Riesenproblem mit IE bzw. Firefox

#1 Hey,

ich hab seit kurzem ein riesiges Problem mit IE bzw. mit Firefox.

Wenn ich in Firefox eine Seite aufmache bzw. eine Seite lade, macht es im IE immer diesen Link:

media2.tmlatn.com/images/defaults41/approved/404.html

auf.

Um was handelt es sich bei diesem Link? Warum öffnet er sich plötzlich, obwohl ich IE schon seit einigen Monaten nicht benützt habe.

Ich habe bereits mit Spybot-SD und Malwarebytes Anti-Malware alles versucht, aber dieser Link verschwindet einfach nicht.

Und ich vermute dass es sich hierbei um nichts Gutmütiges handelt.

Bitte um hilfe.

Lg
Paul

#2 Punkt 3 und 5 http://board.protecus.de/t23187.htm poste die Daten
__________
MfG Argus

#3 Also:

3.

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2979
Windows 6.0.6002 Service Pack 2

22.10.2009 08:39:50
mbam-log-2009-10-22 (08-39-50).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 95759
Laufzeit: 6 minute(s), 33 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\Paul\AppData\Local\Temp\CFAD.tmp (Trojan.Dropper) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Paul\AppData\Local\Temp\CFAD.tmp (Trojan.Dropper) -> Delete on reboot.
C:\Users\Paul\AppData\Local\Temp\AC07.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

5.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:08, on 22.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Encarta\Encarta 2009 - Enzyklopaedie DVD\EDICT.EXE
C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\ping.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\SYSTEM32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orf.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Window Arrangment on Splitted Screen] C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [E09DXLRD_1727367] "C:\Program Files\Microsoft Encarta\Encarta 2009 - Enzyklopaedie DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: []

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll
O20 - AppInit_DLLs: acaptuser32.dll,C:\Windows\System32\C_ISCII32.dll,C:\Windows\System32\,C:\Windows\System32\D3DCompiler_3732.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c995fb5741ab57) (gupdate1c995fb5741ab57) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
O23 - Service: lxde_device - - C:\Windows\system32\lxdecoms.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: WTGService - Unknown owner - C:\Program Files\3DataManager\WTGService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15289 bytes

Bitte wirklich um hilfe, hab keine Ahnung was ich noch machen soll.

#4 Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

Zitat

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Policies\Explorer\Run: []
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - AppInit_DLLs: acaptuser32.dll,C:\Windows\System32\C_ISCII32.dll,C:\Windows\System32\,C:\Windows\System32\D3DCompiler_3732.dll

Klicke Fixed checked

Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Temp File Cleaner
Download TFC.exe by OldTimer zum Desktop
Schliesse alle fenster und doppelklick TFC.exe um das Programm zu starten
Vista benutzer: rechtermausklick auf TFC.exe und waehle "Run as an Administrator"
Lasse Temp File Cleaner seine Arbeit tun
Am Ende wird dein Rechner neu starten,wenn nicht starte manuell neu

ComboFix© (by sUBs)
Download ComboFix und speichert es auf den Desktop!
Download link 1 ComboFix© by sUBs
Download link 2 ComboFix© by sUBs
Note:Wenn wehrend du Combofix runterlaedst oder anwendet ein Meldung deines Virenscanner kommt oder ein anderen Realtime scanner
Schalte diese scanner dann aus und download ComboFix erneut
Es gibt scanner die bestimmte komponente die durch CF benutzt werden als verdaechtig ansehen und versucht sie zu blokkieren oder zu entfernen
Starte combofix.exe
Note:Vista
Um Combofix unter Vista(32 Bit) nutzen zu koennen muss man es als Administrator starten.
Also rechte Maustaste auf die Combofix.exe und "Als Administrator ausfuehren" waehlen.

Folge den Instruktionen in das Fenster
Wenn ComboFix schon vorher benutzt worden ist kann es sein das du eine Meldung bekommst das es ein Update gibt
Erlaube diesen Update und klicke OK im "NirCmd“ fenster klicke nach ablauf auf "ja“um den Scan zu starten
Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen"
Befolge diese Anleitung
__________
MfG Argus

#5 Hey,

danke erstmal für deine tolle hilfe

Hier der Log:

ComboFix 09-10-27.08 - Paul 02.11.2009 19:52.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3069.1875 [GMT 1:00]
ausgeführt von:: c:\users\Paul\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Paul\AppData\Roaming\.#
c:\users\Paul\AppData\Roaming\.#\MBX@1354@1E2990.###
c:\users\Paul\AppData\Roaming\.#\MBX@1354@1E29C0.###
c:\users\Paul\AppData\Roaming\.#\MBX@1354@1E29F0.###
c:\users\Paul\AppData\Roaming\.#\MBX@B0C@1AF2990.###
c:\users\Paul\AppData\Roaming\.#\MBX@B0C@1AF29C0.###
c:\users\Paul\AppData\Roaming\.#\MBX@B0C@1AF29F0.###
c:\users\Paul\AppData\Roaming\020000005b2e7847689C.manifest
c:\users\Paul\AppData\Roaming\020000005b2e7847689O.manifest
c:\users\Paul\AppData\Roaming\020000005b2e7847689P.manifest
c:\users\Paul\AppData\Roaming\020000005b2e7847689S.manifest
c:\users\Paul\AppData\Roaming\inst.exe
c:\windows\system32\dq9Do.vbs
c:\windows\system32\Vc8SYvR.vbs
c:\windows\system32\ZmNrUhiM14jNS9X.vbs

.
((((((((((((((((((((((( Dateien erstellt von 2009-10-02 bis 2009-11-02 ))))))))))))))))))))))))))))))
.

2009-11-02 19:05 . 2009-11-02 19:05 -------- d-----w- c:\users\Paul\AppData\Local\temp
2009-11-02 18:52 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-02 18:52 . 2007-11-22 08:05 308248 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-01 10:09 . 2009-11-01 10:09 -------- d-----w- c:\program files\iPod
2009-11-01 10:06 . 2009-11-01 10:06 -------- d-----w- c:\program files\Bonjour
2009-10-28 13:59 . 2009-10-28 13:59 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-28 11:06 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-10-28 11:06 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-10-28 11:06 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-10-28 11:04 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2009-10-28 11:04 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-10-28 11:04 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-28 11:04 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll
2009-10-28 11:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-28 11:02 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-28 11:02 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-28 11:02 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-28 11:02 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-28 11:02 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-28 11:02 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-28 11:02 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-28 11:02 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-28 11:02 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-28 11:02 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-28 11:02 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-28 11:01 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-28 11:01 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-28 11:01 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-28 10:34 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 10:34 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-22 19:17 . 2009-10-22 19:17 -------- d-----w- c:\program files\Trend Micro
2009-10-21 22:41 . 2009-03-08 11:33 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-10-21 22:41 . 2009-03-08 11:32 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-10-21 22:41 . 2009-03-08 11:31 45568 ----a-w- c:\windows\system32\mshta.exe
2009-10-21 22:41 . 2009-03-08 11:33 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-10-21 22:41 . 2009-03-08 11:33 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-10-21 22:41 . 2009-03-08 11:33 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-10-21 22:41 . 2009-03-08 11:33 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-10-21 15:53 . 2009-10-21 15:53 -------- d-----w- c:\program files\Microsoft.NET
2009-10-21 15:50 . 2009-10-21 15:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-21 15:49 . 2009-10-21 15:49 -------- d-----r- C:\MSOCache
2009-10-20 23:27 . 2009-10-20 23:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-20 23:22 . 2009-10-20 23:22 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-10-20 21:54 . 2009-10-20 21:54 -------- d-----w- c:\users\Paul\AppData\Local\Microsoft Help
2009-10-20 18:03 . 2009-10-29 21:44 -------- d-----w- c:\users\Paul\Incomplete
2009-10-20 17:28 . 2009-10-20 17:28 -------- d-----w- c:\users\Paul\Office Genuine Advantage
2009-10-20 16:13 . 2000-10-20 09:15 1015296 ----a-w- c:\windows\system32\actrpt.dll
2009-10-20 16:10 . 2009-10-20 16:11 -------- d-----w- c:\users\Paul\AppData\Roaming\Lexware
2009-10-20 14:36 . 2009-10-20 17:55 -------- d-----w- c:\program files\Lexware
2009-10-20 14:36 . 2009-10-20 14:36 -------- d-----w- c:\programdata\BTrieve
2009-10-20 14:36 . 2009-10-20 17:50 -------- d-----w- c:\programdata\Lexware
2009-10-20 14:34 . 2006-06-26 13:58 1929216 ----a-w- c:\windows\system32\cdintf250.dll
2009-10-20 14:32 . 2009-10-20 17:56 -------- d-----w- c:\program files\Common Files\Lexware
2009-10-20 14:32 . 2009-10-20 16:10 -------- d-----w- c:\users\Paul\AppData\Local\Lexware
2009-10-20 13:14 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-20 13:14 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-20 13:14 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 13:14 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-20 13:12 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-20 13:12 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-20 13:12 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 13:12 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 13:12 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-18 09:40 . 2009-10-18 09:40 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2009-10-18 09:40 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 09:40 . 2009-10-18 09:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 09:40 . 2009-10-18 09:40 -------- d-----w- c:\programdata\Malwarebytes
2009-10-18 09:40 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-18 09:27 . 2009-10-18 09:27 -------- d-----w- C:\logs
2009-10-18 09:00 . 2009-10-18 13:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-18 09:00 . 2009-10-18 09:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-17 15:02 . 2009-10-17 15:02 121344 ----a-w- c:\windows\system32\D3DCompiler_3732.dll
2009-10-17 15:01 . 2009-10-17 15:01 121344 ----a-w- c:\windows\system32\C_ISCII32.dll
2009-10-17 14:16 . 2009-10-17 14:16 -------- d-----w- c:\programdata\LightScribe
2009-10-17 11:46 . 2009-10-17 11:46 -------- d-----w- c:\windows\system32\syncdb
2009-10-17 11:39 . 2009-10-17 11:39 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-10-16 23:29 . 2009-10-16 23:29 -------- d-----w- c:\users\Paul\AppData\Local\VideoMagician
2009-10-16 23:28 . 2009-10-16 23:28 -------- d-----w- c:\users\Paul\AppData\Local\CyberLink
2009-10-16 23:28 . 2009-10-16 23:28 -------- d-----w- c:\users\Paul\AppData\Local\HomeMedia
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\users\Paul\AppData\Roaming\DAEMON Tools Pro
2009-10-16 21:03 . 2009-10-16 21:05 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-14 09:20 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 09:20 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 09:20 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 09:19 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 09:19 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 09:19 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 10:35 . 2009-10-13 10:35 -------- d-----w- c:\users\Paul\AppData\Local\GHISLER
2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2009-10-13 10:00 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2009-10-13 10:00 . 2009-10-20 17:57 -------- d-----w- c:\users\Paul\AppData\Roaming\GHISLER
2009-10-11 21:03 . 2009-10-11 21:03 -------- d-----w- c:\programdata\WindowsSearch
2009-10-11 20:00 . 2009-10-11 20:00 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-11 20:00 . 2009-10-11 19:59 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-10-11 20:00 . 2009-10-11 20:00 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-10-11 20:00 . 2009-10-11 20:00 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-11 20:00 . 2009-10-11 20:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-11 20:00 . 2009-10-11 20:00 -------- d-----w- c:\program files\Symantec
2009-10-11 19:59 . 2009-10-11 20:02 -------- d-----w- c:\programdata\Norton
2009-10-11 19:59 . 2009-10-11 19:59 -------- d-----w- c:\program files\Norton 360 Premier Edition
2009-10-11 19:59 . 2009-10-11 20:02 -------- d-----w- c:\programdata\NortonInstaller
2009-10-11 19:59 . 2009-10-11 19:59 -------- d-----w- c:\program files\NortonInstaller
2009-10-11 19:38 . 2009-10-11 19:38 -------- d-----w- c:\windows\system32\drivers\N360
2009-10-11 19:27 . 2009-10-11 19:27 -------- d-----w- c:\programdata\PCSettings
2009-10-05 19:53 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 18:56 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat
2009-11-02 18:56 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat
2009-11-02 18:46 . 2009-02-25 18:27 1076 ----a-w- c:\windows\bthservsdp.dat
2009-11-02 18:33 . 2009-02-22 13:38 69428 ----a-w- c:\users\Paul\AppData\Roaming\nvModes.dat
2009-11-02 17:18 . 2009-02-23 21:10 -------- d-----w- c:\programdata\Google Updater
2009-11-01 10:09 . 2009-09-27 19:16 -------- d-----w- c:\program files\iTunes
2009-11-01 10:09 . 2009-02-22 09:28 -------- d-----w- c:\program files\Common Files\Apple
2009-10-30 08:07 . 2009-02-21 22:45 -------- d-----w- c:\users\Paul\AppData\Roaming\Azureus
2009-10-30 04:12 . 2009-02-21 21:34 -------- d-----w- c:\users\Paul\AppData\Roaming\LimeWire
2009-10-28 17:26 . 2009-02-23 19:48 -------- d-----w- c:\programdata\Lx_cats
2009-10-28 13:58 . 2009-10-28 13:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-22 17:18 . 2008-03-25 14:26 -------- d-----w- c:\programdata\Microsoft Help
2009-10-21 22:24 . 2009-02-19 17:28 156120 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-21 19:30 . 2008-03-25 14:28 -------- d-----w- c:\program files\Microsoft Works
2009-10-21 15:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-10-21 14:16 . 2009-02-24 21:34 -------- d-----w- c:\users\Paul\AppData\Roaming\dvdcss
2009-10-20 17:37 . 2008-03-25 13:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 16:13 . 2009-10-20 16:12 -------- d-----w- c:\program files\Common Files\DAO
2009-10-18 09:07 . 2009-04-13 21:08 -------- d-----w- c:\program files\LimeWire
2009-10-17 11:39 . 2008-03-25 14:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-16 23:29 . 2009-03-09 17:47 -------- d-----w- c:\users\Paul\AppData\Roaming\CyberLink
2009-10-15 15:09 . 2009-07-07 20:34 -------- d-----w- c:\program files\Windows Live
2009-10-15 15:03 . 2009-07-07 20:34 -------- d-----w- c:\program files\Microsoft
2009-10-14 17:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 11:21 . 2009-03-09 18:32 -------- d-----w- c:\program files\Glary Utilities
2009-10-13 07:18 . 2009-03-10 05:41 -------- d-----w- c:\users\Paul\AppData\Roaming\GlarySoft
2009-10-12 22:54 . 2008-03-25 13:43 -------- d-----w- c:\program files\Acer GameZone
2009-10-12 22:21 . 2009-02-21 16:23 -------- d-----w- c:\program files\DVDFab 5
2009-10-12 22:21 . 2009-02-21 16:23 -------- d-----w- c:\users\Paul\AppData\Roaming\Vso
2009-10-12 21:33 . 2009-02-22 10:17 680 ----a-w- c:\users\Paul\AppData\Local\d3d9caps.dat
2009-10-12 07:25 . 2009-02-21 16:09 -------- d-----w- c:\programdata\Symantec
2009-10-11 20:00 . 2009-10-11 20:00 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-11 20:00 . 2009-10-11 20:00 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-11 19:32 . 2009-07-06 15:41 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-10-02 22:55 . 2009-02-21 22:44 -------- d-----w- c:\program files\Vuze
2009-09-30 22:23 . 2009-08-17 11:58 -------- d-----w- c:\program files\Cheat Engine
2009-09-27 20:56 . 2009-09-27 20:56 -------- d-----w- c:\program files\AutoHotkey
2009-09-25 02:10 . 2009-10-28 11:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-28 11:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-28 11:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-28 11:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-28 11:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-28 11:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-28 11:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-28 11:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-28 11:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-28 11:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:32 . 2009-10-28 11:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-28 11:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-28 11:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-28 11:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-28 11:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-28 11:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-28 11:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-28 11:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-10-28 11:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-10-28 11:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-28 11:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-28 11:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-28 11:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-15 17:36 . 2009-09-15 17:36 -------- d-----w- c:\users\Paul\AppData\Roaming\Printer Info Cache
2009-09-15 17:36 . 2009-09-15 17:36 -------- d-----w- c:\users\Paul\AppData\Roaming\Image Zone Express
2009-09-15 17:35 . 2009-09-15 11:52 -------- d-----w- c:\users\Paul\AppData\Roaming\HP
2009-09-15 14:08 . 2009-02-22 09:31 -------- d-----w- c:\users\Paul\AppData\Roaming\Apple Computer
2009-09-15 13:40 . 2009-09-15 11:40 -------- d-----w- c:\programdata\HP
2009-09-15 11:53 . 2009-09-15 11:42 164284 ----a-w- c:\windows\hpoins19.dat
2009-09-15 11:52 . 2009-09-15 11:52 -------- d-----w- c:\programdata\WEBREG
2009-09-15 11:51 . 2009-09-15 11:51 -------- d-----w- c:\programdata\HPSSUPPLY
2009-09-15 11:51 . 2009-09-15 11:43 -------- d-----w- c:\program files\HP
2009-09-15 11:51 . 2009-09-15 11:47 -------- d-----w- c:\program files\Common Files\HP
2009-09-15 11:47 . 2009-09-15 11:47 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-09-15 11:47 . 2009-09-15 11:47 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-12 08:43 . 2009-09-12 08:41 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 08:40 . 2009-09-12 08:39 -------- d-----w- c:\program files\QuickTime
2009-09-10 18:37 . 2009-02-23 16:45 -------- d-----w- c:\programdata\NOS
2009-09-09 22:26 . 2009-07-07 19:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 00:27 . 2009-09-02 22:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 22:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 11:41 . 2009-02-21 15:50 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-27 05:22 . 2009-10-21 22:48 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-21 22:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-21 22:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-21 22:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-09 19:07 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 19:07 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 19:07 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 19:07 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 19:07 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 19:07 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 19:07 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 19:07 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 19:07 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 19:07 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 19:07 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-07 18:27 . 2009-04-06 00:19 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-07 18:27 . 2009-05-12 16:25 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Window Arrangment on Splitted Screen"="c:\program files\Acer Inc\Acer GridVista\GridVistaULH.exe" [2008-03-05 387592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"E09DXLRD_1727367"="c:\program files\Microsoft Encarta\Encarta 2009 - Enzyklopaedie DVD\EDICT.EXE" [2008-09-20 351000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-24 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-01-24 1826816]

c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" /s
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f8,1c,35,9d,60,e6,c9,01

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [11.10.2009 21:00 310320]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [11.10.2009 21:00 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091028.004\IDSvix86.sys [28.10.2009 23:37 343088]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [19.02.2009 18:31 41456]
R2 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [11.10.2009 21:00 259632]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe [11.10.2009 20:59 117640]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [19.02.2009 18:45 233472]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18.10.2009 10:00 1153368]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [06.04.2009 01:19 604488]
R2 WTGService;WTGService;c:\program files\3DataManager\WTGService.exe [10.05.2009 18:15 267720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16.10.2009 09:39 102448]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 07:40 3668480]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [11.10.2009 21:00 48688]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [25.03.2008 21:59 43008]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06.09.2009 05:06 169312]
S2 gupdate1c995fb5741ab57;Google Update Service (gupdate1c995fb5741ab57);c:\program files\Google\Update\GoogleUpdate.exe [23.02.2009 22:11 133104]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdeserv.exe [29.05.2007 14:06 99248]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.03.2009 15:28 1533808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [25.03.2008 21:59 179712]
S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.01.2008 03:23 21504]
S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [24.03.2009 12:03 12648]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\System32\drivers\copperhd.sys [27.02.2009 21:34 11596]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Inhalt des "geplante Tasks" Ordners

2009-11-02 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-15 10:07]

2009-11-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-09 17:27]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 21:11]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 21:11]

2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{54C5255A-F2DC-4B80-BB52-3A40720F7386}.job
- c:\windows\system32\msfeedssync.exe [2009-10-21 03:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.orf.at/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.orf.at/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)



**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-67386191-2426360508-2556992975-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:4e,9b,c2,2d,b5,ea,56,2a,cd,08,6d,31,aa,55,40,7d,de,28,0e,06,1d,
c2,a0,85,58,73,c9,92,30,25,a5,19,24,90,04,ec,30,c9,0c,bc,9c,e9,39,f4,a2,cb,\
"rkeysecu"=hex:aa,48,7a,6f,e1,c6,da,07,36,b8,76,1f,69,ec,b5,14

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2009-11-02 20:07
ComboFix-quarantined-files.txt 2009-11-02 19:07

Vor Suchlauf: 10 Verzeichnis(se), 23.770.701.824 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 23.684.096.000 Bytes frei

- - End Of File - - 04293A017B956754287DBD4B54CEE502

#6 >>
Combofix entfernen:
Windows Taste + R drücken
Kopiere rein: Combofix /U - klicke "OK"

(oder, wenn es nicht funktioniert: C:\QooBox löschen)

>>
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere in das weisse Feld:

Zitat

Files to delete:
c:\windows\system32\D3DCompiler_3732.dll
c:\windows\system32\C_ISCII32.dll

- schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

- Klicke: Execute

- bestätige, dass der Rechner neu gestartet wird - klicke "yes"
- nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen

>>
loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

>>
Deinstalliere über Start --> Systemsteuerung --> Software:
DAEMON Tools Lite

>>
Erstelle ein Gmer Report:
Lade es von hier http://www.gmer.net/download.php starte die Datei, druecke im Reiter Rootkits auf scan. Nach ende des Scans bitte mit Hilfe von Copy den Report in den eigenen Thread einfuegen...

Zitat

Um Gmer unter Vista(32 Bit) nutzen zu koennen muss man es als Administrator starten. Also rechte Maustaste auf die heruntergeladenen Exedatei und "Als Administrator ausfuehren" waehlen.

>>
wende bitte RSIT an + poste die zwei Logs
http://virus-protect.org/artikel/tools/random.html
[/u]

#7 Hallo,

ich hab das leider verabsäumt, aber wollte mich nochmal recht herzlich für die tolle Hilfe bedanken!


VIELEN DANK