigungmaßnahmen!)

Download ResetTeaTimer
zum Desktop
Doppelklik ResetTeaTimer

Entferne auf C:\ Qoobox-->Papierkorb leeren

Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

O4 - HKCU\..\Run: [BlahHope] "C:\ProgramData\listlessless.dqxxs5n"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\DEBUG PLAN TEST.lboi4fu"

klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Entferne:
C:\ProgramData\listlessless.dqxxs5n
C:\ProgramData\DEBUG PLAN TEST.lboi4fu"
__________
MfG Argus

#5 wennn ich reset teatimer ausführe, meldet er mir nur "Unsupported Version" Unterstützt wohl kein vista, soll ich dan trotzdem fortfahren mit Qoobox löschen?

#6 Arbeite mal den Rest ab
__________
MfG Argus

#7 super, hat alles geklappt. der explorer hat sich noch nicht gemeldet. ist somit gelöst, das problem, vielen dank nochmal!!!