bitte um Auswertung Pc langsam und AVG gibt meldung

#1 Hallo

Mein PC is seit geraumer Zeit sehr langsam geworden und AVG u´nd Windows Defender geben mir div Meldungen

log von Malware

Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1995
Windows 6.0.6001 Service Pack 1

19-04-2009 12:25:23
mbam-log-2009-04-19 (12-25-23).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 67141
Laufzeit: 5 minute(s), 56 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


LOG von Combofix

ComboFix 09-04-19.04 - Fam. Schallenberg 19-04-2009 11:59:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.45.1031.18.1013.347 [GMT 2:00]
Kører fra: C:\Users\Fam. Schallenberg\Downloads\ComboFix.exe
AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
* Dannede nyt systemgendannelsespunkt
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\LastSun Ltd
C:\Users\Fam. Schallenberg\AppData\Roaming\Microsoft\SystemCertificates\Request
C:\Users\Fam. Schallenberg\Documents\My Documents.url
C:\Windows\system32\W020T32W.DLL
C:\Windows\system32\W021T32W.DLL
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-03-19 til 2009-04-19 )))))))))))))))))))))))))))))))))))
.

2009-04-17 21:41:59 . 2009-04-17 21:42:00 0 d-----w C:\Users\Fam. Schallenberg\AppData\Roaming\Malwarebytes
2009-04-17 21:41:44 . 2009-04-06 13:32:46 15504 ----a-w C:\Windows\system32\drivers\mbam.sys
2009-04-17 21:41:40 . 2009-04-06 13:32:54 38496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2009-04-17 21:41:39 . 2009-04-17 21:41:55 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-04-17 21:41:39 . 2009-04-17 21:41:39 0 d-----w C:\Users\All Users\Malwarebytes
2009-04-17 21:41:39 . 2009-04-17 21:41:39 0 d-----w C:\ProgramData\Malwarebytes
2009-04-17 20:36:18 . 2009-04-17 20:36:18 0 d-----w C:\Program Files\Trend Micro
2009-04-16 16:39:21 . 2009-04-16 16:39:21 0 d-----w C:\Users\Fam. Schallenberg\AppData\Roaming\BigFishv1005de
2009-04-16 16:11:57 . 2009-04-16 16:12:17 0 d-----w C:\Program Files\Amazing Adventures - Around the World
2009-04-16 05:15:35 . 2008-12-06 04:42:11 376832 ----a-w C:\Windows\system32\winhttp.dll
2009-04-15 14:21:01 . 2009-04-15 14:21:01 0 d-----w C:\Users\All Users\SpinTop Games
2009-04-15 14:21:01 . 2009-04-15 14:21:01 0 d-----w C:\ProgramData\SpinTop Games
2009-04-11 19:56:26 . 2009-04-11 19:56:26 0 d-----w C:\Users\All Users\BigFishv1005de
2009-04-11 19:56:26 . 2009-04-11 19:56:26 0 d-----w C:\ProgramData\BigFishv1005de
2009-04-01 13:21:25 . 2009-04-15 11:03:22 0 d-----w C:\Users\Fam. Schallenberg\AppData\Roaming\RobinsonCrusoeBFGDE
2009-03-21 17:53:09 . 2009-03-21 17:53:09 0 d-----w C:\Users\Fam. Schallenberg\AppData\Local\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 06:53:26 . 2006-12-04 23:01:13 0 d--h--w C:\Program Files\InstallShield Installation Information
2009-04-19 06:53:23 . 2006-11-02 10:25:05 86016 ----a-w C:\Windows\Inf\infpub.dat
2009-04-19 06:53:23 . 2006-11-02 10:25:05 143360 ----a-w C:\Windows\Inf\infstrng.dat
2009-04-19 06:53:23 . 2006-11-02 10:25:05 143360 ----a-w C:\Windows\Inf\infstor.dat
2009-04-19 06:53:01 . 2006-12-04 23:01:21 319984 ----a-w C:\Windows\DIFxAPI.dll
2009-04-19 06:00:16 . 2007-08-12 20:34:32 0 d-----w C:\Users\Fam. Schallenberg\AppData\Roaming\AVG7
2009-04-17 20:46:06 . 2007-04-24 15:40:34 0 d-----w C:\Program Files\Google
2009-04-17 20:39:40 . 2007-04-25 07:08:55 0 d-----w C:\Program Files\DivX
2009-04-17 05:59:55 . 2008-01-14 11:57:19 0 d---a-w C:\ProgramData\TEMP
2009-04-17 03:56:26 . 2006-11-02 11:18:33 0 d-----w C:\Program Files\Windows Mail
2009-04-15 16:01:44 . 2006-12-04 23:22:29 0 d-----w C:\Program Files\Common Files\Symantec Shared
2009-04-15 16:00:03 . 2007-08-07 11:58:57 0 d-----w C:\Program Files\Norton Security Scan
2009-04-07 18:55:17 . 2008-05-08 20:25:03 0 d-----w C:\Users\Fam. Schallenberg\AppData\Roaming\Skype
2009-04-04 19:23:53 . 2006-11-02 15:38:05 676218 ----a-w C:\Windows\System32\perfh007.dat
2009-04-04 19:23:53 . 2006-11-02 15:38:05 152136 ----a-w C:\Windows\System32\perfc007.dat
2009-03-21 10:26:58 . 2007-10-27 14:40:44 0 d-----w C:\Users\Fam. Schallenberg\AppData\Roaming\FileZilla
2009-03-21 10:20:53 . 2008-12-25 08:09:24 0 d-----w C:\Program Files\FileZilla Client
2009-03-17 20:02:11 . 2009-03-17 20:02:11 0 d-----w C:\Users\Fam. Schallenberg\AppData\Roaming\Friday's games
2009-03-17 03:38:46 . 2009-04-16 05:15:04 40960 ----a-w C:\Windows\AppPatch\apihex86.dll
2009-03-17 03:38:46 . 2009-04-16 05:15:04 13824 ----a-w C:\Windows\System32\apilogen.dll
2009-03-17 03:38:44 . 2009-04-16 05:15:04 24064 ----a-w C:\Windows\System32\amxread.dll
2009-03-16 15:52:09 . 2009-03-16 15:52:08 0 d-----r C:\Program Files\Skype
2009-03-16 15:52:09 . 2008-05-08 20:22:38 0 d-----w C:\ProgramData\Skype
2009-03-16 15:00:04 . 2008-05-08 20:29:41 0 d-----w C:\Users\Fam. Schallenberg\AppData\Roaming\skypePM
2009-03-15 13:20:21 . 2009-03-15 13:20:21 0 d-----w C:\Users\Fam. Schallenberg\AppData\Roaming\Sony
2009-03-15 13:20:21 . 2009-03-15 13:20:21 0 d-----w C:\ProgramData\Sony
2009-03-15 12:22:00 . 2009-03-15 12:22:00 0 d-----w C:\Program Files\Common Files\Sony Shared
2009-03-15 12:21:43 . 2009-03-15 12:21:43 0 d-----w C:\Program Files\Sony
2009-03-15 12:21:37 . 2007-09-25 19:55:48 0 d-----w C:\Program Files\Sony Ericsson
2009-03-15 12:19:44 . 2007-10-21 21:19:32 0 d-----w C:\Program Files\QuickTime
2009-03-15 12:18:34 . 2009-03-15 12:18:34 0 d-----w C:\ProgramData\Apple Computer
2009-03-15 12:17:09 . 2009-03-15 12:17:08 0 d-----w C:\Program Files\Apple Software Update
2009-03-15 12:17:08 . 2009-03-15 12:17:08 0 d-----w C:\ProgramData\Apple
2009-03-15 10:24:22 . 2009-03-15 10:24:22 0 d-----w C:\ProgramData\BVRP Software
2009-03-15 10:24:22 . 2009-03-15 10:24:22 0 d-----w C:\Program Files\Avanquest update
2009-03-15 10:06:50 . 2007-07-03 18:33:18 0 d-----w C:\ProgramData\Sony Ericsson
2009-03-15 08:20:11 . 2007-06-28 05:45:40 4892 ----a-w C:\Users\Fam. Schallenberg\AppData\Local\d3d9caps.dat
2009-03-14 07:38:12 . 2009-03-14 07:38:12 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-03 04:46:01 . 2009-04-16 05:15:18 3599328 ----a-w C:\Windows\System32\ntkrnlpa.exe
2009-03-03 04:46:01 . 2009-04-16 05:15:17 3547632 ----a-w C:\Windows\System32\ntoskrnl.exe
2009-03-03 04:40:12 . 2009-04-16 05:19:06 827392 ----a-w C:\Windows\System32\wininet.dll
2009-03-03 04:39:36 . 2009-04-16 05:15:15 183296 ----a-w C:\Windows\System32\sdohlp.dll
2009-03-03 04:39:32 . 2009-04-16 05:15:18 551424 ----a-w C:\Windows\System32\rpcss.dll
2009-03-03 04:39:22 . 2009-04-16 05:15:15 26112 ----a-w C:\Windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37:14 . 2009-04-16 05:19:05 78336 ----a-w C:\Windows\System32\ieencode.dll
2009-03-03 04:37:11 . 2009-04-16 05:15:15 98304 ----a-w C:\Windows\System32\iasrecst.dll
2009-03-03 04:37:11 . 2009-04-16 05:15:15 44032 ----a-w C:\Windows\System32\iasdatastore.dll
2009-03-03 04:37:11 . 2009-04-16 05:15:14 54784 ----a-w C:\Windows\System32\iasads.dll
2009-03-03 03:04:59 . 2009-04-16 05:15:16 666624 ----a-w C:\Windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38:13 . 2009-04-16 05:15:14 17408 ----a-w C:\Windows\System32\iashost.exe
2009-03-03 02:28:19 . 2009-04-16 05:19:05 26624 ----a-w C:\Windows\System32\ieUnatt.exe
2009-02-13 08:49:10 . 2009-04-16 05:15:04 72704 ----a-w C:\Windows\System32\secur32.dll
2009-02-13 08:49:09 . 2009-04-16 05:15:05 1255936 ----a-w C:\Windows\System32\lsasrv.dll
2009-02-09 03:10:34 . 2009-03-11 14:03:27 2033152 ----a-w C:\Windows\System32\win32k.sys
2008-10-26 11:52:55 . 2008-10-26 11:52:55 105 ----a-w C:\Users\Fam. Schallenberg\AppData\Local\fusioncache.dat
2008-09-07 06:54:48 . 2008-09-07 06:54:48 63488 ----a-w C:\Users\Fam. Schallenberg\xobglu16.dll
2008-09-07 06:54:48 . 2008-09-07 06:54:48 23552 ----a-w C:\Users\Fam. Schallenberg\xobglu32.dll
2008-09-06 05:50:14 . 2006-11-02 12:48:00 174 --sha-w C:\Program Files\desktop.ini
2008-06-29 11:20:24 . 2007-04-20 19:59:04 54376 ----a-w C:\Users\Fam. Schallenberg\AppData\Local\GDIPFONTCACHEV1.DAT
2008-05-08 20:29:42 . 2008-05-08 20:29:42 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-05-08 20:29:42 . 2008-05-08 20:29:42 56 ---ha-w C:\ProgramData\ezsidmv.dat
2009-04-18 06:2007-09-02 16:34 23:30 . C:\Program Files\mozilla firefox\components\jar50.dll
2009-04-18 06:2007-09-02 16:34 23:31 . C:\Program Files\mozilla firefox\components\jsd3250.dll
2009-04-18 06:2007-09-02 16:34 23:31 . C:\Program Files\mozilla firefox\components\myspell.dll
2009-04-18 06:2007-09-02 16:34 23:35 . C:\Program Files\mozilla firefox\components\spellchk.dll
2009-04-18 06:2007-09-02 16:34 23:35 . C:\Program Files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 07:33:30 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 20:44:32 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-22 07:29:00 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-22 07:29:00 7757824]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-22 07:29:00 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 03:00:36 815104]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 01:02:32 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 01:05:32 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 01:02:18 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 12:35:24 614400]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 22:04:16 464168]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2009-03-14 08:20:51 590848]
"RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2006-11-20 06:13:00 4018176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 09:55:50 219136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2007-08-12 20:33:22 9216 ----a-w C:\Windows\System32\avgwlntf.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dienst-Manager.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dienst-Manager.lnk
backup=C:\Windows\pss\Dienst-Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0CDC525B-142D-47F0-A909-B1670903FE20}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{BF867496-5A09-42C4-81C1-E3BE71E1AAFF}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A7632F96-A650-419B-ACEC-EAB195B00B0D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9D6F69FE-C03E-4363-9C9C-71A181F79663}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{595AD776-6DE0-4D9A-837E-D7FF5FB34961}C:\\sydbank\\pcbank\\mclwin\\prg\\zbase32.exe"= UDP:C:\sydbank\pcbank\mclwin\prg\zbase32.exeatabase Engine 8.76
"UDP Query User{DD5ECBD8-1A53-44D5-8653-CC7DEB9832F4}C:\\sydbank\\pcbank\\mclwin\\prg\\zbase32.exe"= TCP:C:\sydbank\pcbank\mclwin\prg\zbase32.exeatabase Engine 8.76
"TCP Query User{8D1BAA9E-D5A4-48EF-B6A4-CC5A4AD2FA6B}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{A490EB3C-B677-45A8-ACDC-840E891ADE13}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"{BAE21153-5D9B-4A3D-926F-4E1EA1783467}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D300F953-22A9-4CE0-A850-AB894BE11AA2}"= UDP:C:\Program Files\Support.com\TDC\hcenter.exe:TDC Netsupport
"{6E154C94-80B5-4C6C-B3D8-16E4DF530992}"= TCP:C:\Program Files\Support.com\TDC\hcenter.exe:TDC Netsupport
"TCP Query User{17FEDBD7-1E5D-47A2-BE1E-9A89EE037F6E}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{403A2344-F8C3-4F1F-98B4-D24483EE4EEF}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"{3D47A973-91D8-4CAB-89FF-965AC6BCE6AE}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{80840F47-B73F-4FCE-AA4D-C0E2962CEDB4}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{1951DA63-BCF2-45EF-9DAF-B49323C899E4}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{718EA272-59C9-4F74-884A-C29A58E60B86}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{CC5F63D2-24C2-48D2-8430-8A7ED947B0C1}C:\\program files\\support.com\\bin\\tgcmd.exe"= UDP:C:\program files\support.com\bin\tgcmd.exe:TDC Netsupport
"UDP Query User{988E901A-79A6-42D0-87BF-B7F76AE5E44E}C:\\program files\\support.com\\bin\\tgcmd.exe"= TCP:C:\program files\support.com\bin\tgcmd.exe:TDC Netsupport
"{CEB570E8-7C5F-4997-B10B-19194F784398}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{BD5CA310-0EB7-4751-A03D-2D4C50C0ECAC}C:\\program files\\filezilla client\\filezilla.exe"= UDP:C:\program files\filezilla client\filezilla.exe:FileZilla FTP Client
"UDP Query User{C70EEE98-A715-4AB5-897A-AF73ECD49158}C:\\program files\\filezilla client\\filezilla.exe"= TCP:C:\program files\filezilla client\filezilla.exe:FileZilla FTP Client
"{70F5467D-50B6-42A3-A0C6-9607134BD6A7}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{8104E4E8-271C-4122-90D5-38BDD5286612}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{7BE1F490-5F16-4AE5-A331-1F417AA1834B}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{48658D29-313C-4422-9A53-7DC540686B86}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 07:30:53 167936]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\Windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 08:13:22 163328]
R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 14:44:30 31232]
R3 SQLAgent$CENTROSQL;SQLAgent$CENTROSQL;C:\Program Files\Microsoft SQL Server\MSSQL$CENTROSQL\Binn\sqlagent.EXE [2005-05-03 20:42:56 323584]
S2 {2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};C:\Program Files\Acer\Acer Arcade\000.fcl [2006-11-18 04:57:32 6656]
S2 MSSQL$CENTROSQL;MSSQL$CENTROSQL;C:\Program Files\Microsoft SQL Server\MSSQL$CENTROSQL\Binn\sqlservr.exe [2005-05-03 23:19:22 9150464]
S3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\System32\Drivers\avgwfp.sys [2008-03-14 10:44:24 53768]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Indhold af mappen 'Planlagte Opgaver'

2009-04-15 C:\Windows\Tasks\Norton Security Scan for Fam. Schallenberg.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-09-19 03:18:06 . 2009-03-11 19:20:08]

2009-04-19 C:\Windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20:38 . 2007-10-19 10:20:38]

2009-04-19 C:\Windows\Tasks\User_Feed_Synchronization-{3E424AD9-22CA-407C-A089-BEBC093ED5BA}.job
- C:\Windows\system32\msfeedssync.exe [2008-06-18 12:45:47 . 2008-01-19 07:33:16]
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-Acer Tour - (no file)


.
------- Yderligere scanning -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://da.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = localhost
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - C:\Users\Fam. Schallenberg\AppData\Roaming\Mozilla\Firefox\Profiles\i2g64nw0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.dk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: C:\Program Files\Mozilla Firefox\components\xpinstal.dll
FF - component: C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

---- FIREFOX POLITIKKER ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 12:04:31
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...


C:\Users\FAM~1.SCH\AppData\Local\Temp\Cab4E9D.tmp 27385 bytes
C:\Users\FAM~1.SCH\AppData\Local\Temp\Tar4EAD.tmp 0 bytes
C:\Windows\TEMP\TMP000000757512BE4089E5BE91 524288 bytes executable
C:\Windows\TEMP\TMP000000768D7BD74CD5AD0117 524288 bytes executable

scanning gennemført med succes
skjulte filer: 4

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD}]
"ImagePath"="\??\C:\Program Files\Acer\Acer Arcade\000.fcl"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2009-04-19 12:07:11
ComboFix-quarantined-files.txt 2009-04-19 10:07:03

Pre-Kørsel: 9.189.736.448 Bytes frei
Post-Kørsel: 9.185.222.656 Bytes frei

266 --- E O F --- 2009-04-17 03:56:16



Log Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:40, on 19-04-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8742 bytes


Liste/Log uninstall list

Acer Arcade
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.9
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Amazing Adventures: Around the World
Apple Software Update
Avanquest update
AVG 7.5
Big Fish Games Client
Bluesoleil2.6.0.8 Release 070517
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
EPSON-Drucker-Software
ErrorSmart
Feed Detector (Windows Live Toolbar)
FileZilla Client 3.2.2.1
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
InterActual Player
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Krakout Unlimited 2
Launch Manager
Liberty Praxis
Logitech Desktop Messenger
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office FrontPage 2003
Microsoft SQL Server Desktop Engine (CENTROSQL)
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2000 SR-1
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 8
Norton Security Scan
Norton Security Scan (Symantec Corporation)
Oceanix
PIF DESIGNER
QuickTime
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Skype™ 4.0
Smarte menuer (Windows Live Toolbar)
SMSC Fast Infrared Driver
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite 4.005.00
Synaptics Pointing Device Driver
Update Service
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
WinRAR




danke fuer eure Hilfe

#2 Hi,
vistauser müssen bei allen programmen rechtsklick und als administrator ausfüren wählen.
Rootkitscans:
Während dieser scans muss die Verbindung zum internet getrennt werden, also netzwerkkabel raus, wlan aus, und du musst alle Programme auch antivirus abschalten.
http://virus-protect.org/artikel/tools/gmer.html
und:
http://www.virus-protect.org/catchme.html
starte zwischendurch bitte nicht neu und nach den scans (wenn es geht) auch net.

#3 Hallo Danke fuer die schnelle antwort


hier das ergebnis vom gmer

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-19 19:50:13
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----





catchme hatte ueberall 0

#4 kannst du mir mal sagen, was avg gefunden hat?

#5 er schrieb trojan:win32/winprotect irgendwas



hab hier allerdings bevor ich gepostet hab einige threads durchgelesen und die sachen gemacht die den leuten geraten worden waren


kann also gut sein, dass es dadurch weggegangen is :-)

#6 bitte poste ein frisches hjt-log

#7 hi sorry war nen tag nicht da


hier das log





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:57, on 21-04-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\FAM~1.SCH\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7599 bytes




thx

#8 avg updaten, scannen funde in quarantäne, log posten.

#9 ich hab avg deinstalled weil er immer wollte dass ich es erwerbe und hab antivir installiert

#10 dann scanne halt mit avira.