Antivirus Xp 2008 und Virus Alert!

#1 Hallo,

ich habe es mit Antivirus XP 2008 zutun. Gestern Abend dachte ich, ich hätte es geschafft. Nach ausführen vom ComboFix sah alles aus wie immer (bis auf Desktophintergrund. WindowsUpdate und chipkartenleser funktionieren nicht mehr. Heute morgen bei Rechnerstart leider das alte Bild. Im Startmenue keine rechte Seite und "Alle Programme" verschwunden. Alte Verknüpfungen der Spyware wieder auf dem Desktop. Ich weiss nicht weiter :-(

Es wäre sehr nett, wenn mir hier geholfen wird.

Danke.

Gruß Addi

ComboFix:

ComboFix 08-06-20.4 - Michael 2008-06-30 10:06:13.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.2108 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Michael\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\system\
.
---- Previous Run -------
.
C:\Dokumente und Einstellungen\Michael\Desktop\Error Cleaner.url
C:\Dokumente und Einstellungen\Michael\Desktop\Privacy Protector.url
C:\Dokumente und Einstellungen\Michael\Desktop\Spyware&Malware Protection.url
C:\Dokumente und Einstellungen\Michael\Favoriten\Error Cleaner.url
C:\Dokumente und Einstellungen\Michael\Favoriten\Privacy Protector.url
C:\Dokumente und Einstellungen\Michael\Favoriten\Spyware&Malware Protection.url
C:\WINDOWS\ebot.exe
C:\WINDOWS\ebxq.exe
C:\WINDOWS\system32\ainlxjxd.ini
C:\WINDOWS\system32\BHkSBJlm.ini
C:\WINDOWS\system32\BHkSBJlm.ini2
C:\WINDOWS\system32\btjvtjwa.ini
C:\WINDOWS\system32\cegxcagq.ini
C:\WINDOWS\system32\eKmWGMoq.ini
C:\WINDOWS\system32\eKmWGMoq.ini2
C:\WINDOWS\system32\exjspiwh.ini
C:\WINDOWS\system32\fccdbXPJ.dll
C:\WINDOWS\system32\JPXbdccf.ini
C:\WINDOWS\system32\JPXbdccf.ini2
C:\WINDOWS\system32\krocoroy.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJBSkHB.dll
C:\WINDOWS\system32\pmnkJyyy.dll
C:\WINDOWS\system32\pxpupmev.ini
C:\WINDOWS\system32\qdnragyx.ini
C:\WINDOWS\system32\qoMGWmKe.dll
C:\WINDOWS\system32\sknnivgf.ini
C:\WINDOWS\system32\system\
C:\WINDOWS\system32\tymivwmi.ini
C:\WINDOWS\system32\yyyJknmp.ini
C:\WINDOWS\system32\yyyJknmp.ini2

.
((((((((((((((((((((((( Dateien erstellt von 2008-05-28 bis 2008-06-30 ))))))))))))))))))))))))))))))
.

2008-06-30 09:59 . 2008-06-30 10:06 354 ---hs---- C:\WINDOWS\system32\qdnragyx.ini
2008-06-30 09:20 . 2008-06-30 09:20 92,032 --a------ C:\WINDOWS\system32\xygarndq.dll
2008-06-30 09:14 . 2008-06-30 09:14 294 ---hs---- C:\WINDOWS\system32\krocoroy.ini
2008-06-29 17:07 . 2008-06-29 17:07 294 ---hs---- C:\WINDOWS\system32\pxpupmev.ini
2008-06-29 16:20 . 2008-06-29 16:20 294 ---hs---- C:\WINDOWS\system32\cegxcagq.ini
2008-06-29 11:44 . 2008-06-29 21:35 <DIR> d-------- C:\Programme\Spyware Doctor
2008-06-29 11:44 . 2008-06-29 11:44 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Tools
2008-06-29 11:44 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-29 11:44 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-29 11:44 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-29 11:44 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-29 11:42 . 2008-06-29 11:42 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2008-06-29 10:46 . 2008-06-29 10:46 <DIR> d-------- C:\Programme\CCleaner
2008-06-29 10:11 . 2008-06-29 10:11 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataDesign
2008-06-29 10:09 . 2008-06-29 10:09 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Buhl Data Service GmbH
2008-06-28 19:43 . 2008-06-28 19:43 <DIR> d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\rhce03j0e1bt
2008-06-28 18:17 . 2008-06-21 11:35 3,262 --a------ C:\WINDOWS\system32\sex2.ico
2008-06-28 18:09 . 2008-06-29 09:22 <DIR> d-------- C:\Programme\VAV
2008-06-28 18:09 . 2008-06-28 18:09 28,288 --a------ C:\WINDOWS\system32\tuvUOFVo.dll
2008-06-28 18:09 . 2008-06-28 18:09 28,288 --a------ C:\WINDOWS\system32\mlJApPHw.dll
2008-06-28 18:09 . 2008-06-21 11:35 3,262 --a------ C:\WINDOWS\system32\sex1.ico
2008-06-28 18:06 . 2008-06-28 18:06 28,288 --a------ C:\WINDOWS\system32\ssqPgEtq.dll
2008-06-28 18:06 . 2008-06-28 18:06 28,288 --a------ C:\WINDOWS\system32\hgGaaXQh.dll
2008-06-28 17:38 . 2008-06-28 17:38 28,288 --a------ C:\WINDOWS\system32\hgGXpNfE.dll
2008-06-28 17:38 . 2008-06-28 17:38 28,288 --a------ C:\WINDOWS\system32\hgGvtRhH.dll
2008-06-28 17:29 . 2008-06-28 17:29 28,288 --a------ C:\WINDOWS\system32\byXOgGWp.dll
2008-06-28 17:02 . 2008-06-28 17:02 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
2008-06-28 15:42 . 2008-06-28 15:42 92,032 --a------ C:\WINDOWS\system32\fgvinnks.dll
2008-06-27 16:33 . 2006-11-17 23:16 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-06-27 16:33 . 2006-11-17 23:11 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmenü
2008-06-27 16:33 . 2006-11-17 23:11 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-06-27 16:33 . 2008-06-30 10:10 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-06-27 16:33 . 2006-11-17 23:11 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-06-27 16:33 . 2006-11-17 23:11 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-06-27 16:33 . 2008-06-29 11:44 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-06-27 16:33 . 2008-06-29 11:42 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-06-27 11:58 . 2008-06-27 11:58 28,288 --a------ C:\WINDOWS\system32\mlJDvVlj.dll
2008-06-27 11:55 . 2008-06-26 19:23 421,888 --a------ C:\WINDOWS\gfetqaxsxqs.dll
2008-06-27 11:35 . 2008-06-26 12:02 28,800 --a------ C:\WINDOWS\system32\mlJyaYPF.dll
2008-06-27 11:35 . 2008-06-26 12:02 8,464 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-06-26 09:45 . 2008-06-30 08:38 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-06-26 09:44 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-06-25 11:35 . 2008-06-25 11:35 <DIR> d-------- C:\Programme\Enigma Software Group
2008-06-25 11:13 . 2008-06-26 19:23 368,640 --a------ C:\WINDOWS\pntqkflv.dll
2008-06-25 11:13 . 2008-06-26 19:23 315,392 --a------ C:\WINDOWS\qegbdmwf.dll
2008-06-25 11:13 . 2008-06-25 06:44 245,760 --a------ C:\WINDOWS\gfetqaxsmnw.dll
2008-06-25 11:13 . 2008-06-26 19:23 200,704 --a------ C:\WINDOWS\gxvpsafm.dll
2008-06-25 11:13 . 2008-06-26 19:23 90,112 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-25 09:13 . 2008-06-25 09:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-25 09:13 . 2008-06-25 09:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-21 11:03 . 2008-06-21 11:03 20 --a------ C:\WINDOWS\system32\SYSTEM
2008-06-17 18:17 . 2008-06-17 18:17 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-11 21:54 . 2008-06-11 21:54 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\EurekaLog
2008-06-10 22:14 . 2008-06-14 19:32 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 22:14 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-07 10:16 . 2008-06-07 10:16 <DIR> d-------- C:\Intel
2008-06-05 15:14 . 2008-06-05 15:14 487 --a------ C:\WINDOWS\Capictrl.INI
2008-05-27 23:00 . 2008-05-27 23:00 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-17 16:34 . 2008-05-17 16:34 <DIR> d-------- C:\Tivola
2008-05-12 19:51 . 2008-05-12 19:51 <DIR> d-------- C:\WINDOWS\BWKDLogs
2008-05-07 07:10 . 2008-05-07 07:10 1,293,824 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 07:59 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-06-29 20:17 --------- d-----w C:\Programme\Gemeinsame Dateien\Buhl Data Service
2008-06-29 17:51 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2008-06-28 13:57 1,036,800 ----a-w C:\WINDOWS\explorer.exe
2008-06-26 21:36 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-25 07:47 --------- d-----w C:\Programme\Total Video Converter
2008-06-17 16:17 --------- d-----w C:\Programme\Symantec
2008-06-17 16:17 --------- d-----w C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Symantec
2008-06-15 09:38 --------- d-----w C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\AdobeUM
2008-06-14 17:32 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 19:15 --------- d-----w C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Azureus
2008-06-12 15:52 --------- d-----w C:\Programme\Azureus
2008-06-05 13:08 --------- d-----w C:\Programme\WinSuite
2008-06-05 07:09 --------- d-----w C:\Programme\FRITZ!DSL
2008-06-03 05:22 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-03 05:22 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-03 05:22 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-03 05:22 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-21 10:44 658,432 ------w C:\WINDOWS\fpuninst.exe
2008-05-21 08:01 --------- d-----w C:\Programme\Mp3tag
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:10 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 13:29 --------- d-----w C:\Programme\IrfanView
2008-05-01 09:56 --------- d-----w C:\Programme\Java
2008-04-14 06:06 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 05:55 333,312 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 05:52 99,840 ----a-w C:\WINDOWS\system32\loadperf.dll
2008-04-14 05:51 762,368 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 05:51 731,648 ----a-w C:\WINDOWS\system32\ntdll.dll
2008-04-14 05:51 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 05:51 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 05:51 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 05:30 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:30 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 05:29 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 05:27 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 05:26 81,408 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 05:26 51,712 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 05:25 572,928 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 05:24 10,752 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 05:23 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:22 68,096 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 05:20 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 22:10 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 22:06 2,981,888 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 22:05 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 22:05 199,680 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 22:00 61,440 ------w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-03-13 20:44 357,768 ----a-w C:\Dokumente und Einstellungen\Michael\SymXPep2.dll
2008-03-13 20:44 251,216 ----a-w C:\Dokumente und Einstellungen\Michael\IView.exe
2007-05-22 07:41 774,144 ----a-w C:\Programme\RngInterstitial.dll
1998-06-17 00:08 53,248 --sha-w C:\WINDOWS\system32\mfc42enu.dll
1995-09-20 14:16 35,088 --sha-w C:\WINDOWS\system32\msjint32.dll
1995-09-20 14:13 977,680 --sha-w C:\WINDOWS\system32\msjt3032.dll
1995-09-20 14:16 23,824 --sha-w C:\WINDOWS\system32\msjter32.dll
2001-08-18 10:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
1995-09-24 09:02 243,472 --sha-w C:\WINDOWS\system32\vbar2232.dll
1998-05-18 01:06 368,912 --sha-w C:\WINDOWS\system32\vbar332.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_16.22.47.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 14:19:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 07:58:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D67F39-6F48-438A-80A2-F86FE363C215}]
2008-06-26 12:02 28800 --a------ C:\WINDOWS\system32\mlJyaYPF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-13 20:07 116088 --a------ C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83EB5BB1-B24D-41FB-8D66-7F570E5BFA80}]
2008-06-25 06:44 245760 --a------ C:\WINDOWS\gfetqaxsmnw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E0B059F-DFFA-46F5-B6F9-2B2EB2551AD8}]
2008-06-26 19:23 421888 --a------ C:\WINDOWS\gfetqaxsxqs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7D1DDA59-1111-444F-95B3-2B3B9264BB4E}"= "C:\WINDOWS\gxvpsafm.dll" [2008-06-26 19:23 200704]
"{A60C6234-48AB-4295-B542-24F8679FA15C}"= "C:\WINDOWS\gxvpsafm.dll" [2008-06-26 19:23 200704]

[HKEY_CLASSES_ROOT\clsid\{7d1dda59-1111-444f-95b3-2b3b9264bb4e}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib\{B74C2292-C9E7-439C-ACF0-632399AB2A6C}]
[HKEY_CLASSES_ROOT\gxvpsafm]

[HKEY_CLASSES_ROOT\clsid\{a60c6234-48ab-4295-b542-24f8679fa15c}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib\{D6CB182B-1211-426B-8E68-1757F04DBE63}]
[HKEY_CLASSES_ROOT\gxvpsafm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 07:52 15360]
"LightScribe Control Panel"="C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2007-12-05 13:30 2295072]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"MsgCenterExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" [2008-04-17 23:36 69632]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]
"osCheck"="C:\Programme\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"SansaDispatch"="C:\Programme\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 12:52 75584]
"78b0843b"="C:\WINDOWS\system32\xygarndq.dll" [2008-06-30 09:20 92032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:52 15360]

C:\Dokumente und Einstellungen\Michael\Startmen�\Programme\Autostart\
FRITZ!DSL Protect.lnk - C:\Programme\FRITZ!DSL\FwebProt.exe [2007-09-07 12:06:46 1070384]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
ColorVisionStartup.lnk - C:\Programme\ColorVision\Utility\ColorVisionStartup.exe [2007-02-13 10:34:02 385024]
FRITZ!DSL Startcenter.lnk - C:\WINDOWS\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2007-11-07 15:53:32 29184]
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [2006-11-18 21:21:09 784912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{39D67F39-6F48-438A-80A2-F86FE363C215}"= C:\WINDOWS\system32\mlJyaYPF.dll [2008-06-26 12:02 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qegbdmwf"= {CD1B984E-7462-49F7-AE32-5CFA7AEE5F26} - C:\WINDOWS\qegbdmwf.dll [2008-06-26 19:23 315392]
"pntqkflv"= {18370177-D6E1-4B69-939B-D236F07D7211} - C:\WINDOWS\pntqkflv.dll [2008-06-26 19:23 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJyaYPF]
mlJyaYPF.dll 2008-06-26 12:02 28800 C:\WINDOWS\system32\mlJyaYPF.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\78b0843b]
--a------ 2008-06-28 15:42 92032 C:\WINDOWS\system32\fgvinnks.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphca03j0e1bt]
C:\WINDOWS\system32\lphca03j0e1bt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonAntiBot]
-ra------ 2007-11-12 22:59 1378840 C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\eBay\\Turbo Lister2\\Tl.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Programme\\Azureus\\Azureus.exe"=
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\Programme\\eMule.de 0.46c v17\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46951:TCP"= 46951:TCP:Azureus
"46951:UDP"= 46951:UDP:Azureus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 OODrvled;OODrvled;C:\WINDOWS\system32\DRIVERS\OODrvled.sys [2004-09-22 14:57]
R1 bizVSerial;Franson VSerial;C:\WINDOWS\system32\drivers\bizVSerialNT.sys [2007-05-31 08:38]
R2 IGDCTRL;AVM IGD CTRL Service;C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 11:14]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2008-04-14 07:53]
R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;C:\WINDOWS\system32\DRIVERS\cjusb.sys [2007-05-30 14:42]
R3 tap0901;TAP-Win32 Adapter V9;C:\WINDOWS\system32\DRIVERS\tap0901.sys [2007-04-26 00:53]
S2 mscmsvr;mateSuite cryptMate Service;C:\Programme\REINER SCT\mateSuite\mscmsvr.exe []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 dtwmnic5;DeTeWe OpenCom 30 plus;C:\WINDOWS\system32\DRIVERS\dtwmnic5.sys []
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 16:27]
S3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS []
S3 P1Scanner;MUSTEK P1 Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2008-04-14 00:15]
S3 Spyder2;ColorVision Spyder2;C:\WINDOWS\system32\DRIVERS\Spyder2.sys [2007-01-17 14:30]
S3 TTCinergyT2;TerraTec Cinergy T² (BDA);C:\WINDOWS\system32\DRIVERS\TTCinergyT2BDA.sys [2006-05-19 11:31]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5faec5cb-3b80-11dd-b865-000c6efbbd4d}]
\Shell\AutoRun\command - K:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622eadbb-d3ab-11db-96d9-003042fffd01}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{839cb4da-313c-11dc-98ed-003042fffd01}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{839cb4db-313c-11dc-98ed-003042fffd01}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f5972fa-38a1-11dd-b852-000c6efbbd4d}]
\Shell\AutoRun\command - L:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de681836-772f-11db-944a-806d6172696f}]
\Shell\AutoRun\command - D:\Bin\asusqfe.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners
"2008-06-13 15:16:32 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-23 20:17:34 C:\WINDOWS\Tasks\Norton Internet Security - Systemprüfung ausführen - Michael.job"
- C:\Programme\Norton Internet Security\Norton AntiVirus\Navw32.exel/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 10:11:36
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\mlJyaYPF.dll
.
Zeit der Fertigstellung: 2008-06-30 10:13:45
ComboFix-quarantined-files.txt 2008-06-30 08:13:38

25 Verzeichnis(se), 6,446,358,528 Bytes frei
29 Verzeichnis(se), 6,427,885,568 Bytes frei

348 --- E O F --- 2008-03-13 18:21:00


[b]HijackThis Log[/b]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51, on 30.06.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Dokumente und Einstellungen\Michael\Desktop\Prüfung.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {39D67F39-6F48-438A-80A2-F86FE363C215} - C:\WINDOWS\system32\mlJyaYPF.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: QXK Olive - {83EB5BB1-B24D-41FB-8D66-7F570E5BFA80} - C:\WINDOWS\gfetqaxsmnw.dll
O2 - BHO: QXK Olive - {8E0B059F-DFFA-46F5-B6F9-2B2EB2551AD8} - C:\WINDOWS\gfetqaxsxqs.dll
O2 - BHO: (no name) - {FB52D282-15F0-47A3-8A51-A0FAA6BC5CBB} - C:\WINDOWS\system32\jkkIASjh.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: (no name) - {8C3887BA-3367-4297-B288-13472BD407E4} - (no file)
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: gxvpsafm - {7D1DDA59-1111-444F-95B3-2B3B9264BB4E} - C:\WINDOWS\gxvpsafm.dll
O3 - Toolbar: gxvpsafm - {A60C6234-48AB-4295-B542-24F8679FA15C} - C:\WINDOWS\gxvpsafm.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Programme\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [78b0843b] rundll32.exe "C:\WINDOWS\system32\qulyylms.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'Default user')
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Programme\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} (AldiActiveFormX Element) - https://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188892538906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/mail/activex/fa_os_mms/upload_1141.cab
O20 - Winlogon Notify: mlJyaYPF - C:\WINDOWS\SYSTEM32\mlJyaYPF.dll
O21 - SSODL: qegbdmwf - {CD1B984E-7462-49F7-AE32-5CFA7AEE5F26} - C:\WINDOWS\qegbdmwf.dll
O21 - SSODL: pntqkflv - {18370177-D6E1-4B69-939B-D236F07D7211} - C:\WINDOWS\pntqkflv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Dienst (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: mateSuite cryptMate Service (mscmsvr) - Unknown owner - C:\Programme\REINER SCT\mateSuite\mscmsvr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

--
End of file - 12308 bytes

datfind:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 78B0-8494

Verzeichnis von c:\

30.06.2008 10:51 0 dirdat.txt
30.06.2008 10:13 24.798 ComboFix.txt
30.06.2008 09:58 2.683.883.520 hiberfil.sys
30.06.2008 09:58 2.013.265.920 pagefile.sys
27.06.2008 00:53 54 UI_Michael.log
04.06.2008 10:36 637.292 logfile
30.04.2008 19:37 251.712 ntldr
04.03.2008 19:46 56 TwainPRO.log

18 Datei(en) 4.698.157.382 Bytes
0 Verzeichnis(se), 6.448.840.704 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 78B0-8494

Verzeichnis von C:\WINDOWS\system32

30.06.2008 10:51 107.546 hjSAIkkj.ini
30.06.2008 10:49 107.546 hjSAIkkj.ini2
30.06.2008 10:38 1.603.705 smlyyluq.ini
30.06.2008 10:38 91.520 qulyylms.dll
30.06.2008 10:37 0 73934045-.txt
30.06.2008 10:37 318.208 jkkIASjh.dll
30.06.2008 10:06 354 qdnragyx.ini
30.06.2008 09:58 640.820 OODBS.lor
30.06.2008 09:20 92.032 xygarndq.dll
30.06.2008 09:14 294 krocoroy.ini
30.06.2008 08:52 2.422 wpa.dbl
29.06.2008 17:07 294 pxpupmev.ini
29.06.2008 16:20 294 cegxcagq.ini
29.06.2008 12:36 0 clkcnt.txt
28.06.2008 18:09 28.288 tuvUOFVo.dll
28.06.2008 18:09 28.288 mlJApPHw.dll
28.06.2008 18:06 28.288 ssqPgEtq.dll
28.06.2008 18:06 28.288 hgGaaXQh.dll
28.06.2008 17:38 28.288 hgGvtRhH.dll
28.06.2008 17:38 28.288 hgGXpNfE.dll
28.06.2008 17:29 28.288 byXOgGWp.dll
28.06.2008 15:42 92.032 fgvinnks.dll
27.06.2008 11:58 28.288 mlJDvVlj.dll
26.06.2008 23:36 826.368 wininet.dll
26.06.2008 12:02 8.464 SpOrder.dll
26.06.2008 12:02 28.800 mlJyaYPF.dll
26.06.2008 09:46 444.088 perfh009.dat
26.06.2008 09:46 72.094 perfc009.dat
26.06.2008 09:46 462.424 perfh007.dat
26.06.2008 09:46 85.696 perfc007.dat
26.06.2008 09:46 1.079.414 PerfStringBackup.INI
25.06.2008 09:12 72.440 pxhpinst.exe
25.06.2008 09:12 531.192 pxdrv.dll
21.06.2008 11:35 3.262 sex1.ico
21.06.2008 11:35 3.262 sex2.ico
21.06.2008 11:03 20 SYSTEM
13.06.2008 14:46 226.568 ddbacctm.cpl
13.06.2008 14:46 820.488 ddbaccpl.cpl
13.06.2008 14:45 579.464 SymNeti.dll
13.06.2008 14:45 207.240 SymRedir.dll
03.06.2008 07:22 60.800 S32EVNT1.DLL
30.05.2008 01:35 17.486.968 MRT.exe
12.05.2008 18:23 220.040 FNTCACHE.DAT
07.05.2008 07:10 1.293.824 quartz.dll
01.05.2008 11:56 6.641 jupdate-1.6.0_05-b13.log
30.04.2008 19:53 253 spupdwxp.log
23.04.2008 22:16 3.591.680 mshtml.dll
23.04.2008 06:16 233.472 webcheck.dll


2308 Datei(en) 531.978.005 Bytes
0 Verzeichnis(se), 6.448.713.728 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 78B0-8494

Verzeichnis von C:\WINDOWS

30.06.2008 10:38 45.358 WindowsUpdate.log
30.06.2008 10:11 243 system.ini
30.06.2008 10:05 732 setupapi.log
30.06.2008 09:59 159 wiadebug.log
30.06.2008 09:59 50 wiaservc.log
30.06.2008 09:58 2.048 bootstat.dat
30.06.2008 09:57 4.018 SchedLgU.Txt
29.06.2008 11:56 0 Sti_Trace.log
28.06.2008 15:57 1.036.800 explorer.exe
26.06.2008 19:23 200.704 gxvpsafm.dll
26.06.2008 19:23 90.112 tovafrnm.exe
26.06.2008 19:23 315.392 qegbdmwf.dll
26.06.2008 19:23 421.888 gfetqaxsxqs.dll
26.06.2008 19:23 368.640 pntqkflv.dll
25.06.2008 11:08 116 NeroDigital.ini
25.06.2008 09:13 1.409 QTFont.for
25.06.2008 09:13 54.156 QTFont.qfn
25.06.2008 06:44 245.760 gfetqaxsmnw.dll
05.06.2008 15:14 487 Capictrl.INI
04.06.2008 14:58 799 win.ini
21.05.2008 12:44 658.432 fpuninst.exe
27.04.2008 18:39 6.649 cdplayer.ini
14.04.2008 07:53 288.768 winhlp32.exe
14.04.2008 07:53 32.866 slrundll.exe
14.04.2008 07:53 153.600 regedit.exe
14.04.2008 07:52 70.144 notepad.exe
14.04.2008 07:52 10.752 hh.exe
14.04.2008 07:52 50.688 twain_32.dll
13.04.2008 14:52 193 MPLAYER.INI
127 Datei(en) 15.515.330 Bytes
0 Verzeichnis(se), 6.448.721.920 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 78B0-8494

Verzeichnis von C:\DOKUME~1\Michael\LOKALE~1\Temp

#2 Hallo, Addi 007

1.
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat

O2 - BHO: (no name) - {39D67F39-6F48-438A-80A2-F86FE363C215} - C:\WINDOWS\system32\mlJyaYPF.dll

O2 - BHO: QXK Olive - {83EB5BB1-B24D-41FB-8D66-7F570E5BFA80} - C:\WINDOWS\gfetqaxsmnw.dll

O2 - BHO: QXK Olive - {8E0B059F-DFFA-46F5-B6F9-2B2EB2551AD8} - C:\WINDOWS\gfetqaxsxqs.dll

O2 - BHO: (no name) - {FB52D282-15F0-47A3-8A51-A0FAA6BC5CBB} - C:\WINDOWS\system32\jkkIASjh.dll

O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)

O3 - Toolbar: (no name) - {8C3887BA-3367-4297-B288-13472BD407E4} - (no file)

O3 - Toolbar: gxvpsafm - {7D1DDA59-1111-444F-95B3-2B3B9264BB4E} - C:\WINDOWS\gxvpsafm.dll

O3 - Toolbar: gxvpsafm - {A60C6234-48AB-4295-B542-24F8679FA15C} - C:\WINDOWS\gxvpsafm.dll

O4 - HKLM\..\Run: [78b0843b] rundll32.exe "C:\WINDOWS\system32\qulyylms.dll",b

O20 - Winlogon Notify: mlJyaYPF - C:\WINDOWS\SYSTEM32\mlJyaYPF.dll

O21 - SSODL: qegbdmwf - {CD1B984E-7462-49F7-AE32-5CFA7AEE5F26} - C:\WINDOWS\qegbdmwf.dll

O21 - SSODL: pntqkflv - {18370177-D6E1-4B69-939B-D236F07D7211} - C:\WINDOWS\pntqkflv.dll

2.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D67F39-6F48-438A-80A2-F86FE363C215}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83EB5BB1-B24D-41FB-8D66-7F570E5BFA80}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E0B059F-DFFA-46F5-B6F9-2B2EB2551AD8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7D1DDA59-1111-444F-95B3-2B3B9264BB4E}"=-
"{A60C6234-48AB-4295-B542-24F8679FA15C}"=-
[-HKEY_CLASSES_ROOT\clsid\{7d1dda59-1111-444f-95b3-2b3b9264bb4e}]
[-HKEY_CLASSES_ROOT\gxvpsafm.1]
[-HKEY_CLASSES_ROOT\TypeLib\{B74C2292-C9E7-439C-ACF0-632399AB2A6C}]
[-HKEY_CLASSES_ROOT\gxvpsafm]
[-HKEY_CLASSES_ROOT\clsid\{a60c6234-48ab-4295-b542-24f8679fa15c}]
[-HKEY_CLASSES_ROOT\gxvpsafm.1]
[-HKEY_CLASSES_ROOT\TypeLib\{D6CB182B-1211-426B-8E68-1757F04DBE63}]
[-HKEY_CLASSES_ROOT\gxvpsafm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"78b0843b"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{39D67F39-6F48-438A-80A2-F86FE363C215}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qegbdmwf"=-
"pntqkflv"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJyaYPF]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\78b0843b]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphca03j0e1bt]

File::
C:\Windows\System32\vav.cpl
C:\WINDOWS\system32\lphca03j0e1bt.exe
C:\WINDOWS\system32\hjSAIkkj.ini
C:\WINDOWS\system32\hjSAIkkj.ini2
C:\WINDOWS\system32\smlyyluq.ini
C:\WINDOWS\system32\qulyylms.dll
C:\WINDOWS\system32\73934045-.txt
C:\WINDOWS\system32\jkkIASjh.dll
C:\WINDOWS\system32\qdnragyx.ini
C:\WINDOWS\system32\xygarndq.dll
C:\WINDOWS\system32\krocoroy.ini
C:\WINDOWS\system32\pxpupmev.ini
C:\WINDOWS\system32\cegxcagq.ini
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\tuvUOFVo.dll
C:\WINDOWS\system32\mlJApPHw.dll
C:\WINDOWS\system32\ssqPgEtq.dll
C:\WINDOWS\system32\hgGaaXQh.dll
C:\WINDOWS\system32\hgGvtRhH.dll
C:\WINDOWS\system32\hgGXpNfE.dll
C:\WINDOWS\system32\byXOgGWp.dll
C:\WINDOWS\system32\fgvinnks.dll
C:\WINDOWS\system32\mlJDvVlj.dll
C:\WINDOWS\system32\SpOrder.dll
C:\WINDOWS\system32\mlJyaYPF.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\gfetqaxsxqs.dll
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\gfetqaxsmnw.dll
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\tovafrnm.exe

Folder::
C:\Programme\Enigma Software Group
C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\rhce03j0e1bt
C:\Programme\VAV

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen


danach: Combofix noch einmal anwenden


-------

3.
scanne mit Malwarebytes + poste den report
http://virus-protect.org/artikel/tools/malwarebytes.html

4.
dann poste ein neues Log von Combofix
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hallo Sabrina,

vielen Dank für die schnelle Hilfe. Ich habe die Malware die Malwarebytes erkannt hat noch nicht gelöscht. Hier der Report:

Zitat

Malwarebytes' Anti-Malware 1.19
Datenbank Version: 907
Windows 5.1.2600 Service Pack 3

14:11:20 30.06.2008
mbam-log-6-30-2008 (14-11-14).txt

Scan Art: Komplett Scan (C:\|F:\|)
Objekte gescannt: 153813
Scan Dauer: 38 minute(s), 33 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 52

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Interface\{7cf3c19f-131a-411a-8983-f5df7c7b8efa} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a707b81b-1cb7-419e-9389-2f2e38a5c479} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c3bd3eac-9c71-45c9-b7a7-3ce52487bc61} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8d193878-b80b-4617-91ac-294c1212e8fd} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_CLASSES_ROOT\gxvpsafm.btgx (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gxvpsafm.bvfw (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gxvpsafm.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Michael\Desktop\comag\Ahead.Nero.v8.3.2.1.Incl.Keymaker-EMBRACE\keygen.exe (Trojan.Agent) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\ebot.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXOgGWp.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fccdbXPJ.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fgvinnks.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGaaXQh.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGvtRhH.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGXpNfE.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJApPHw.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJBSkHB.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJDvVlj.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkJyyy.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMGWmKe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqPgEtq.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvUOFVo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\xygarndq.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0032529.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0032530.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0032531.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0032545.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0032546.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0033559.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0034551.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0034560.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0034561.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0034562.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0034563.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0034564.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0034566.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0034567.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0034568.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0034569.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP239\A0034572.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP240\A0035993.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP240\A0035999.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP241\A0036038.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP241\A0036083.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP242\A0036105.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP242\A0036134.dll (Rogue.AntivirusXP2008) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP243\A0039208.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP244\A0039294.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP244\A0039301.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP246\A0039439.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP246\A0039441.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP246\A0039442.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP246\A0039443.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP246\A0039444.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP246\A0039447.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP246\A0039448.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP246\A0039457.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP246\A0039458.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1DF468CD-5CCC-49F1-9B97-26260173DAB6}\RP246\A0039459.dll (Trojan.Vundo) -> No action taken.

Und hier der ComboFix Report:

ComboFix 08-06-20.4 - Michael 2008-06-30 13:15:06.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.2099 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Michael\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\system\
.
---- Previous Run -------
.
C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\rhce03j0e1bt
C:\Programme\Enigma Software Group
C:\Programme\Enigma Software Group\SpyHunter\ActiveKill.dll
C:\Programme\Enigma Software Group\SpyHunter\ActiveXKill.dll
C:\Programme\Enigma Software Group\SpyHunter\AXList.txt
C:\Programme\Enigma Software Group\SpyHunter\br.exe
C:\Programme\Enigma Software Group\SpyHunter\Common.dll
C:\Programme\Enigma Software Group\SpyHunter\def.dat
C:\Programme\Enigma Software Group\SpyHunter\def.dat.bak
C:\Programme\Enigma Software Group\SpyHunter\EnigmaUpdater.dll
C:\Programme\Enigma Software Group\SpyHunter\exc.dat
C:\Programme\Enigma Software Group\SpyHunter\HelpDesk.dll
C:\Programme\Enigma Software Group\SpyHunter\HFMonitor.dll
C:\Programme\Enigma Software Group\SpyHunter\INSTALL.LOG
C:\Programme\Enigma Software Group\SpyHunter\install.sss
C:\Programme\Enigma Software Group\SpyHunter\Language.dll
C:\Programme\Enigma Software Group\SpyHunter\NetworkSentry.dll
C:\Programme\Enigma Software Group\SpyHunter\Options.dll
C:\Programme\Enigma Software Group\SpyHunter\pgdata.dat
C:\Programme\Enigma Software Group\SpyHunter\ProcessGuard.dll
C:\Programme\Enigma Software Group\SpyHunter\RegistryGuard.dll
C:\Programme\Enigma Software Group\SpyHunter\rgdata.dat
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000000.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000001.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000002.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000003.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000004.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000005.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000006.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000007.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000008.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000009.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00000a.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00000b.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00000c.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00000d.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00000e.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00000f.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000010.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000011.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000012.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000013.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000014.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000015.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000016.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000017.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000018.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000019.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00001a.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00001b.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00001c.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00001d.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00001e.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00001f.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000020.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000021.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000022.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000023.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000024.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000025.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000026.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000027.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000028.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000029.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00002a.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00002b.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00002c.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00002d.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00002e.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00002f.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000030.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000031.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000032.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000033.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000034.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000035.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000036.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000037.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000038.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000039.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00003a.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00003b.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00003c.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00003d.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00003e.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00003f.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000040.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000041.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000042.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000043.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000044.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000045.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000046.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000047.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000048.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000049.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00004a.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00004b.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00004c.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00004d.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00004e.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00004f.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000050.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000051.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000052.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000053.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000054.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000055.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000056.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000057.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000058.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000059.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00005a.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00005b.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00005c.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00005d.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00005e.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00005f.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000060.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000061.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000062.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000063.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000064.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000065.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000066.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000067.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000068.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000069.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00006a.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00006b.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00006c.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00006d.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00006e.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00006f.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000070.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000071.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000072.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000073.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000074.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000075.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000076.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000077.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000078.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000079.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00007a.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00007b.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00007c.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00007d.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00007e.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\00007f.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000080.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000081.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000082.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000083.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000084.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000085.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000086.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\000087.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\0x84.ecd
C:\Programme\Enigma Software Group\SpyHunter\Rollback\rollback.dat
C:\Programme\Enigma Software Group\SpyHunter\scan.log
C:\Programme\Enigma Software Group\SpyHunter\Scanner.dll
C:\Programme\Enigma Software Group\SpyHunter\Scheduler.dll
C:\Programme\Enigma Software Group\SpyHunter\SHDS.mht
C:\Programme\Enigma Software Group\SpyHunter\spyhunter.log
C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.chm
C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.skn
C:\Programme\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
C:\Programme\Enigma Software Group\SpyHunter\support.log
C:\Programme\Enigma Software Group\SpyHunter\Uninstall.exe
C:\Programme\Enigma Software Group\SpyHunter\Updater.dll
C:\Programme\Enigma Software Group\SpyHunter\whitelist.dat
C:\Programme\Enigma Software Group\SpyHunter\WSAMonitor.dll
C:\Programme\VAV
C:\Programme\VAV\vav0.dat
C:\Programme\VAV\vav1.dat
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\system32\73934045-.txt
C:\WINDOWS\system32\byXOgGWp.dll
C:\WINDOWS\system32\cegxcagq.ini
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\fgvinnks.dll
C:\WINDOWS\system32\hgGaaXQh.dll
C:\WINDOWS\system32\hgGvtRhH.dll
C:\WINDOWS\system32\hgGXpNfE.dll
C:\WINDOWS\system32\hjSAIkkj.ini
C:\WINDOWS\system32\hjSAIkkj.ini2
C:\WINDOWS\system32\jkkIASjh.dll
C:\WINDOWS\system32\krocoroy.ini
C:\WINDOWS\system32\mlJApPHw.dll
C:\WINDOWS\system32\mlJDvVlj.dll
C:\WINDOWS\system32\mlJyaYPF.dll
C:\WINDOWS\system32\pxpupmev.ini
C:\WINDOWS\system32\qdnragyx.ini
C:\WINDOWS\system32\qulyylms.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\smlyyluq.ini
C:\WINDOWS\system32\SpOrder.dll
C:\WINDOWS\system32\ssqPgEtq.dll
C:\WINDOWS\system32\system\
C:\WINDOWS\system32\tuvUOFVo.dll
C:\WINDOWS\system32\xygarndq.dll
C:\WINDOWS\tovafrnm.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-05-28 bis 2008-06-30 ))))))))))))))))))))))))))))))
.

2008-06-30 13:13 . 2008-06-30 13:13 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-06-30 13:13 . 2008-06-30 13:13 <DIR> d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Malwarebytes
2008-06-30 13:13 . 2008-06-30 13:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-06-30 13:13 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-30 13:13 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-29 11:44 . 2008-06-29 21:35 <DIR> d-------- C:\Programme\Spyware Doctor
2008-06-29 11:44 . 2008-06-29 11:44 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Tools
2008-06-29 11:44 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-29 11:44 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-29 11:44 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-29 11:44 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-29 11:42 . 2008-06-29 11:42 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2008-06-29 10:46 . 2008-06-29 10:46 <DIR> d-------- C:\Programme\CCleaner
2008-06-29 10:11 . 2008-06-29 10:11 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataDesign
2008-06-29 10:09 . 2008-06-29 10:09 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Buhl Data Service GmbH
2008-06-28 17:02 . 2008-06-28 17:02 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
2008-06-27 16:33 . 2006-11-17 23:16 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-06-27 16:33 . 2006-11-17 23:11 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmenü
2008-06-27 16:33 . 2006-11-17 23:11 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-06-27 16:33 . 2008-06-30 13:19 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-06-27 16:33 . 2006-11-17 23:11 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-06-27 16:33 . 2006-11-17 23:11 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-06-27 16:33 . 2008-06-29 11:44 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-06-27 16:33 . 2008-06-29 11:42 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-06-26 09:45 . 2008-06-30 08:38 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-06-26 09:44 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-06-25 09:13 . 2008-06-25 09:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-25 09:13 . 2008-06-25 09:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-21 11:03 . 2008-06-21 11:03 20 --a------ C:\WINDOWS\system32\SYSTEM
2008-06-17 18:17 . 2008-06-17 18:17 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-11 21:54 . 2008-06-11 21:54 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\EurekaLog
2008-06-10 22:14 . 2008-06-14 19:32 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 22:14 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-07 10:16 . 2008-06-07 10:16 <DIR> d-------- C:\Intel
2008-06-05 15:14 . 2008-06-05 15:14 487 --a------ C:\WINDOWS\Capictrl.INI
2008-05-27 23:00 . 2008-05-27 23:00 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-17 16:34 . 2008-05-17 16:34 <DIR> d-------- C:\Tivola
2008-05-12 19:51 . 2008-05-12 19:51 <DIR> d-------- C:\WINDOWS\BWKDLogs
2008-05-07 07:10 . 2008-05-07 07:10 1,293,824 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 11:01 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-06-29 20:17 --------- d-----w C:\Programme\Gemeinsame Dateien\Buhl Data Service
2008-06-29 17:51 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2008-06-28 13:57 1,036,800 ----a-w C:\WINDOWS\explorer.exe
2008-06-26 21:36 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-25 07:47 --------- d-----w C:\Programme\Total Video Converter
2008-06-17 16:17 --------- d-----w C:\Programme\Symantec
2008-06-17 16:17 --------- d-----w C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Symantec
2008-06-15 09:38 --------- d-----w C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\AdobeUM
2008-06-14 17:32 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 19:15 --------- d-----w C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Azureus
2008-06-12 15:52 --------- d-----w C:\Programme\Azureus
2008-06-05 13:08 --------- d-----w C:\Programme\WinSuite
2008-06-05 07:09 --------- d-----w C:\Programme\FRITZ!DSL
2008-06-03 05:22 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-03 05:22 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-03 05:22 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-03 05:22 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-21 10:44 658,432 ------w C:\WINDOWS\fpuninst.exe
2008-05-21 08:01 --------- d-----w C:\Programme\Mp3tag
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:10 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 13:29 --------- d-----w C:\Programme\IrfanView
2008-05-01 09:56 --------- d-----w C:\Programme\Java
2008-04-14 06:06 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 05:55 333,312 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 05:52 99,840 ----a-w C:\WINDOWS\system32\loadperf.dll
2008-04-14 05:51 762,368 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 05:51 731,648 ----a-w C:\WINDOWS\system32\ntdll.dll
2008-04-14 05:51 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 05:51 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 05:51 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 05:30 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:30 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 05:29 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 05:27 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 05:26 81,408 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 05:26 51,712 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 05:25 572,928 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 05:24 10,752 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 05:23 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:22 68,096 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 05:20 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 22:10 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 22:06 2,981,888 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 22:05 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 22:05 199,680 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 22:00 61,440 ------w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-03-13 20:44 357,768 ----a-w C:\Dokumente und Einstellungen\Michael\SymXPep2.dll
2008-03-13 20:44 251,216 ----a-w C:\Dokumente und Einstellungen\Michael\IView.exe
2007-05-22 07:41 774,144 ----a-w C:\Programme\RngInterstitial.dll
1998-06-17 00:08 53,248 --sha-w C:\WINDOWS\system32\mfc42enu.dll
1995-09-20 14:16 35,088 --sha-w C:\WINDOWS\system32\msjint32.dll
1995-09-20 14:13 977,680 --sha-w C:\WINDOWS\system32\msjt3032.dll
1995-09-20 14:16 23,824 --sha-w C:\WINDOWS\system32\msjter32.dll
2001-08-18 10:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
1995-09-24 09:02 243,472 --sha-w C:\WINDOWS\system32\vbar2232.dll
1998-05-18 01:06 368,912 --sha-w C:\WINDOWS\system32\vbar332.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_16.22.47.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 14:19:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 11:01:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-13 20:07 116088 --a------ C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 07:52 15360]
"LightScribe Control Panel"="C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2007-12-05 13:30 2295072]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"MsgCenterExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" [2008-04-17 23:36 69632]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]
"osCheck"="C:\Programme\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"SansaDispatch"="C:\Programme\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 12:52 75584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:52 15360]

C:\Dokumente und Einstellungen\Michael\Startmen�\Programme\Autostart\
FRITZ!DSL Protect.lnk - C:\Programme\FRITZ!DSL\FwebProt.exe [2007-09-07 12:06:46 1070384]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
ColorVisionStartup.lnk - C:\Programme\ColorVision\Utility\ColorVisionStartup.exe [2007-02-13 10:34:02 385024]
FRITZ!DSL Startcenter.lnk - C:\WINDOWS\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2007-11-07 15:53:32 29184]
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [2006-11-18 21:21:09 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonAntiBot]
-ra------ 2007-11-12 22:59 1378840 C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\eBay\\Turbo Lister2\\Tl.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Programme\\Azureus\\Azureus.exe"=
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\Programme\\eMule.de 0.46c v17\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46951:TCP"= 46951:TCP:Azureus
"46951:UDP"= 46951:UDP:Azureus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 OODrvled;OODrvled;C:\WINDOWS\system32\DRIVERS\OODrvled.sys [2004-09-22 14:57]
R1 bizVSerial;Franson VSerial;C:\WINDOWS\system32\drivers\bizVSerialNT.sys [2007-05-31 08:38]
R2 IGDCTRL;AVM IGD CTRL Service;C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 11:14]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2008-04-14 07:53]
R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;C:\WINDOWS\system32\DRIVERS\cjusb.sys [2007-05-30 14:42]
R3 tap0901;TAP-Win32 Adapter V9;C:\WINDOWS\system32\DRIVERS\tap0901.sys [2007-04-26 00:53]
S2 mscmsvr;mateSuite cryptMate Service;C:\Programme\REINER SCT\mateSuite\mscmsvr.exe []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 dtwmnic5;DeTeWe OpenCom 30 plus;C:\WINDOWS\system32\DRIVERS\dtwmnic5.sys []
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 16:27]
S3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS []
S3 P1Scanner;MUSTEK P1 Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2008-04-14 00:15]
S3 Spyder2;ColorVision Spyder2;C:\WINDOWS\system32\DRIVERS\Spyder2.sys [2007-01-17 14:30]
S3 TTCinergyT2;TerraTec Cinergy T² (BDA);C:\WINDOWS\system32\DRIVERS\TTCinergyT2BDA.sys [2006-05-19 11:31]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5faec5cb-3b80-11dd-b865-000c6efbbd4d}]
\Shell\AutoRun\command - K:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622eadbb-d3ab-11db-96d9-003042fffd01}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{839cb4da-313c-11dc-98ed-003042fffd01}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{839cb4db-313c-11dc-98ed-003042fffd01}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f5972fa-38a1-11dd-b852-000c6efbbd4d}]
\Shell\AutoRun\command - L:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de681836-772f-11db-944a-806d6172696f}]
\Shell\AutoRun\command - D:\Bin\asusqfe.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners
"2008-06-13 15:16:32 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-23 20:17:34 C:\WINDOWS\Tasks\Norton Internet Security - Systemprüfung ausführen - Michael.job"
- C:\Programme\Norton Internet Security\Norton AntiVirus\Navw32.exel/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 13:19:27
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-06-30 13:21:19
ComboFix-quarantined-files.txt 2008-06-30 11:21:12
ComboFix2.txt 2008-06-30 08:13:48

25 Verzeichnis(se), 6,397,313,024 Bytes frei
29 Verzeichnis(se), 6,380,150,784 Bytes frei

470 --- E O F --- 2008-03-13 18:21:00

#4 ««
ComboFix entfernen
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

««
dann scanne noch mal mit Malwarebytes im abgesicherten modus (lasse alles entfernen, was noch gefunden wird) , dann sollte wieder alles i.o. sein.

wenn es noch Probleme gibt, melde dich
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Hi Sabina,

nochmals vielen Dank. Der Rechner läuft wieder ganz normal. Du wars eine super schnelle Hilfe. Ich hätte fast den Rechner aus dem Fenster geschmissen.

Liebe Grüße Michael