IE 7 öffnet von alleine neue Fenster mit Werbung

#1 Hallo brauche mal Hilfe,
mein IE 7 öffnet selbstständig alle paar minuten eine neue seite auf, woran liegt das.

Logfile of HijackThis v1.99.1
Scan saved at 15:45:49, on 14.02.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Users\ANDREB~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\ t\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Norten findet nichts, Spyware Doktor findet immer wieder einen Dialer der angeblich aber gelöscht sein soll.

Vielen Dank für Antworten

#2 wende bitte Combofix an + poste hier das log
http://virus-protect.org/artikel/tools/combofix.html

#3 Habe ich gemacht !


ComboFix 08-02-14.3 - 2008-02-14 17:27:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.715 [GMT 1:00]
ausgeführt von:: C:\Users\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
* Resident AV is active


(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\ \AppData\Local\gxjcld.dat
C:\Users\ \AppData\Local\gxjcld.exe
C:\Users\ \AppData\Local\gxjcld_nav.dat
C:\Users\ \AppData\Local\gxjcld_navps.dat
C:\Windows\system32\FTPx.dll
C:\Windows\system32\MabryObj.dll
C:\Windows\system32\x64

.
((((((((((((((((((((((( Dateien erstellt von 2008-01-14 bis 2008-02-14 ))))))))))))))))))))))))))))))
.

2008-02-14 17:09 . 2008-02-14 17:12 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-14 17:09 . 2008-02-14 17:12 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-14 17:09 . 2008-02-14 17:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-14 17:08 . 2008-02-14 17:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 17:04 . 2008-02-14 17:07 <DIR> d-------- C:\Users\ t\AppData\Roaming\Lavasoft
2008-02-14 11:50 . 2008-02-14 11:50 <DIR> d-------- C:\Users\ t\AppData\Roaming\PC Tools
2008-02-14 11:50 . 2008-02-14 14:36 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-14 11:50 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-02-14 11:50 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-02-14 11:50 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-02-14 11:50 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-02-14 11:41 . 2008-02-14 12:26 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-14 11:41 . 2008-02-14 12:26 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-14 11:41 . 2008-02-14 12:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-14 11:22 . 2008-02-14 17:13 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-14 11:22 . 2008-02-14 17:13 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-14 09:08 . 2008-02-14 09:08 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 00:42 . 2008-02-14 00:42 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 00:42 . 2008-02-14 00:42 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 00:37 . 2008-02-14 00:37 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 00:37 . 2008-02-14 00:37 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 00:37 . 2008-02-14 00:37 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 00:37 . 2008-02-14 00:37 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-14 00:37 . 2008-02-14 00:37 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-14 00:37 . 2008-02-14 00:37 25,656 --a------ C:\Windows\System32\drivers\msahci.sys
2008-02-14 00:37 . 2008-02-14 00:37 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-14 00:37 . 2008-02-14 00:37 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-14 00:35 . 2008-02-14 00:35 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 00:35 . 2008-02-14 00:35 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 00:35 . 2008-02-14 00:35 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 00:35 . 2008-02-14 00:35 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 00:35 . 2008-02-14 00:35 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-14 00:34 . 2008-02-14 00:34 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 00:34 . 2008-02-14 00:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-09 17:49 . 2008-02-09 17:49 <DIR> d-------- C:\Program Files\Windows Live
2008-02-04 22:01 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2008-02-04 21:59 . 2008-02-04 22:01 <DIR> d-------- C:\Program Files\Java
2008-02-04 21:58 . 2008-02-04 21:58 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-24 15:06 . 2008-01-25 08:56 <DIR> d-------- C:\Program Files\profiSUBMIT
2008-01-24 15:06 . 2008-01-24 15:06 <DIR> d-------- C:\Program Files\mresreg
2008-01-15 13:28 . 2006-07-01 04:25 151,552 --a------ C:\Windows\System32\w2dzip32.dll
2008-01-15 13:15 . 2008-01-15 13:15 110,304 --a------ C:\Windows\System32\drivers\ACEDRV09.sys
2008-01-15 13:13 . 2008-01-15 13:13 <DIR> d-------- C:\Program Files\DATA BECKER
2008-01-14 18:46 . 2008-01-14 18:46 <DIR> d-------- C:\Windows\System32\config\systemprofile\{ef416408-a156-4184-ab61-e2fdf27246f5}
2008-01-14 18:44 . 2008-01-14 18:44 <DIR> d-------- C:\Windows\System32\config\systemprofile\{be4fce72-245e-4f8e-8ffa-c3a6d32d75f6}
2008-01-14 18:42 . 2006-01-04 09:12 77,824 --a------ C:\Windows\System32\HPZIDS01.dll
2008-01-14 18:42 . 2006-02-09 15:45 38,400 --a------ C:\Windows\System32\hpz3l054.dll
2008-01-14 18:41 . 2006-02-01 01:48 282,624 --a------ C:\Windows\System32\HPZc3212.dll
2008-01-14 18:41 . 2006-02-01 01:48 21,568 --a------ C:\Windows\System32\drivers\HPZius12.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 16:33 3,407,872 --sha-w C:\Users\ t\NTUSER.DAT
2008-02-14 16:33 3,407,872 --sha-w C:\Users\ t\NTUSER.DAT
2008-02-14 16:11 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-02-14 16:07 --------- d-----w C:\Users\ t\AppData\Roaming\Lavasoft
2008-02-14 15:38 --------- d-----w C:\Users\ t\AppData\Roaming\Skype
2008-02-14 15:06 --------- d-----w C:\Users\ t\AppData\Roaming\skypePM
2008-02-14 13:17 --------- d-----w C:\ProgramData\FLEXnet
2008-02-14 11:57 --------- d-----w C:\ProgramData\Symantec
2008-02-14 11:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 10:50 --------- d-----w C:\Users\ t\AppData\Roaming\PC Tools
2008-02-14 10:49 --------- d-----w C:\ProgramData\Google Updater
2008-02-13 23:40 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-13 23:40 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-13 23:40 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-13 23:40 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 23:40 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-13 23:40 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 23:40 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-13 23:40 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 23:40 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 23:40 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-13 23:40 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 23:40 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 23:40 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-13 23:40 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 23:40 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 23:40 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 23:40 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-13 23:40 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 23:40 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 23:40 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 23:40 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 23:40 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 23:40 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 23:40 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-13 23:40 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-13 23:40 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 23:40 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-13 23:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 23:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 23:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 23:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 23:27 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 23:27 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 23:27 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 23:27 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 17:00 --------- d-----w C:\Users\ t\AppData\Roaming\Adobe
2008-02-13 16:17 --------- d-----w C:\Program Files\StarMoney 6.0
2008-02-13 07:43 --------- d-----w C:\Users\ t\AppData\Roaming\FileZilla
2008-02-09 16:58 --------- d-s---w C:\Users\ t\AppData\Roaming\Microsoft
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-10 12:13 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 12:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 12:09 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 12:09 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 12:09 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-01 13:45 --------- d-----w C:\Users\ t\AppData\Roaming\CyberLink
2007-12-31 14:37 0 ----a-w C:\Users\ t\AppData\Roaming\wklnhst.dat
2007-12-31 13:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 07:32 101,376 ----a-w C:\Windows\system32\drivers\ACEDRV07.sys
2007-12-30 18:36 --------- d-----w C:\Program Files\Norton Internet Security
2007-12-29 16:51 --------- d-----w C:\Program Files\HTML Studio
2007-12-29 16:50 --------- d-----w C:\Program Files\FileZilla Client
2007-12-29 14:44 --------- d-----w C:\ProgramData\CyberLink
2007-12-29 14:37 --------- d-----w C:\Users\ t\AppData\Roaming\Google
2007-12-29 13:39 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-29 13:36 --------- d-----w C:\Program Files\Common Files\Control Panels
2007-12-29 13:34 --------- d-----w C:\ProgramData\ALM
2007-12-29 13:06 --------- d-----w C:\Program Files\Bonjour
2007-12-29 13:02 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-29 12:49 --------- d-----w C:\Program Files\Google
2007-12-29 12:00 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-29 11:46 --------- d-----w C:\Program Files\Ashampoo
2007-12-29 11:41 --------- d-----w C:\Program Files\Acer GameZone
2007-12-29 11:36 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-29 11:36 --------- d-----w C:\Program Files\Microsoft Works
2007-12-29 11:32 --------- d-----w C:\Program Files\Yahoo!
2007-12-29 11:20 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-29 11:20 32 ----a-w C:\ProgramData\ezsid.dat
2007-12-29 11:19 --------- d-----w C:\ProgramData\Skype
2007-12-29 11:19 --------- d-----w C:\Program Files\Skype
2007-12-29 11:19 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-29 11:07 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-29 11:01 174 --sha-w C:\Program Files\desktop.ini
2007-12-29 10:56 --------- d-----w C:\Program Files\Windows Calendar
2007-12-29 10:54 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-29 10:54 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-29 10:54 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-29 10:54 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-29 10:54 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-29 10:54 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-29 10:54 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-29 10:54 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-29 10:54 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-29 10:54 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-29 10:54 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-29 10:54 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-29 10:54 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-29 13:49 68856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 17:42 1006264]
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 05:39 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 05:36 22696]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-16 06:51 768520]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-27 18:13:29 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 14:27]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080212.002\IDSvix86.sys [2007-12-04 17:51]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51]
R2 ACEDRV09;ACEDRV09;C:\Windows\system32\drivers\ACEDRV09.sys [2008-01-15 13:15]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 13:24]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:53]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 14:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 13:05]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 21:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 06:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-12-11 01:32]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 09:57]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]

*Newly Created Service* - COMHOST
.
Inhalt des "geplante Tasks" Ordners
"2008-02-08 19:57:28 C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - t.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-02-13 16:21:04 C:\Windows\Tasks\User_Feed_Synchronization-{A0580601-06FA-4A1E-A012-E84D0591E7DE}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 17:33:02
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-02-14 17:34:24
ComboFix-quarantined-files.txt 2008-02-14 16:34:19
.
2008-02-14 08:23:30 --- E O F ---

#4 Hallo ab-lübeck

scanne mit
Windows Live Free Scan - PC safety scan
http://virus-protect.org/onlinescan.html
+
poste hier den scanreport
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#5 Combofix hat den Rotz entfernt, alle anderen Virenscanner haben das NICHT gefunden, ein kollege hat sich auf meinem Laptop im Büro diesen WEBMEDIAPLAYER installiert !! Ob das daher gekommen ist?

Seit Combofix ist jedenfalls das problem jedenfalls nicht mehr aufgetreten.

Danke