Riesenproblem mit IE bzw. Firefox |
||
---|---|---|
#0
| ||
19.10.2009, 21:58
Member
Beiträge: 12 |
||
|
||
19.10.2009, 23:36
Ehrenmitglied
Beiträge: 6028 |
||
|
||
22.10.2009, 21:25
Member
Themenstarter Beiträge: 12 |
#3
Also:
3. Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2979 Windows 6.0.6002 Service Pack 2 22.10.2009 08:39:50 mbam-log-2009-10-22 (08-39-50).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 95759 Laufzeit: 6 minute(s), 33 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Users\Paul\AppData\Local\Temp\CFAD.tmp (Trojan.Dropper) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Paul\AppData\Local\Temp\CFAD.tmp (Trojan.Dropper) -> Delete on reboot. C:\Users\Paul\AppData\Local\Temp\AC07.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. 5. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:24:08, on 22.10.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SYSTEM32\taskeng.exe C:\Windows\SYSTEM32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\PLFSetI.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lexmark 4800 Series\lxdemon.exe C:\Program Files\Lexmark 4800 Series\lxdeamon.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Microsoft Encarta\Encarta 2009 - Enzyklopaedie DVD\EDICT.EXE C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.Exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\system32\ping.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\SYSTEM32\rundll32.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/?fr=fp-yie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orf.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe" O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Window Arrangment on Splitted Screen] C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [E09DXLRD_1727367] "C:\Program Files\Microsoft Encarta\Encarta 2009 - Enzyklopaedie DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [] O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: SETAUDIO.EXE O4 - Global Startup: SETRES.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll O20 - AppInit_DLLs: acaptuser32.dll,C:\Windows\System32\C_ISCII32.dll,C:\Windows\System32\,C:\Windows\System32\D3DCompiler_3732.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c995fb5741ab57) (gupdate1c995fb5741ab57) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe O23 - Service: lxde_device - - C:\Windows\system32\lxdecoms.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: WTGService - Unknown owner - C:\Program Files\3DataManager\WTGService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 15289 bytes Bitte wirklich um hilfe, hab keine Ahnung was ich noch machen soll. |
|
|
||
22.10.2009, 22:49
Ehrenmitglied
Beiträge: 6028 |
#4
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei Zitat R3 - URLSearchHook: (no name) - - (no file)Klicke Fixed checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Temp File Cleaner Download TFC.exe by OldTimer zum Desktop Schliesse alle fenster und doppelklick TFC.exe um das Programm zu starten Vista benutzer: rechtermausklick auf TFC.exe und waehle "Run as an Administrator" Lasse Temp File Cleaner seine Arbeit tun Am Ende wird dein Rechner neu starten,wenn nicht starte manuell neu ComboFix© (by sUBs) Download ComboFix und speichert es auf den Desktop! Download link 1 ComboFix© by sUBs Download link 2 ComboFix© by sUBs Note:Wenn wehrend du Combofix runterlaedst oder anwendet ein Meldung deines Virenscanner kommt oder ein anderen Realtime scanner Schalte diese scanner dann aus und download ComboFix erneut Es gibt scanner die bestimmte komponente die durch CF benutzt werden als verdaechtig ansehen und versucht sie zu blokkieren oder zu entfernen Starte combofix.exe Note:Vista Um Combofix unter Vista(32 Bit) nutzen zu koennen muss man es als Administrator starten. Also rechte Maustaste auf die Combofix.exe und "Als Administrator ausfuehren" waehlen. Folge den Instruktionen in das Fenster Wenn ComboFix schon vorher benutzt worden ist kann es sein das du eine Meldung bekommst das es ein Update gibt Erlaube diesen Update und klicke OK im "NirCmd“ fenster klicke nach ablauf auf "ja“um den Scan zu starten Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt) nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen" Befolge diese Anleitung __________ MfG Argus |
|
|
||
02.11.2009, 20:09
Member
Themenstarter Beiträge: 12 |
#5
Hey,
danke erstmal für deine tolle hilfe Hier der Log: ComboFix 09-10-27.08 - Paul 02.11.2009 19:52.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3069.1875 [GMT 1:00] ausgeführt von:: c:\users\Paul\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Paul\AppData\Roaming\.# c:\users\Paul\AppData\Roaming\.#\MBX@1354@1E2990.### c:\users\Paul\AppData\Roaming\.#\MBX@1354@1E29C0.### c:\users\Paul\AppData\Roaming\.#\MBX@1354@1E29F0.### c:\users\Paul\AppData\Roaming\.#\MBX@B0C@1AF2990.### c:\users\Paul\AppData\Roaming\.#\MBX@B0C@1AF29C0.### c:\users\Paul\AppData\Roaming\.#\MBX@B0C@1AF29F0.### c:\users\Paul\AppData\Roaming\020000005b2e7847689C.manifest c:\users\Paul\AppData\Roaming\020000005b2e7847689O.manifest c:\users\Paul\AppData\Roaming\020000005b2e7847689P.manifest c:\users\Paul\AppData\Roaming\020000005b2e7847689S.manifest c:\users\Paul\AppData\Roaming\inst.exe c:\windows\system32\dq9Do.vbs c:\windows\system32\Vc8SYvR.vbs c:\windows\system32\ZmNrUhiM14jNS9X.vbs . ((((((((((((((((((((((( Dateien erstellt von 2009-10-02 bis 2009-11-02 )))))))))))))))))))))))))))))) . 2009-11-02 19:05 . 2009-11-02 19:05 -------- d-----w- c:\users\Paul\AppData\Local\temp 2009-11-02 18:52 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-11-02 18:52 . 2007-11-22 08:05 308248 ----a-w- c:\windows\system32\drivers\iaStor.sys 2009-11-01 10:09 . 2009-11-01 10:09 -------- d-----w- c:\program files\iPod 2009-11-01 10:06 . 2009-11-01 10:06 -------- d-----w- c:\program files\Bonjour 2009-10-28 13:59 . 2009-10-28 13:59 -------- d-----w- c:\program files\Windows Portable Devices 2009-10-28 11:06 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-10-28 11:06 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-10-28 11:06 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-10-28 11:04 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv 2009-10-28 11:04 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-10-28 11:04 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-10-28 11:04 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll 2009-10-28 11:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-28 11:02 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-28 11:02 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-28 11:02 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-28 11:02 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-28 11:02 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-28 11:02 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-28 11:02 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-28 11:02 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-28 11:02 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-28 11:02 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-28 11:02 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-28 11:01 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-28 11:01 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-28 11:01 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-28 10:34 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 10:34 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-22 19:17 . 2009-10-22 19:17 -------- d-----w- c:\program files\Trend Micro 2009-10-21 22:41 . 2009-03-08 11:33 420352 ----a-w- c:\windows\system32\vbscript.dll 2009-10-21 22:41 . 2009-03-08 11:32 169472 ----a-w- c:\windows\system32\iexpress.exe 2009-10-21 22:41 . 2009-03-08 11:31 45568 ----a-w- c:\windows\system32\mshta.exe 2009-10-21 22:41 . 2009-03-08 11:33 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2009-10-21 22:41 . 2009-03-08 11:33 103936 ----a-w- c:\windows\system32\SetDepNx.exe 2009-10-21 22:41 . 2009-03-08 11:33 109568 ----a-w- c:\windows\system32\PDMSetup.exe 2009-10-21 22:41 . 2009-03-08 11:33 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2009-10-21 15:53 . 2009-10-21 15:53 -------- d-----w- c:\program files\Microsoft.NET 2009-10-21 15:50 . 2009-10-21 15:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-10-21 15:49 . 2009-10-21 15:49 -------- d-----r- C:\MSOCache 2009-10-20 23:27 . 2009-10-20 23:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2009-10-20 23:22 . 2009-10-20 23:22 -------- d-sh--w- c:\windows\system32\%APPDATA% 2009-10-20 21:54 . 2009-10-20 21:54 -------- d-----w- c:\users\Paul\AppData\Local\Microsoft Help 2009-10-20 18:03 . 2009-10-29 21:44 -------- d-----w- c:\users\Paul\Incomplete 2009-10-20 17:28 . 2009-10-20 17:28 -------- d-----w- c:\users\Paul\Office Genuine Advantage 2009-10-20 16:13 . 2000-10-20 09:15 1015296 ----a-w- c:\windows\system32\actrpt.dll 2009-10-20 16:10 . 2009-10-20 16:11 -------- d-----w- c:\users\Paul\AppData\Roaming\Lexware 2009-10-20 14:36 . 2009-10-20 17:55 -------- d-----w- c:\program files\Lexware 2009-10-20 14:36 . 2009-10-20 14:36 -------- d-----w- c:\programdata\BTrieve 2009-10-20 14:36 . 2009-10-20 17:50 -------- d-----w- c:\programdata\Lexware 2009-10-20 14:34 . 2006-06-26 13:58 1929216 ----a-w- c:\windows\system32\cdintf250.dll 2009-10-20 14:32 . 2009-10-20 17:56 -------- d-----w- c:\program files\Common Files\Lexware 2009-10-20 14:32 . 2009-10-20 16:10 -------- d-----w- c:\users\Paul\AppData\Local\Lexware 2009-10-20 13:14 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-20 13:14 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-20 13:14 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-20 13:14 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-20 13:12 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-20 13:12 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-20 13:12 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-20 13:12 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-20 13:12 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-18 09:40 . 2009-10-18 09:40 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes 2009-10-18 09:40 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-18 09:40 . 2009-10-18 09:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-18 09:40 . 2009-10-18 09:40 -------- d-----w- c:\programdata\Malwarebytes 2009-10-18 09:40 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-18 09:27 . 2009-10-18 09:27 -------- d-----w- C:\logs 2009-10-18 09:00 . 2009-10-18 13:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-18 09:00 . 2009-10-18 09:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-10-17 15:02 . 2009-10-17 15:02 121344 ----a-w- c:\windows\system32\D3DCompiler_3732.dll 2009-10-17 15:01 . 2009-10-17 15:01 121344 ----a-w- c:\windows\system32\C_ISCII32.dll 2009-10-17 14:16 . 2009-10-17 14:16 -------- d-----w- c:\programdata\LightScribe 2009-10-17 11:46 . 2009-10-17 11:46 -------- d-----w- c:\windows\system32\syncdb 2009-10-17 11:39 . 2009-10-17 11:39 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-10-16 23:29 . 2009-10-16 23:29 -------- d-----w- c:\users\Paul\AppData\Local\VideoMagician 2009-10-16 23:28 . 2009-10-16 23:28 -------- d-----w- c:\users\Paul\AppData\Local\CyberLink 2009-10-16 23:28 . 2009-10-16 23:28 -------- d-----w- c:\users\Paul\AppData\Local\HomeMedia 2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\users\Paul\AppData\Roaming\DAEMON Tools Pro 2009-10-16 21:03 . 2009-10-16 21:05 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-10-14 09:20 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-14 09:20 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-14 09:20 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-14 09:19 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-10-14 09:19 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-14 09:19 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-13 10:35 . 2009-10-13 10:35 -------- d-----w- c:\users\Paul\AppData\Local\GHISLER 2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF 2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF 2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF 2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF 2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF 2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF 2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF 2009-10-13 10:00 . 2009-10-20 17:57 -------- d-----w- c:\users\Paul\AppData\Roaming\GHISLER 2009-10-11 21:03 . 2009-10-11 21:03 -------- d-----w- c:\programdata\WindowsSearch 2009-10-11 20:00 . 2009-10-11 20:00 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-11 20:00 . 2009-10-11 19:59 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2009-10-11 20:00 . 2009-10-11 20:00 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2009-10-11 20:00 . 2009-10-11 20:00 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-10-11 20:00 . 2009-10-11 20:46 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-11 20:00 . 2009-10-11 20:00 -------- d-----w- c:\program files\Symantec 2009-10-11 19:59 . 2009-10-11 20:02 -------- d-----w- c:\programdata\Norton 2009-10-11 19:59 . 2009-10-11 19:59 -------- d-----w- c:\program files\Norton 360 Premier Edition 2009-10-11 19:59 . 2009-10-11 20:02 -------- d-----w- c:\programdata\NortonInstaller 2009-10-11 19:59 . 2009-10-11 19:59 -------- d-----w- c:\program files\NortonInstaller 2009-10-11 19:38 . 2009-10-11 19:38 -------- d-----w- c:\windows\system32\drivers\N360 2009-10-11 19:27 . 2009-10-11 19:27 -------- d-----w- c:\programdata\PCSettings 2009-10-05 19:53 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-02 18:56 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat 2009-11-02 18:56 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat 2009-11-02 18:46 . 2009-02-25 18:27 1076 ----a-w- c:\windows\bthservsdp.dat 2009-11-02 18:33 . 2009-02-22 13:38 69428 ----a-w- c:\users\Paul\AppData\Roaming\nvModes.dat 2009-11-02 17:18 . 2009-02-23 21:10 -------- d-----w- c:\programdata\Google Updater 2009-11-01 10:09 . 2009-09-27 19:16 -------- d-----w- c:\program files\iTunes 2009-11-01 10:09 . 2009-02-22 09:28 -------- d-----w- c:\program files\Common Files\Apple 2009-10-30 08:07 . 2009-02-21 22:45 -------- d-----w- c:\users\Paul\AppData\Roaming\Azureus 2009-10-30 04:12 . 2009-02-21 21:34 -------- d-----w- c:\users\Paul\AppData\Roaming\LimeWire 2009-10-28 17:26 . 2009-02-23 19:48 -------- d-----w- c:\programdata\Lx_cats 2009-10-28 13:58 . 2009-10-28 13:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-10-22 17:18 . 2008-03-25 14:26 -------- d-----w- c:\programdata\Microsoft Help 2009-10-21 22:24 . 2009-02-19 17:28 156120 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-21 19:30 . 2008-03-25 14:28 -------- d-----w- c:\program files\Microsoft Works 2009-10-21 15:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild 2009-10-21 14:16 . 2009-02-24 21:34 -------- d-----w- c:\users\Paul\AppData\Roaming\dvdcss 2009-10-20 17:37 . 2008-03-25 13:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-20 16:13 . 2009-10-20 16:12 -------- d-----w- c:\program files\Common Files\DAO 2009-10-18 09:07 . 2009-04-13 21:08 -------- d-----w- c:\program files\LimeWire 2009-10-17 11:39 . 2008-03-25 14:09 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-16 23:29 . 2009-03-09 17:47 -------- d-----w- c:\users\Paul\AppData\Roaming\CyberLink 2009-10-15 15:09 . 2009-07-07 20:34 -------- d-----w- c:\program files\Windows Live 2009-10-15 15:03 . 2009-07-07 20:34 -------- d-----w- c:\program files\Microsoft 2009-10-14 17:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-10-14 11:21 . 2009-03-09 18:32 -------- d-----w- c:\program files\Glary Utilities 2009-10-13 07:18 . 2009-03-10 05:41 -------- d-----w- c:\users\Paul\AppData\Roaming\GlarySoft 2009-10-12 22:54 . 2008-03-25 13:43 -------- d-----w- c:\program files\Acer GameZone 2009-10-12 22:21 . 2009-02-21 16:23 -------- d-----w- c:\program files\DVDFab 5 2009-10-12 22:21 . 2009-02-21 16:23 -------- d-----w- c:\users\Paul\AppData\Roaming\Vso 2009-10-12 21:33 . 2009-02-22 10:17 680 ----a-w- c:\users\Paul\AppData\Local\d3d9caps.dat 2009-10-12 07:25 . 2009-02-21 16:09 -------- d-----w- c:\programdata\Symantec 2009-10-11 20:00 . 2009-10-11 20:00 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-10-11 20:00 . 2009-10-11 20:00 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-10-11 19:32 . 2009-07-06 15:41 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} 2009-10-02 22:55 . 2009-02-21 22:44 -------- d-----w- c:\program files\Vuze 2009-09-30 22:23 . 2009-08-17 11:58 -------- d-----w- c:\program files\Cheat Engine 2009-09-27 20:56 . 2009-09-27 20:56 -------- d-----w- c:\program files\AutoHotkey 2009-09-25 02:10 . 2009-10-28 11:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-10-28 11:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-10-28 11:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-10-28 11:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-10-28 11:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-10-28 11:03 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-10-28 11:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-10-28 11:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-10-28 11:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-10-28 11:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:32 . 2009-10-28 11:03 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-10-28 11:03 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-10-28 11:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-10-28 11:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-10-28 11:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-10-28 11:03 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-10-28 11:03 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-10-28 11:03 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30 . 2009-10-28 11:03 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27 . 2009-10-28 11:03 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-10-28 11:03 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-10-28 11:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-10-28 11:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-15 17:36 . 2009-09-15 17:36 -------- d-----w- c:\users\Paul\AppData\Roaming\Printer Info Cache 2009-09-15 17:36 . 2009-09-15 17:36 -------- d-----w- c:\users\Paul\AppData\Roaming\Image Zone Express 2009-09-15 17:35 . 2009-09-15 11:52 -------- d-----w- c:\users\Paul\AppData\Roaming\HP 2009-09-15 14:08 . 2009-02-22 09:31 -------- d-----w- c:\users\Paul\AppData\Roaming\Apple Computer 2009-09-15 13:40 . 2009-09-15 11:40 -------- d-----w- c:\programdata\HP 2009-09-15 11:53 . 2009-09-15 11:42 164284 ----a-w- c:\windows\hpoins19.dat 2009-09-15 11:52 . 2009-09-15 11:52 -------- d-----w- c:\programdata\WEBREG 2009-09-15 11:51 . 2009-09-15 11:51 -------- d-----w- c:\programdata\HPSSUPPLY 2009-09-15 11:51 . 2009-09-15 11:43 -------- d-----w- c:\program files\HP 2009-09-15 11:51 . 2009-09-15 11:47 -------- d-----w- c:\program files\Common Files\HP 2009-09-15 11:47 . 2009-09-15 11:47 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-09-15 11:47 . 2009-09-15 11:47 -------- d-----w- c:\program files\Hewlett-Packard 2009-09-12 08:43 . 2009-09-12 08:41 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-12 08:40 . 2009-09-12 08:39 -------- d-----w- c:\program files\QuickTime 2009-09-10 18:37 . 2009-02-23 16:45 -------- d-----w- c:\programdata\NOS 2009-09-09 22:26 . 2009-07-07 19:39 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-29 00:27 . 2009-09-02 22:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-02 22:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-27 11:41 . 2009-02-21 15:50 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-27 05:22 . 2009-10-21 22:48 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-21 22:48 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17 . 2009-10-21 22:48 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42 . 2009-10-21 22:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-14 16:27 . 2009-09-09 19:07 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-09 19:07 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-09 19:07 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-09 19:07 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-09 19:07 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-09 19:07 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-09 19:07 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-09 19:07 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-09 19:07 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-09 19:07 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-09 19:07 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-07 18:27 . 2009-04-06 00:19 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-08-07 18:27 . 2009-05-12 16:25 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Window Arrangment on Splitted Screen"="c:\program files\Acer Inc\Acer GridVista\GridVistaULH.exe" [2008-03-05 387592] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "E09DXLRD_1727367"="c:\program files\Microsoft Encarta\Encarta 2009 - Enzyklopaedie DVD\EDICT.EXE" [2008-09-20 351000] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600] "lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-24 4702208] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-01-24 1826816] c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] SETAUDIO.EXE [2008-4-4 20480] SETRES.EXE [2008-4-4 20480] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" /s "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "WinampAgent"="c:\program files\Winamp\winampa.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):f8,1c,35,9d,60,e6,c9,01 R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [11.10.2009 21:00 310320] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [11.10.2009 21:00 482432] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091028.004\IDSvix86.sys [28.10.2009 23:37 343088] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [19.02.2009 18:31 41456] R2 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [11.10.2009 21:00 259632] R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?] R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe [11.10.2009 20:59 117640] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [19.02.2009 18:45 233472] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18.10.2009 10:00 1153368] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [06.04.2009 01:19 604488] R2 WTGService;WTGService;c:\program files\3DataManager\WTGService.exe [10.05.2009 18:15 267720] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16.10.2009 09:39 102448] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 07:40 3668480] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [11.10.2009 21:00 48688] R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [25.03.2008 21:59 43008] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06.09.2009 05:06 169312] S2 gupdate1c995fb5741ab57;Google Update Service (gupdate1c995fb5741ab57);c:\program files\Google\Update\GoogleUpdate.exe [23.02.2009 22:11 133104] S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdeserv.exe [29.05.2007 14:06 99248] S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.03.2009 15:28 1533808] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [25.03.2008 21:59 179712] S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.01.2008 03:23 21504] S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [24.03.2009 12:03 12648] S3 UsbFltr;Razer Copperhead Driver;c:\windows\System32\drivers\copperhd.sys [27.02.2009 21:34 11596] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Inhalt des "geplante Tasks" Ordners 2009-11-02 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-15 10:07] 2009-11-02 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-03-09 17:27] 2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 21:11] 2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 21:11] 2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{54C5255A-F2DC-4B80-BB52-3A40720F7386}.job - c:\windows\system32\msfeedssync.exe [2009-10-21 03:41] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.orf.at/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://de.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.orf.at/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - component: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\components\cooliris.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll FF - plugin: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - Entfernte verwaiste Registrierungseinträge - - - - ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file) ************************************************************************** Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.5.2.11\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-67386191-2426360508-2556992975-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:4e,9b,c2,2d,b5,ea,56,2a,cd,08,6d,31,aa,55,40,7d,de,28,0e,06,1d, c2,a0,85,58,73,c9,92,30,25,a5,19,24,90,04,ec,30,c9,0c,bc,9c,e9,39,f4,a2,cb,\ "rkeysecu"=hex:aa,48,7a,6f,e1,c6,da,07,36,b8,76,1f,69,ec,b5,14 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2009-11-02 20:07 ComboFix-quarantined-files.txt 2009-11-02 19:07 Vor Suchlauf: 10 Verzeichnis(se), 23.770.701.824 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 23.684.096.000 Bytes frei - - End Of File - - 04293A017B956754287DBD4B54CEE502 |
|
|
||
02.11.2009, 22:10
Moderator
Beiträge: 5694 |
#6
>>
Combofix entfernen: Windows Taste + R drücken Kopiere rein: Combofix /U - klicke "OK" (oder, wenn es nicht funktioniert: C:\QooBox löschen) >> Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere in das weisse Feld: Zitat Files to delete:- schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten) - Klicke: Execute - bestätige, dass der Rechner neu gestartet wird - klicke "yes" - nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen >> loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb >> Deinstalliere über Start --> Systemsteuerung --> Software: DAEMON Tools Lite >> Erstelle ein Gmer Report: Lade es von hier http://www.gmer.net/download.php starte die Datei, druecke im Reiter Rootkits auf scan. Nach ende des Scans bitte mit Hilfe von Copy den Report in den eigenen Thread einfuegen... Zitat >> wende bitte RSIT an + poste die zwei Logs http://virus-protect.org/artikel/tools/random.html [/u] |
|
|
||
30.03.2010, 16:41
Member
Themenstarter Beiträge: 12 |
#7
Hallo,
ich hab das leider verabsäumt, aber wollte mich nochmal recht herzlich für die tolle Hilfe bedanken! VIELEN DANK |
|
|
||
ich hab seit kurzem ein riesiges Problem mit IE bzw. mit Firefox.
Wenn ich in Firefox eine Seite aufmache bzw. eine Seite lade, macht es im IE immer diesen Link:
media2.tmlatn.com/images/defaults41/approved/404.html
auf.
Um was handelt es sich bei diesem Link? Warum öffnet er sich plötzlich, obwohl ich IE schon seit einigen Monaten nicht benützt habe.
Ich habe bereits mit Spybot-SD und Malwarebytes Anti-Malware alles versucht, aber dieser Link verschwindet einfach nicht.
Und ich vermute dass es sich hierbei um nichts Gutmütiges handelt.
Bitte um hilfe.
Lg
Paul