Wie fixe ich den Lovgate (Lovegate)-Wurm unter Vista?

proda

Hallo,
ich habe jetzt CCleaner und ComboFix laufen lassen.

SDFix funktioniert im abgesicherten Modus nicht - es erscheint nur ganz kurz ein blaues Kästchen, das sich gleich wieder schließt. Danach passiert nichts mehr. Ist es okay, das Programm nur im normalen Modus laufen zu lassen? Kann man aus den ganzen Logfiles denn irgendetwas in Bezug auf den Virus herauslesen?

Hier der ComboFix-Logfile:

ComboFix 09-02-21.01 - XXX 2009-02-22 11:07:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1982.1176 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled*
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((( Dateien erstellt von 2009-01-22 bis 2009-02-22 ))))))))))))))))))))))))))))))
.

2009-02-22 10:53 . 2009-02-22 10:53 <DIR> d-------- c:\program files\CCleaner
2009-02-21 17:47 . 2009-02-21 17:47 <DIR> d-------- c:\users\XXX\AppData\Roaming\TuneUp Software
2009-02-21 17:47 . 2009-02-21 17:47 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-02-21 17:47 . 2009-02-21 17:47 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-02-21 17:47 . 2009-02-21 17:47 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-02-21 17:47 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-02-21 17:47 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-02-21 17:46 . 2009-02-21 17:46 <DIR> d-------- c:\users\All Users\TuneUp Software
2009-02-21 17:46 . 2009-02-21 17:46 <DIR> d-------- c:\programdata\TuneUp Software
2009-02-21 17:45 . 2009-02-21 17:45 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-21 17:45 . 2009-02-21 17:45 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-21 17:25 . 2009-02-21 17:25 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-21 17:25 . 2009-02-21 17:25 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-21 17:25 . 2009-02-21 17:25 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-21 17:25 . 2009-02-21 17:25 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-21 17:25 . 2009-02-21 17:25 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-21 17:25 . 2009-02-21 17:25 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-21 17:25 . 2009-02-21 17:25 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-21 17:25 . 2009-02-21 17:25 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-21 15:10 . 2009-02-21 16:54 250 --a------ c:\windows\gmer.ini
2009-02-16 21:15 . 2009-02-16 21:15 <DIR> d-------- c:\users\XXX\AppData\Roaming\Malwarebytes
2009-02-16 21:10 . 2009-02-16 21:10 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-16 21:10 . 2009-02-16 21:10 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-16 19:04 . 2009-02-16 19:04 4,222 --a------ C:\netstat.ext
2009-02-12 01:14 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-12 01:14 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-12 01:14 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-12 01:14 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-12 01:14 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-12 01:14 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-12 01:14 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-12 01:14 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-12 01:08 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-12 01:08 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-12 01:08 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-12 01:08 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-12 01:07 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-12 01:06 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-12 01:06 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-12 01:06 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-12 01:06 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-12 01:06 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 09:13 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 09:13 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-09 01:56 . 2009-02-09 01:58 <DIR> d-------- c:\users\XXX\dwhelper
2009-02-09 01:02 . 2009-02-09 01:02 <DIR> d-------- c:\users\XXX\AppData\Roaming\vlc
2009-02-06 15:59 . 2009-02-06 15:59 <DIR> d-------- C:\VXIPNP
2009-02-06 15:59 . 2009-02-06 15:59 <DIR> d-------- c:\program files\National Instruments
2009-02-06 15:59 . 2009-02-06 16:41 <DIR> d-------- c:\program files\Dermalab USB
2009-02-06 15:58 . 2009-02-06 15:58 <DIR> d-------- C:\DlabUSB108
2009-02-06 15:58 . 2003-04-10 16:00 414,208 --a------ c:\windows\System32\ftdiunin.exe
2009-02-06 15:58 . 2004-04-20 11:05 57,404 --a------ c:\windows\System32\drivers\ftser2k.sys
2009-02-06 15:58 . 2004-04-14 14:32 51,821 --a------ c:\windows\System32\ftserui2.dll
2009-02-06 15:58 . 2004-04-16 16:15 36,864 --a------ c:\windows\System32\FTLang.dll
2009-02-06 15:58 . 2004-04-20 11:04 24,209 --a------ c:\windows\System32\drivers\ftdibus.sys
2009-02-06 15:58 . 2005-09-21 08:56 92 --a------ c:\windows\System32\ftdiun2k.ini

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 09:33 352,615 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-02-22 09:33 --------- d-----w c:\users\XXX\AppData\Roaming\WTablet
2009-02-21 16:40 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-21 16:40 --------- d-----w c:\program files\CyberLink
2009-02-21 16:31 --------- d-----w c:\program files\Common Files\Apple
2009-02-21 16:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-21 16:23 --------- d-----w c:\program files\Bonjour
2009-02-21 15:07 27,136 ----a-w c:\windows\Internet Logs\xDB755D.tmp
2009-02-21 14:54 2,206,208 ----a-w c:\windows\Internet Logs\xDB7944.tmp
2009-02-21 13:46 --------- d-----w c:\users\XXX\AppData\Roaming\EndNote
2009-02-18 19:45 142,944 ----a-w c:\users\XXX\AppData\Roaming\nvModes.dat
2009-02-16 13:31 --------- d-----w c:\program files\ImageJ
2009-02-16 00:00 --------- d-----w c:\program files\Total Video Converter
2009-02-13 16:08 --------- d-----w c:\program files\Windows Mail
2009-02-12 10:00 95,303 ----a-w c:\users\Administrator\AppData\Roaming\nvModes.dat
2009-02-12 09:45 --------- d-----w c:\users\Administrator\AppData\Roaming\WTablet
2009-02-05 17:47 2,713,600 ----a-w c:\windows\Internet Logs\xDBA7A3.tmp
2009-02-05 15:04 --------- d-----w c:\users\XXX\AppData\Roaming\skypePM
2009-02-05 11:35 --------- d-----w c:\users\XXX\AppData\Roaming\Skype
2009-02-04 08:25 --------- d-----w c:\users\XXX\AppData\Roaming\ICQ
2009-01-23 22:05 --------- d-----w c:\users\XXX\AppData\Roaming\Audacity
2009-01-18 14:32 --------- d-----w c:\users\XXX\AppData\Roaming\uTorrent
2009-01-18 11:21 --------- d-----w c:\program files\Common Files\TerraTec
2009-01-15 12:49 --------- d-----w c:\programdata\FLEXnet
2009-01-14 22:18 3,710,464 ----a-w c:\windows\Internet Logs\xDB7270.tmp
2009-01-09 15:41 --------- d-----w c:\users\XXX\AppData\Roaming\U3
2009-01-09 14:12 --------- d-----w c:\program files\PokerTH
2009-01-09 13:54 --------- d-----w c:\users\XXX\AppData\Roaming\pokerth
2009-01-08 12:53 --------- d-----w c:\program files\Smart PC Solutions
2009-01-02 10:49 --------- d-----w c:\users\XXX\AppData\Roaming\Apple Computer
2009-01-02 10:49 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-02 10:49 --------- d-----w c:\program files\iTunes
2009-01-02 10:49 --------- d-----w c:\program files\iPod
2009-01-02 10:48 --------- d-----w c:\programdata\Apple Computer
2009-01-02 10:47 --------- d-----w c:\program files\QuickTime
2008-12-27 01:32 --------- d-----w c:\users\Administrator\AppData\Roaming\vlc
2008-11-27 16:42 3,421,593 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-11-22 20:26 15,730,208 ----a-w c:\program files\Install_ICQ6.exe
2008-07-29 13:07 174 --sha-w c:\program files\desktop.ini
2008-07-15 07:52 156 ----a-w c:\users\XXX\AppData\Roaming\wklnhst.dat
2008-03-18 11:32 66,848 ----a-w c:\users\XXX\filter.exe
2008-03-03 22:19 22 --sha-w c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-01 671744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-29 185640]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-10 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-08-23 17:36 455968 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-09-27 16:05 202032 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{708C4927-9612-420E-932F-F779AFC2FBAE}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{EC48D00F-A149-48B1-AE42-CED93BE97351}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{57B6EBA2-8639-422F-98BB-7B00D0A307E5}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{DC2670E5-AB27-4F99-97C3-BB1A61B7A4C2}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{A94049E1-5E5D-42D8-87AC-A6DF1D921D93}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{1B7E2D8B-508E-4349-A454-4E19A513FDB3}c:\\program files\\imagej\\jre\\bin\\javaw.exe"= UDP:c:\program files\imagej\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{E8A6FAC0-F599-45DA-86BE-F47337650B2A}c:\\program files\\imagej\\jre\\bin\\javaw.exe"= TCP:c:\program files\imagej\jre\bin\javaw.exe:Java(TM) Platform SE binary
"{38B010AE-836F-4A4A-9E1E-5E4C63DAB8CF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{AAFD83D1-341C-40C5-BE2B-669FF1A5C98B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{141CB9DC-D24E-45BD-8F70-FFA32005EE73}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D6F74F9B-58AB-4CBF-9E4E-FD481AB59AE3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1C15979D-F53F-4D3D-84E3-CCD8D089FF9A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{CD3EF667-D925-4501-BD17-6430F97F21BC}"= Disabled:UDP:E:\fsetup.exe:AVM FSetup Application
"{8F47D0F7-4AEE-42ED-8814-2B0951105B77}"= Disabled:TCP:E:\fsetup.exe:AVM FSetup Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2007-12-25 1369384]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-21 603904]
R2 WacomTouchService;Wacom Touch Service;c:\windows\System32\WacomTouchService.exe [2007-12-25 95528]
R3 Wacomhidfilter;Wacom HID Filter;c:\windows\System32\drivers\wacomhidfilter.sys [2007-11-05 10536]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\System32\drivers\WacomVTHid.sys [2007-02-22 11312]
S4 MTBService;MTB Server;c:\program files\Carl Zeiss\MTB 2004\MTB Server Console\MTBService.exe [2008-05-08 20480]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46db2071-d800-11dd-b649-001e68154e06}]
\shell\AutoRun\command - H:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aeb31c55-9692-11dd-817e-001e68154e06}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd9b291c-e9d6-11dc-9aac-001e68154e06}]
\shell\AutoRun\command - G:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners

2009-02-22 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:07]

2009-02-22 c:\windows\Tasks\User_Feed_Synchronization-{30741A1E-00C0-4BAB-977C-81FDD100179D}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

2009-02-22 c:\windows\Tasks\User_Feed_Synchronization-{A969AF52-1E27-4DB6-91BB-5F0E6FCAB73D}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-TerraTec Remote Control - c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
MSConfigStartUp-UCam_Menu - c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\programme\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {09AD5BB8-4AEC-4314-8000-24C2FD9DA943} = 10.249.13.1,10.249.8.5
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\8oqj3g0z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.de/webmail
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 11:10:31
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2009-02-22 11:12:57
ComboFix-quarantined-files.txt 2009-02-22 10:12:53

Vor Suchlauf: 27 Verzeichnis(se), 71.929.573.376 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 71,590,559,744 Bytes frei

245 --- E O F --- 2009-02-20 15:15:37