Mein IE auf Vista hatt einen virus

#1 Hallo. Scheint so als wäre ich endlich auf eine gute Seite gestossen wo man hilfe kriegen kann nach langem suchen.

Auch ich hab nen Problem mit meinem IE.. beim surfen kommt immer wieder mal eine leere Seite mit dem Vermerk Virus, Maleware Threat. Hab auch schon x scanns mit meinem Kapersky gemacht, der aber nichts finden kann.

Ich bin total anfängerr im EDV berreich hoffentlich kann mir jemand weiterhelfen.
Muss/kann ich auch meinen Scann ergebnisse hier durchposten?

danke und gRuss Toni

#2 Poste bitte die Ergebnisse von 1-4 aus diesem Thread: http://board.protecus.de/t23188.htm
ein Report von dem was KAV gefunden hat, kannst du auch anfuegen...
__________
MfG Ralf
SEO-Spam Hunter

#3 Vielen dank Ralf für die schnelle Antwort. Also ich hab das mal gemacht.. kopiere jetzt folgendes hinein.. hoffe ich hab alles richtig gemacht

Malwarebytes' Anti-Malware 1.29
Datenbank Version: 1295
Windows 6.0.6001 Service Pack 1

20.10.2008 12:41:54
mbam-log-2008-10-20 (12-41-35).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 259327
Laufzeit: 2 hour(s), 20 minute(s), 57 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 2
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Windows\nkefbltdntd.dll (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{16d1db95-aafc-427d-81fd-e98028ca7bb7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0c3f9c5e-34f0-4b16-b8b7-3505cd992add} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e83238c-a186-4c98-9a91-44b4be62a5ec} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{85af4583-ad9c-4d25-9323-6611490213f0} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85af4583-ad9c-4d25-9323-6611490213f0} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Program Files\MicroAntivirus (Rogue.MicroAntivirus) -> No action taken.

Infizierte Dateien:
C:\Windows\ewpe.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\MicroAntivirus\microAV.ooo (Rogue.MicroAntivirus) -> No action taken.
C:\Windows\System32\1.ico (Malware.Trace) -> No action taken.
C:\Windows\nkefbltdntd.dll (Trojan.FakeAlert) -> No action taken.

---------------------------------------

ComboFix 08-10-19.04 - Anthony de Angelis 2008-10-20 12:53:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1166 [GMT 2:00]
ausgeführt von:: C:\Users\Anthony de Angelis\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Anthony de Angelis\AppData\Roaming\Adobe\crc.dat
C:\Users\Anthony de Angelis\AppData\Roaming\Adobe\Player.exe.bak

.
((((((((((((((((((((((( Dateien erstellt von 2008-09-20 bis 2008-10-20 ))))))))))))))))))))))))))))))
.

2008-10-20 10:16 . 2008-10-20 10:16 <DIR> d-------- C:\Users\Anthony de Angelis\AppData\Roaming\Malwarebytes
2008-10-20 10:16 . 2008-10-20 10:16 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-20 10:16 . 2008-10-20 10:16 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-20 10:16 . 2008-10-20 10:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 10:16 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-20 10:16 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-15 09:37 . 2008-10-15 10:20 96,976 --a------ C:\Windows\System32\drivers\klin.dat
2008-10-15 09:37 . 2008-10-15 09:37 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2008-10-15 09:35 . 2008-10-20 12:47 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-10-15 09:35 . 2008-10-20 12:47 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-10-15 09:35 . 2008-10-15 09:35 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-15 09:35 . 2008-10-20 12:44 6,651,936 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-10-15 09:35 . 2008-10-20 12:44 606,240 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-10-15 09:35 . 2008-10-20 12:44 53,048 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-10-15 09:35 . 2008-10-20 12:44 3,152 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-10-15 02:07 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 02:07 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 02:07 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 02:07 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d-------- C:\Program Files\iTunes
2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d-------- C:\Program Files\iPod
2008-10-11 16:35 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-10-11 16:35 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-10-11 16:27 . 2008-10-11 16:27 <DIR> d-------- C:\Program Files\Bonjour
2008-10-10 22:45 . 2008-10-10 22:45 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-10-10 22:45 . 2008-10-10 22:45 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-10-10 21:50 . 2008-10-10 21:50 <DIR> d-------- C:\Program Files\VirtualDJ
2008-10-10 05:15 . 2008-10-10 05:15 <DIR> d-------- C:\Program Files\Safari
2008-10-04 10:28 . 2008-10-04 19:37 <DIR> d-------- C:\Users\Anthony de Angelis\AppData\Roaming\uTorrent
2008-10-04 00:46 . 2008-10-04 00:46 <DIR> d-------- C:\Users\Anthony de Angelis\AppData\Roaming\MAGIX
2008-10-04 00:42 . 2008-10-04 00:45 <DIR> d-------- C:\Program Files\MAGIX
2008-10-04 00:42 . 2007-04-27 09:43 120,200 --a------ C:\Windows\System32\DLLDEV32i.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 01:11 --------- d-----w C:\Program Files\Windows Mail
2008-10-15 01:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-14 01:21 --------- d-----w C:\Program Files\XoftSpySE
2008-10-11 14:34 --------- d-----w C:\Program Files\QuickTime Alternative
2008-10-11 14:33 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-09 01:50 --------- d-----w C:\Users\Anthony de Angelis\AppData\Roaming\Corel
2008-10-09 01:50 --------- d-----w C:\Program Files\Corel
2008-10-09 01:31 3,350 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-10-03 22:45 --------- d-----w C:\ProgramData\MAGIX
2008-09-28 13:54 --------- d-----w C:\Users\Anthony de Angelis\AppData\Roaming\CyberLink
2008-09-11 05:22 --------- d-----w C:\ProgramData\CyberLink
2008-09-11 01:02 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 20:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 20:35 --------- d-----w C:\Program Files\Ontrack
2008-09-05 20:07 210,944 ----a-w C:\Windows\System32\Msvcrt10.dll
2008-09-05 02:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-05 01:42 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-02 21:57 --------- d-----w C:\ProgramData\Corel
2008-09-02 21:41 --------- d-----w C:\Users\Anthony de Angelis\AppData\Roaming\InstallShield
2008-08-30 19:47 --------- d-----w C:\Users\Anthony de Angelis\AppData\Roaming\OpenOffice.org2
2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-22 10:08 878,592 ----a-w C:\Windows\System32\wininet.dll
2008-08-22 10:07 43,008 ----a-w C:\Windows\System32\licmgr10.dll
2008-08-22 10:07 18,944 ----a-w C:\Windows\System32\corpol.dll
2008-08-22 10:06 72,704 ----a-w C:\Windows\System32\admparse.dll
2008-08-22 10:06 71,680 ----a-w C:\Windows\System32\iesetup.dll
2008-08-22 10:06 66,560 ----a-w C:\Windows\System32\wextract.exe
2008-08-22 10:06 129,024 ----a-w C:\Windows\System32\ieUnatt.exe
2008-08-22 10:06 110,080 ----a-w C:\Windows\System32\PDMSetup.exe
2008-08-22 10:06 103,936 ----a-w C:\Windows\System32\SetDepNx.exe
2008-08-22 10:06 103,424 ----a-w C:\Windows\System32\SetIEInstalledDate.exe
2008-08-22 10:05 35,840 ----a-w C:\Windows\System32\imgutil.dll
2008-08-22 10:05 168,960 ----a-w C:\Windows\System32\iexpress.exe
2008-08-22 10:04 48,640 ----a-w C:\Windows\System32\PrivacIE.dll
2008-08-22 10:04 48,128 ----a-w C:\Windows\System32\mshtmler.dll
2008-08-22 10:04 45,568 ----a-w C:\Windows\System32\mshta.exe
2008-08-22 09:57 156,160 ----a-w C:\Windows\System32\msls31.dll
2008-08-22 03:38 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-08-22 03:38 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-08-22 03:38 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-08-22 03:38 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-08-20 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-29 18:21 218,376 ----a-w C:\Windows\System32\klogon.dll
2008-07-18 00:06 63,488 ----a-w C:\Users\Anthony de Angelis\xobglu16.dll
2008-07-18 00:06 23,552 ----a-w C:\Users\Anthony de Angelis\xobglu32.dll
2008-05-31 18:53 174 --sha-w C:\Program Files\desktop.ini
2008-02-08 15:38 13 ---h--w C:\Users\All Users\ÙÝÃÄ3113›.sys
2008-02-08 15:38 13 ---h--w C:\ProgramData\ÙÝÃÄ3113›.sys
2007-11-27 15:30 5,232 ----a-w C:\Users\Anthony de Angelis\AppData\Roaming\wklnhst.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"= "C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL" [2008-02-20 61440]

[HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-06-02 6210888]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-07-05 160592]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"TVEService"="C:\Program Files\Home Cinema\TV Enhance\TVEService.exe" [2007-01-12 155648]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"DefragTaskBar"="C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-02-12 168120]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DT Task"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 264704]
"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-16 1257104]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-28 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8BB2ACBE-EB76-424F-A732-E53A948B9A99}"= UDP:C:\Program Files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{86AA0C93-5EF3-420E-9B70-F9C44C69F7D7}"= TCP:C:\Program Files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{8327200F-A82D-40BC-9626-6AEADB92AB41}"= UDP:C:\Program Files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{BD9A3423-41D5-4A81-9977-CDD22273E3F0}"= TCP:C:\Program Files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"TCP Query User{BA22411C-716B-46B4-94CF-42A5BB288770}C:\\program files\\emule.de 0.46c v17\\emule.exe"= UDP:C:\program files\emule.de 0.46c v17\emule.exe:eMule
"UDP Query User{9D5A64B6-568C-42C3-B7B2-2A15D33E7155}C:\\program files\\emule.de 0.46c v17\\emule.exe"= TCP:C:\program files\emule.de 0.46c v17\emule.exe:eMule
"TCP Query User{B2EC3753-B9E9-4321-A467-6C7C16F59EE2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C63EB571-D756-4867-8466-96BC882FAC4B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0BD015A4-9B55-40E7-B7DA-46BB1880E49C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{23E20550-F179-4469-B4B1-442E4FD0055E}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{3A94B00E-EF2D-499F-99C2-478364D891D8}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{81DC086A-1A2D-4917-B54D-D0F5876B3C96}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0CC47035-7F5C-469A-BD44-B55C1E1498EA}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3D1032CF-0289-4EBF-B4B4-5ECC0D45E6DA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{10D888B5-7B17-43AE-847A-FBDC7C6EB205}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{24827B53-A4B7-404B-971C-EDD22A2B37D1}C:\\config.msi\\4ed37.rbf"= UDP:C:\config.msi\4ed37.rbfando
"UDP Query User{6BE7F82A-2ED7-42EA-AAC7-717785BE260C}C:\\config.msi\\4ed37.rbf"= TCP:C:\config.msi\4ed37.rbfando
"TCP Query User{E1D90568-C56D-4085-B3BB-3C4155BF6C6F}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exeando
"UDP Query User{5DE6D337-CA9F-4C89-BD9C-97B7DADE4607}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exeando
"TCP Query User{C687AB8C-12A1-4934-BEB8-276F10E0294B}C:\\config.msi\\4c9e3.rbf"= UDP:C:\config.msi\4c9e3.rbfando
"UDP Query User{55D9778C-AA06-4B25-A633-7B0EA3B35E31}C:\\config.msi\\4c9e3.rbf"= TCP:C:\config.msi\4c9e3.rbfando
"TCP Query User{411CA7B0-A928-4026-B696-BE5DA3ABE698}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{88C72BC1-9C4F-43D8-9E79-57965044740C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{622135A6-A89C-45ED-B18B-E5F1739D9924}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{7B879DD8-06C5-4500-B50E-7A8956A6CBA6}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"{898BA438-28F9-4F5A-B51B-DCD6ABE0A587}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQW40ZRY\incredimail_install[1].exe:IncrediMail Installer
"{90317CC7-3174-4710-9254-36803CABE9FC}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQW40ZRY\incredimail_install[1].exe:IncrediMail Installer
"{8AC19259-ADC6-4E40-966A-52B7E5A5A106}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYNT8KJW\incredimail_install[1].exe:IncrediMail Installer
"{847E044E-F436-4AAD-8A5E-443C898373C8}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYNT8KJW\incredimail_install[1].exe:IncrediMail Installer
"{6AA0E3DF-6DA9-444D-A6A2-37492DD5041B}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG6TO12Z\incredimail_install[1].exe:IncrediMail Installer
"{87B4576F-0A30-40F4-A391-BB311653CBE2}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG6TO12Z\incredimail_install[1].exe:IncrediMail Installer
"{D59F6046-C798-4034-92CE-88C60BA498A4}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RQVCTP7\incredimail_install[1].exe:IncrediMail Installer
"{20B495FC-D5E6-4155-9111-EE04FEEEE1A1}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RQVCTP7\incredimail_install[1].exe:IncrediMail Installer
"{FDAAC80C-6744-44D9-A588-B0044663A7A1}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVORJBJP\incredimail_install[2].exe:IncrediMail Installer
"{A1331AFE-24FE-4245-9E5C-A1EE40A44E27}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVORJBJP\incredimail_install[2].exe:IncrediMail Installer
"{1074AC0C-9F85-4A78-807A-CA16953B148C}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVORJBJP\incredimail_install[1].exe:IncrediMail Installer
"{B8675185-1275-4EFB-955C-B5A47B37AE48}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVORJBJP\incredimail_install[1].exe:IncrediMail Installer
"{FCAADF89-C588-4B73-B778-D0B7B6F6EC06}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WL822JU\incredimail_install[1].exe:IncrediMail Installer
"{A4A0EF08-B372-4980-864E-167DD1BB8468}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WL822JU\incredimail_install[1].exe:IncrediMail Installer
"{3C29F75E-8B67-4486-AFA2-435C103F402B}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImSc.exe:IncrediMail
"{4D1AE7FE-0E5D-4222-8255-7A8B94BD3D0A}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImSc.exe:IncrediMail
"TCP Query User{E3A015BC-6A81-4ACE-B38D-A7115B89EC33}C:\\program files\\media player classic\\mplayerc.exe"= UDP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{0D4130BF-139A-47D8-818B-101E18A634F8}C:\\program files\\media player classic\\mplayerc.exe"= TCP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
"{D8A4E640-A1DC-4794-BB05-63882D054F94}"= UDP:56367ando P2P TCP Listening Port
"{EFD3F9B3-97A1-49EE-AC45-22000B366802}"= TCP:56367ando P2P UDP Listening Port
"{ED83FD88-7D2E-4420-8688-54DC4B77950D}"= UDP:58976ando P2P TCP Listening Port
"{1A51CB1E-CDDF-4250-9330-DD70B043658F}"= TCP:58976ando P2P UDP Listening Port
"{FE3657A0-DD45-44AA-9115-4CC709975163}"= UDP:56266ando P2P TCP Listening Port
"{A525F2B9-159B-474F-BF79-F9F7E6182A39}"= TCP:56266ando P2P UDP Listening Port
"{EE064BA3-3D58-4D52-A069-D1012DC723E2}"= UDP:56711ando P2P TCP Listening Port
"{E9A94AED-08D0-49E2-8CEC-E4F32640B508}"= TCP:56711ando P2P UDP Listening Port
"{C900AE9D-6478-45C3-B1D0-D03D8E07BE20}"= UDP:56764ando P2P TCP Listening Port
"{B39D57A5-38E7-403E-85ED-CE35F2FADCAF}"= TCP:56764ando P2P UDP Listening Port
"{E2C61B9B-AC50-4246-A707-042B384F1874}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{5D778298-11D6-4B5C-8297-B6AFFA5A5D7E}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{EB808634-A0C5-4C48-8EC1-B5EF3C65CD70}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{122B5241-BD8A-4569-BF23-283B48104074}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{36D238B8-5841-4165-82CB-563A90FF2AC7}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{38F67A74-6D5C-4EC8-B216-D37264A7D13D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{1DA3A468-3CBE-47FE-BBAA-AB6EDFB8EDBC}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{C725ACB6-E97C-44DE-896D-ECC1957B3945}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{DCDD7385-900D-4C4C-B026-06BF8409B1B1}"= UDP:57883ando P2P TCP Listening Port
"{639DB0CF-990A-4A86-A6A0-3FC17C387AD7}"= TCP:57883ando P2P UDP Listening Port
"{066EA408-B0F4-496F-AA07-3EAF5A5C54BD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0152E10D-8C32-4812-8DC2-B51A7360AD37}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{28B05D03-F7A9-48FC-8326-DE19083BAA71}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"TCP Query User{AD42AB8D-21DF-453C-A579-517AE12AFF1F}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\german\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 7.0
"UDP Query User{1833528E-8D6D-44ED-B8A8-6CDC4C2EEE5B}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\german\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 7.0
"TCP Query User{5C17F4BD-A7F2-4D90-8E46-EBC41DBA8CDC}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8926DD98-FB7E-4034-8F81-CCA4D7C07708}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{3FCEEA25-1F85-4E84-9DD4-562F2CF2ACB4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1CC0BB8E-5057-4CB4-B205-890173C20242}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImLc.exe:IncrediMail
"{626AEA9A-4E02-4256-8CD5-657965764552}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImLc.exe:IncrediMail
"{B689A912-C719-4920-A136-608A4CF0851A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{13D4932D-BC1F-4CDE-B499-9B488F4BDCD6}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0785C919-7160-427A-88B0-B7EFB69BB9A7}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{CD8546B4-A584-412B-BC0A-25F24E64E51B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{6A255346-18CB-404A-A10B-CA01F547D972}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{1ACB38F7-EBF3-4CCF-BACC-911F01F6E70D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{104B3663-3B04-4217-9435-0DB7BAC70C51}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D3584FC2-CFFD-4D22-9A54-692F8603A9AB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{93DDAC79-CA52-4DE3-8216-0217A69403EA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AC7B70F1-7AD1-483E-A083-E6FE00711F06}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-31 7680]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 crlscsi;crlscsi;C:\Windows\system32\drivers\crlscsi.sys [1995-11-07 6144]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-01-12 290908]
R2 TVESched;TVEnhance Task Scheduler (TTS));C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2007-01-12 114778]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-22 3076608]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [ ]
S3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-05 92656]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners

2008-10-18 C:\Windows\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2006-11-07 00:31]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Zusätzlicher Suchlauf -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.sf.tv/sfsport/
R0 -: HKLM-Main,Start Page = hxxp://www.sf.tv/sfsport/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: RF - Formular ausfüllen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 -: RF - Formular speichern - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 -: RF - Menü anpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 -: RF - RoboForm-Leiste ein/aus - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 12:58:27
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-10-20 13:00:25
ComboFix-quarantined-files.txt 2008-10-20 11:00:16

Vor Suchlauf: 30 Verzeichnis(se), 128'592'637'952 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 128,558,022,656 Bytes frei

286 --- E O F --- 2008-10-19 05:01:58

---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:01, on 20.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Home Cinema\TV Enhance\TVEService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sf.tv/sfsport/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sf.tv/sfsport/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sf.tv/sfsport/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\Home Cinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RF - Formular ausfüllen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular speichern - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF - Menü anpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12089 bytes



Guten Morgen.. betreff meines letzten Postings.. kommt jetzt noch was, was zu machen wäre oder war es das schon?? Aufjedenfall scheint mein IE wieder korrekt zu laufen ohne Malware Ansage auf der Seiten und ohne leere Seiten. Sag schon mal ein riesendank***. falls noch was zu erledigen wäre, wäre ich froh dies noch zum Abschluss bringen zu können dass die Sicherheit meines PC gewährleistet ist.

Lieber Gruss Toni