Trojaner-Board - Habe Cyber Security auf dem PC was nun? HILFE

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Habe Cyber Security auf dem PC was nun? HILFE (https://www.trojaner-board.de/78202-habe-cyber-security-pc-hilfe.html)

Und was ist mit dem Taskmanager? Außerdem glaub ich noch nicht ganz, dass Du überm Berg bist. Ich will das Combofix-Log sehen!

ich bekomme antivir nicht ausgeschaltet? kannst du mir sagen wie es geht?

Normalerweise reicht es, den Regenschirm einzuklappen ;)
Du hast im Systemtray (bei der Uhr in der Taskleiste) von AntiVir ein rotes Symbol mit Regenschirm, per Rechtsklick den Wächter deaktivieren - dann ist der Regenschirm auch eingeklappt.

das reicht ihm leider nicht

Normalerweise sollte das reichen. Kannst Du die Meldung nicht ignorieren?

ComboFix 09-10-10.02 - Mandy 11.10.2009 13:55.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1169 [GMT 2:00]
ausgeführt von:: c:\users\Mandy\Desktop\Cofi.exe
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2589176853-53505105-1486268300-500
c:\$recycle.bin\S-1-5-21-4166659471-477811567-471052203-500
c:\windows\Installer\8efd0.msi
c:\windows\system32\setup.exe.tmp

.
((((((((((((((((((((((( Dateien erstellt von 2009-09-11 bis 2009-10-11 ))))))))))))))))))))))))))))))
.

2009-10-11 12:20 . 2009-10-11 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-10 15:33 . 2009-10-11 09:04 -------- d-----w- C:\Lop SD
2009-10-08 18:36 . 2009-10-08 18:37 -------- d-----w- C:\rsit
2009-10-08 14:31 . 2009-10-08 14:31 -------- d-----w- c:\program files\Trend Micro
2009-10-08 14:27 . 2009-10-08 14:27 -------- d-----w- c:\users\Mandy\AppData\Roaming\Malwarebytes
2009-10-08 14:27 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 14:27 . 2009-10-08 14:27 -------- d-----w- c:\programdata\Malwarebytes
2009-10-08 14:27 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-08 14:27 . 2009-10-08 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-08 14:17 . 2009-10-08 14:17 -------- d-----w- c:\program files\CCleaner
2009-10-08 10:02 . 2009-10-08 10:02 -------- d-----w- c:\program files\Enigma Software Group
2009-10-07 18:45 . 2009-10-07 18:45 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-07 18:28 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-07 18:28 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-07 18:28 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-07 18:28 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-07 18:28 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-07 18:28 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-07 18:28 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-07 18:28 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-03 12:18 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 06:31 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 06:31 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-02 06:31 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-02 06:31 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-02 06:30 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-02 06:30 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-02 06:30 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-02 06:29 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-02 06:29 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-01 18:21 . 2009-10-01 18:21 582 ----a-w- c:\windows\eReg.dat
2009-10-01 18:04 . 2009-10-07 12:56 -------- d-----w- c:\program files\Maxis
2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\ca-ES
2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\eu-ES
2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\vi-VN
2009-09-24 19:25 . 2009-09-24 19:25 -------- d-----w- c:\windows\system32\EventProviders
2009-09-24 07:06 . 2009-04-11 06:28 677376 ----a-w- c:\windows\system32\imapi2fs.dll
2009-09-24 07:05 . 2009-04-11 06:28 310272 ----a-w- c:\windows\system32\mtxclu.dll
2009-09-24 07:04 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-24 07:04 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-24 07:04 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-24 07:04 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-24 07:04 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-24 07:04 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-24 07:04 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-24 07:04 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-24 07:04 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-24 07:04 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-24 07:04 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-18 19:16 . 2008-12-02 06:40 28672 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI.exe
2009-09-18 19:16 . 2008-12-01 11:29 16896 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI64.exe
2009-09-18 19:16 . 2008-12-01 11:29 14336 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI32.exe
2009-09-18 19:16 . 2008-06-09 02:38 139264 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGAutorunService.exe
2009-09-18 19:16 . 2008-06-09 02:37 126976 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGAutoRunSvcTerminate.exe
2009-09-18 19:16 . 2009-01-27 06:28 3817737 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\VTP V2.3.20.2500 Compressed Embedded Setup.exe
2009-09-18 19:16 . 2008-04-01 09:15 20480 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\SendScsiCmd.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 11:56 . 2007-12-26 17:38 -------- d-----w- c:\users\Mandy\AppData\Roaming\Skype
2009-10-11 10:55 . 2007-08-20 01:14 45056 ----a-w- c:\windows\system32\acovcnt.exe
2009-10-11 10:54 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-11 09:35 . 2007-12-26 17:39 -------- d-----w- c:\users\Mandy\AppData\Roaming\skypePM
2009-10-09 07:28 . 2007-04-18 09:14 621952 ----a-w- c:\windows\system32\perfh007.dat
2009-10-09 07:28 . 2007-04-18 09:14 123658 ----a-w- c:\windows\system32\perfc007.dat
2009-10-08 17:30 . 2007-12-16 20:45 -------- d-----w- c:\program files\ICQToolbar
2009-10-08 15:40 . 2008-02-19 17:18 -------- d-----w- c:\program files\eMule.de 0.48a v18
2009-10-08 15:39 . 2008-01-19 14:51 -------- d-----w- c:\program files\Java
2009-10-07 18:53 . 2009-08-29 18:07 -------- d-----w- c:\program files\RTL3DSoftware20
2009-10-01 18:05 . 2007-08-20 00:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-24 20:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-18 19:21 . 2008-08-13 18:55 -------- d-----w- c:\users\Mandy\AppData\Roaming\LG Electronics
2009-09-10 16:51 . 2007-08-19 23:37 -------- d-----w- c:\programdata\Microsoft Help
2009-08-29 00:27 . 2009-09-03 06:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 06:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-16 19:57 . 2009-08-14 10:47 -------- d-----w- c:\programdata\LGMOBILEAX
2009-08-14 16:27 . 2009-09-09 18:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 18:01 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 18:01 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 18:01 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 18:01 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 18:01 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 18:01 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 18:01 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 18:01 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 18:01 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 18:01 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 10:49 . 2009-08-14 10:49 -------- d-----w- c:\program files\DIFX
2009-08-14 10:49 . 2009-08-14 10:49 -------- d-----w- c:\program files\infineon
2009-08-14 10:44 . 2009-08-14 10:44 -------- d--h--w- c:\users\Mandy\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2009-08-14 10:44 . 2008-08-13 17:54 -------- d-----w- c:\program files\LG Electronics
2009-08-05 19:58 . 2009-03-19 10:43 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 10:29 . 2009-08-10 19:42 43008 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-08-05 10:29 . 2009-08-10 19:42 340480 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-08-05 10:28 . 2009-08-10 19:42 346112 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-18 16:01 . 2009-07-28 19:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-07-28 19:17 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 13:54 . 2009-08-12 19:45 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 19:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 19:45 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 19:45 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 19:45 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-05-03 14:04 . 2008-01-26 12:56 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-05-03 14:04 . 2008-01-26 12:56 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-05-03 14:04 . 2008-01-26 12:56 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-05-03 14:04 . 2008-01-26 12:56 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-05-03 14:04 . 2008-01-26 12:56 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-09-11 339240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-22 110592]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"eMuleAutoStart"=c:\program files\eMule.de 0.48a v18\emule.exe -AutoStart
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PowerForPhone"=c:\program files\PowerForPhone\PowerForPhone.exe
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"ASUS Camera ScreenSaver"=c:\windows\ASScrProlog.exe
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" -s
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
"UpdatesDisableNotify"=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):65,9c,83,f5,53,3d,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{607A967E-81BC-4E36-8FCF-DBFD6086F094}c:\\program files\\dancing dots\\isabell werth - reitsport\\autorun.exe"= UDP:c:\program files\dancing dots\isabell werth - reitsport\autorun.exe:Ride Autorun
"UDP Query User{09303700-F31E-4530-BE2D-AAC1B928FC83}c:\\program files\\dancing dots\\isabell werth - reitsport\\autorun.exe"= TCP:c:\program files\dancing dots\isabell werth - reitsport\autorun.exe:Ride Autorun
"TCP Query User{C6A6B932-BBBB-4C85-8122-8DA8765047A3}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{6151AB50-020C-44AB-9392-0FC56122E76D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{D3FA9973-708A-4706-BFAD-EB8035EA3C8E}e:\\autorun.exe"= UDP:E:\autorun.exe:Ride Autorun
"UDP Query User{26ACEAFF-855C-4CBD-B943-D43EB8C96036}e:\\autorun.exe"= TCP:E:\autorun.exe:Ride Autorun
"TCP Query User{F8C28AAA-08FE-4BC9-9D26-E3705E645814}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{93580DFE-B135-4ECE-A017-1DF5253B5B2C}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{6A4122D7-006C-4093-86F4-F16E28EE999B}c:\\program files\\emule.de 0.48a v18\\emule.exe"= UDP:c:\program files\emule.de 0.48a v18\emule.exe:eMule
"UDP Query User{BD912133-AE08-493D-BA98-C7F191E5D350}c:\\program files\\emule.de 0.48a v18\\emule.exe"= TCP:c:\program files\emule.de 0.48a v18\emule.exe:eMule
"{0F9E4443-3710-4617-B6E0-88C494D5956E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B15A32A7-85EF-40BD-9705-B4EE82FFABD5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{11405F11-0950-41AF-BF65-EBAAD78FAE72}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{642AEFF3-F93F-4988-95DD-EDDF902627BD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3E74388B-A677-4040-8A4D-6144017F2E99}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6EA4F73C-30CB-4C0B-BF9E-D18D9C4BD95D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FC6947F3-E635-4A3D-94E3-336B0F777B69}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0ED03026-0071-40ED-B06C-2FF3F0E216B1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{684F7A0A-9781-4ACB-99BD-E1D6B4649C10}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{983A2877-7952-4482-A3E9-615241FED4E1}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7C7D5900-496F-4EF9-AAA7-8E53D3DF1F6C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7DA32F7E-4162-4792-A68E-8FE544535047}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{6F78B03B-0214-4099-8BB2-FA87A6CAC53F}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{38084292-A0B1-4868-A13E-94914993F038}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{EEDA8DBE-C79D-48EB-AA95-17B7A7686350}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{906EE044-1E19-43AC-8A49-D52B7984409C}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{4E3EE0EB-0B71-4BBC-8F85-660AAE2706C2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E0341922-BA02-499B-85A5-9DDBF2DD2E71}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A5A72AB7-6EC0-4603-8A62-B705A55633E6}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{37162120-3C4A-4EAE-AE61-6BF377AA6592}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{C66FF8EE-2574-45B9-86B4-BCC6F0D80717}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{CF94D5F1-7BE9-4D6E-8C2B-B7AE914AFD86}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"{54472988-66AD-4CFB-A81D-E190BB683EDF}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{C346AAB3-4751-4BA1-8D5C-5ABCA52B4DE3}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{71612D9A-19DA-4E8F-920B-2E859A1B5E25}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{2020B5AB-2DF0-436C-A347-01D6BE9051D8}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{2B832498-5069-433E-BAC1-26A0BECE63A6}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{4F55887F-14FF-42F4-8E6B-0B10AD2C5BED}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{C83A614F-4A58-42B2-B32B-1C323EEF9B19}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{CAE14950-0C23-4A1B-8F90-C39212FEA6F2}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{EA26AE4B-363D-410D-AA9E-57CC39B53087}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{3ED01330-C6DB-41A5-B2A2-A0E33F235627}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{621CA3FB-957B-4A24-8CE3-20D3156ABC8F}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [19.03.2009 12:43 108289]
S2 gupdate1c9a5a5badcef30;Google Update Service (gupdate1c9a5a5badcef30);c:\program files\Google\Update\GoogleUpdate.exe [15.03.2009 21:39 133104]
S3 FlashUSB;FlashUSB;c:\windows\System32\drivers\FlashUsb.sys [14.08.2009 12:49 16896]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\System32\drivers\SIVX32.sys [24.02.2007 07:27 19944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 19:39]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 19:39]
.
.

------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - Ostseewelle HIT-RADIO Mecklenburg-Vorpommern
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpSmartWebPrinting.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-11 14:20
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

C:\ADSM_PData_0150

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2009-10-11 14:25
ComboFix-quarantined-files.txt 2009-10-11 12:25

Vor Suchlauf: 14 Verzeichnis(se), 49.089.028.096 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 48.968.069.120 Bytes frei

332 --- E O F --- 2009-10-09 07:05

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. (Deine XXX mit dem richtigen Namen wieder ersetzen!!)

Code:

KILLALL::
 

Registry::

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"eMuleAutoStart"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=-

"FirewallOverride"=-

"UpdatesDisableNotify"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"=-
 

File::

c:\windows\system32\acovcnt.exe

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die ComboFix.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ComboFix 09-10-10.02 - Mandy 11.10.2009 17:59.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1036 [GMT 2:00]
ausgeführt von:: c:\users\Mandy\Desktop\Combofix.exe
Benutzte Befehlsschalter :: c:\users\Mandy\Desktop\CFScript.txt
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\acovcnt.exe"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((( Dateien erstellt von 2009-09-11 bis 2009-10-11 ))))))))))))))))))))))))))))))
.

2009-10-11 16:06 . 2009-10-11 16:11 -------- d-----w- c:\users\Mandy\AppData\Local\temp
2009-10-11 16:06 . 2009-10-11 16:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-11 16:06 . 2009-10-11 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-11 14:35 . 2009-10-11 14:35 -------- d-----w- C:\Cofi
2009-10-10 15:33 . 2009-10-11 09:04 -------- d-----w- C:\Lop SD
2009-10-08 18:36 . 2009-10-08 18:37 -------- d-----w- C:\rsit
2009-10-08 14:31 . 2009-10-08 14:31 -------- d-----w- c:\program files\Trend Micro
2009-10-08 14:27 . 2009-10-08 14:27 -------- d-----w- c:\users\Mandy\AppData\Roaming\Malwarebytes
2009-10-08 14:27 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 14:27 . 2009-10-08 14:27 -------- d-----w- c:\programdata\Malwarebytes
2009-10-08 14:27 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-08 14:27 . 2009-10-08 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-08 14:17 . 2009-10-08 14:17 -------- d-----w- c:\program files\CCleaner
2009-10-08 10:02 . 2009-10-08 10:02 -------- d-----w- c:\program files\Enigma Software Group
2009-10-07 18:45 . 2009-10-07 18:45 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-07 18:28 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-07 18:28 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-07 18:28 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-07 18:28 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-07 18:28 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-07 18:28 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-07 18:28 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-07 18:28 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-03 12:18 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 06:31 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 06:31 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-02 06:31 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-02 06:31 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-02 06:30 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-02 06:30 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-02 06:30 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-02 06:29 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-02 06:29 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-01 18:21 . 2009-10-01 18:21 582 ----a-w- c:\windows\eReg.dat
2009-10-01 18:04 . 2009-10-07 12:56 -------- d-----w- c:\program files\Maxis
2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\ca-ES
2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\eu-ES
2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\vi-VN
2009-09-24 19:25 . 2009-09-24 19:25 -------- d-----w- c:\windows\system32\EventProviders
2009-09-24 07:06 . 2009-04-11 06:28 677376 ----a-w- c:\windows\system32\imapi2fs.dll
2009-09-24 07:05 . 2009-04-11 06:28 310272 ----a-w- c:\windows\system32\mtxclu.dll
2009-09-24 07:04 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-24 07:04 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-24 07:04 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-24 07:04 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-24 07:04 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-24 07:04 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-24 07:04 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-24 07:04 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-24 07:04 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-24 07:04 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-24 07:04 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-18 19:16 . 2008-12-02 06:40 28672 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI.exe
2009-09-18 19:16 . 2008-12-01 11:29 16896 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI64.exe
2009-09-18 19:16 . 2008-12-01 11:29 14336 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI32.exe
2009-09-18 19:16 . 2008-06-09 02:38 139264 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGAutorunService.exe
2009-09-18 19:16 . 2008-06-09 02:37 126976 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGAutoRunSvcTerminate.exe
2009-09-18 19:16 . 2009-01-27 06:28 3817737 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\VTP V2.3.20.2500 Compressed Embedded Setup.exe
2009-09-18 19:16 . 2008-04-01 09:15 20480 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\SendScsiCmd.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 16:07 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-11 15:56 . 2007-12-26 17:38 -------- d-----w- c:\users\Mandy\AppData\Roaming\Skype
2009-10-11 14:07 . 2007-12-26 17:39 -------- d-----w- c:\users\Mandy\AppData\Roaming\skypePM
2009-10-09 07:28 . 2007-04-18 09:14 621952 ----a-w- c:\windows\system32\perfh007.dat
2009-10-09 07:28 . 2007-04-18 09:14 123658 ----a-w- c:\windows\system32\perfc007.dat
2009-10-08 17:30 . 2007-12-16 20:45 -------- d-----w- c:\program files\ICQToolbar
2009-10-08 15:40 . 2008-02-19 17:18 -------- d-----w- c:\program files\eMule.de 0.48a v18
2009-10-08 15:39 . 2008-01-19 14:51 -------- d-----w- c:\program files\Java
2009-10-07 18:53 . 2009-08-29 18:07 -------- d-----w- c:\program files\RTL3DSoftware20
2009-10-01 18:05 . 2007-08-20 00:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-24 20:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-18 19:21 . 2008-08-13 18:55 -------- d-----w- c:\users\Mandy\AppData\Roaming\LG Electronics
2009-09-10 16:51 . 2007-08-19 23:37 -------- d-----w- c:\programdata\Microsoft Help
2009-08-29 00:27 . 2009-09-03 06:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 06:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-16 19:57 . 2009-08-14 10:47 -------- d-----w- c:\programdata\LGMOBILEAX
2009-08-14 16:27 . 2009-09-09 18:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 18:01 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 18:01 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 18:01 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 18:01 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 18:01 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 18:01 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 18:01 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 18:01 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 18:01 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 18:01 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 10:49 . 2009-08-14 10:49 -------- d-----w- c:\program files\DIFX
2009-08-14 10:49 . 2009-08-14 10:49 -------- d-----w- c:\program files\infineon
2009-08-14 10:44 . 2009-08-14 10:44 -------- d--h--w- c:\users\Mandy\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2009-08-14 10:44 . 2008-08-13 17:54 -------- d-----w- c:\program files\LG Electronics
2009-08-05 19:58 . 2009-03-19 10:43 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 10:29 . 2009-08-10 19:42 43008 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-08-05 10:29 . 2009-08-10 19:42 340480 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-08-05 10:28 . 2009-08-10 19:42 346112 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-18 16:01 . 2009-07-28 19:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-07-28 19:17 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 13:54 . 2009-08-12 19:45 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 19:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 19:45 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 19:45 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 19:45 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-05-03 14:04 . 2008-01-26 12:56 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-05-03 14:04 . 2008-01-26 12:56 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-05-03 14:04 . 2008-01-26 12:56 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-05-03 14:04 . 2008-01-26 12:56 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-05-03 14:04 . 2008-01-26 12:56 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-11_12.20.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-18 08:46 . 2009-10-11 16:11 62422 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-11 16:11 85280 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-13 12:02 . 2009-10-11 16:11 14142 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2589176853-53505105-1486268300-1000_UserData.bin
+ 2007-12-13 11:59 . 2009-10-11 16:08 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-13 11:59 . 2009-10-11 11:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-13 11:59 . 2009-10-11 16:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-13 11:59 . 2009-10-11 11:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-13 11:59 . 2009-10-11 11:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-13 11:59 . 2009-10-11 16:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-18 19:31 . 2009-10-11 16:07 3650 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-10-11 10:55 . 2009-10-11 10:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-11 16:08 . 2009-10-11 16:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-11 16:08 . 2009-10-11 16:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-11 10:55 . 2009-10-11 10:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-09-11 339240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-22 110592]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PowerForPhone"=c:\program files\PowerForPhone\PowerForPhone.exe
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"ASUS Camera ScreenSaver"=c:\windows\ASScrProlog.exe
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" -s
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):65,9c,83,f5,53,3d,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{607A967E-81BC-4E36-8FCF-DBFD6086F094}c:\\program files\\dancing dots\\isabell werth - reitsport\\autorun.exe"= UDP:c:\program files\dancing dots\isabell werth - reitsport\autorun.exe:Ride Autorun
"UDP Query User{09303700-F31E-4530-BE2D-AAC1B928FC83}c:\\program files\\dancing dots\\isabell werth - reitsport\\autorun.exe"= TCP:c:\program files\dancing dots\isabell werth - reitsport\autorun.exe:Ride Autorun
"TCP Query User{C6A6B932-BBBB-4C85-8122-8DA8765047A3}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{6151AB50-020C-44AB-9392-0FC56122E76D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{D3FA9973-708A-4706-BFAD-EB8035EA3C8E}e:\\autorun.exe"= UDP:E:\autorun.exe:Ride Autorun
"UDP Query User{26ACEAFF-855C-4CBD-B943-D43EB8C96036}e:\\autorun.exe"= TCP:E:\autorun.exe:Ride Autorun
"TCP Query User{F8C28AAA-08FE-4BC9-9D26-E3705E645814}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{93580DFE-B135-4ECE-A017-1DF5253B5B2C}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{6A4122D7-006C-4093-86F4-F16E28EE999B}c:\\program files\\emule.de 0.48a v18\\emule.exe"= UDP:c:\program files\emule.de 0.48a v18\emule.exe:eMule
"UDP Query User{BD912133-AE08-493D-BA98-C7F191E5D350}c:\\program files\\emule.de 0.48a v18\\emule.exe"= TCP:c:\program files\emule.de 0.48a v18\emule.exe:eMule
"{0F9E4443-3710-4617-B6E0-88C494D5956E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B15A32A7-85EF-40BD-9705-B4EE82FFABD5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{11405F11-0950-41AF-BF65-EBAAD78FAE72}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{642AEFF3-F93F-4988-95DD-EDDF902627BD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3E74388B-A677-4040-8A4D-6144017F2E99}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6EA4F73C-30CB-4C0B-BF9E-D18D9C4BD95D}"= UDP:c:\program files\iTunes

\iTunes.exe:iTunes
"{FC6947F3-E635-4A3D-94E3-336B0F777B69}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0ED03026-0071-40ED-B06C-2FF3F0E216B1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{684F7A0A-9781-4ACB-99BD-E1D6B4649C10}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{983A2877-7952-4482-A3E9-615241FED4E1}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7C7D5900-496F-4EF9-AAA7-8E53D3DF1F6C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7DA32F7E-4162-4792-A68E-8FE544535047}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{6F78B03B-0214-4099-8BB2-FA87A6CAC53F}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{38084292-A0B1-4868-A13E-94914993F038}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{EEDA8DBE-C79D-48EB-AA95-17B7A7686350}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{906EE044-1E19-43AC-8A49-D52B7984409C}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{4E3EE0EB-0B71-4BBC-8F85-660AAE2706C2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E0341922-BA02-499B-85A5-9DDBF2DD2E71}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A5A72AB7-6EC0-4603-8A62-B705A55633E6}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{37162120-3C4A-4EAE-AE61-6BF377AA6592}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{C66FF8EE-2574-45B9-86B4-BCC6F0D80717}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{CF94D5F1-7BE9-4D6E-8C2B-B7AE914AFD86}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"{54472988-66AD-4CFB-A81D-E190BB683EDF}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{C346AAB3-4751-4BA1-8D5C-5ABCA52B4DE3}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{71612D9A-19DA-4E8F-920B-2E859A1B5E25}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{2020B5AB-2DF0-436C-A347-01D6BE9051D8}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{2B832498-5069-433E-BAC1-26A0BECE63A6}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{4F55887F-14FF-42F4-8E6B-0B10AD2C5BED}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{C83A614F-4A58-42B2-B32B-1C323EEF9B19}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{CAE14950-0C23-4A1B-8F90-C39212FEA6F2}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{EA26AE4B-363D-410D-AA9E-57CC39B53087}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{3ED01330-C6DB-41A5-B2A2-A0E33F235627}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{621CA3FB-957B-4A24-8CE3-20D3156ABC8F}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [19.03.2009 12:43 108289]
S2 gupdate1c9a5a5badcef30;Google Update Service (gupdate1c9a5a5badcef30);c:\program files\Google\Update\GoogleUpdate.exe [15.03.2009 21:39 133104]
S3 FlashUSB;FlashUSB;c:\windows\System32\drivers\FlashUsb.sys [14.08.2009 12:49 16896]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\System32\drivers\SIVX32.sys [24.02.2007 07:27 19944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 19:39]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 19:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - Ostseewelle HIT-RADIO Mecklenburg-Vorpommern
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpSmartWebPrinting.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4056)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\System32\drivers\CDAC11BA.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-10-11 18:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-10-11 16:24
ComboFix2.txt 2009-10-11 12:25

Vor Suchlauf: 19 Verzeichnis(se), 51.140.890.624 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 50.924.982.272 Bytes frei

367 --- E O F --- 2009-10-09 07:05

Hallo,

habe ich alles richtig gemacht mit diesem ComboFix?

Und bin ich über den Berg?

Ja Geduld bitte, ich hab hier noch andere zu "verarzten"!
Mal ein kurzer Zwischenstand wäre schön: Wie ist es um Deinen PC nun mittlerweile bestellt?

ok, vielen dank schonmal

also der Task-Manager geht wieder und sonst ist von ihm nichts mehr zu sehen. Also startet nicht mehr Cyber Security

Aber ist er dann weg?

Lässt sich mit Sicherheit nicht sagen, das ist nunmal der Nachteil einer Bereinigung. Wenn Du sicher gehen willst/musst, ist eben eine Neuinstallation angesagt. Aber:

- Symptome sind weg
- Logfile sind sauber

Du kannst ja noch mal Kontrollscans durchführen:

Kaspersky - Onlinescanner

Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware.

---> hier herunterladen => Kaspersky Online Scanner
=> Hinweise zu älteren Versionen beachten!
=> Voraussetzung: Internet Explorer 6.0 oder höher
=> die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter
=> Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken
=> Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als
=> Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten
=> Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen

2.) Überprüfe den Rechner mit PrevXCSI. Poste ein Screenshot falls etwas gefunden werden sollte oder poste Namen und Pfade.