Avast, Adware S&D, Malwarebytes "frieren" ein

m1santh3op

Ja, stimmt, da ist auch noch ein Log


ComboFix 10-02-18.09 - Horwath 19.02.2010 21:56:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2525.1375 [GMT 1:00]
ausgeführt von:: c:\users\Horwath\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3682626671-1488881699-1273576923-500
c:\program files\PlayMP3z
c:\program files\PlayMP3z\PlayMP3.exe
c:\program files\PlayMP3z\uninstall.exe
c:\users\Horwath\AppData\Roaming\.#
c:\users\Horwath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z
c:\users\Horwath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif
c:\windows\Suyin.reg

.
((((((((((((((((((((((( Dateien erstellt von 2010-01-19 bis 2010-02-19 ))))))))))))))))))))))))))))))
.

2010-02-19 20:36 . 2010-02-19 20:36 -------- d-----w- c:\program files\CCleaner
2010-02-18 19:23 . 2010-02-18 19:23 -------- d-----w- C:\rsit
2010-02-15 17:07 . 2010-02-15 17:07 -------- d-----w- c:\program files\Trend Micro
2010-02-15 15:36 . 2010-02-15 15:36 -------- d-----w- c:\users\Horwath\AppData\Roaming\Malwarebytes
2010-02-15 15:36 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 15:36 . 2010-02-15 15:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 15:36 . 2010-02-15 15:36 -------- d-----w- c:\programdata\Malwarebytes
2010-02-15 15:36 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 16:08 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-14 16:06 . 2010-02-14 16:06 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-14 16:06 . 2010-02-14 16:08 -------- d-----w- c:\programdata\Lavasoft
2010-02-14 16:06 . 2010-02-14 16:06 -------- d-----w- c:\program files\Lavasoft
2010-02-10 00:55 . 2010-02-10 00:55 -------- d-----w- c:\users\Horwath\AppData\Local\ArcSoft
2010-02-10 00:54 . 2010-02-10 00:55 -------- d-----w- c:\programdata\ArcSoft
2010-02-10 00:54 . 2010-02-10 00:54 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-02-10 00:54 . 2010-02-10 00:54 -------- d-----w- c:\program files\ArcSoft
2010-02-10 00:53 . 2010-02-11 11:11 -------- d-----w- c:\users\Horwath\AppData\Roaming\ArcSoft
2010-02-09 22:29 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-09 22:29 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-09 04:34 . 2010-02-10 00:18 -------- d-----w- c:\users\Horwath\.gigaflat
2010-02-08 07:04 . 2010-02-08 07:04 -------- d-----w- c:\programdata\LightScribe
2010-02-08 07:04 . 2010-02-08 07:04 -------- d-----w- c:\users\Horwath\AppData\Roaming\Nero
2010-02-08 03:42 . 2010-02-08 03:42 -------- d-----w- c:\users\Horwath\AppData\Local\AskToolbar
2010-02-08 03:25 . 2010-02-08 03:44 -------- d-----w- c:\program files\Nero
2010-02-08 03:24 . 2010-02-08 03:29 -------- d-----w- c:\programdata\Nero
2010-02-08 03:24 . 2010-02-08 03:45 -------- d-----w- c:\program files\Common Files\Nero
2010-02-08 03:23 . 2010-02-08 03:23 -------- d-----w- c:\program files\Ask.com
2010-02-08 00:11 . 2010-02-08 00:11 -------- d-----w- c:\program files\WLAN_Software
2010-02-08 00:11 . 2007-08-17 14:14 891392 ----a-w- c:\windows\system32\drivers\athrusb.sys
2010-02-08 00:11 . 2010-02-08 00:11 -------- d-----w- c:\program files\AutoInstall
2010-01-31 21:38 . 2010-01-31 21:38 -------- d-----w- c:\program files\HideMyMAC

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 18:57 . 2008-06-22 16:28 -------- d-----w- c:\program files\Google
2010-02-18 12:44 . 2010-02-18 12:44 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-14 16:07 . 2010-02-14 16:07 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-14 16:07 . 2010-02-14 16:07 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-14 16:07 . 2010-02-14 16:07 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-14 16:07 . 2010-02-14 16:07 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-14 13:25 . 2009-07-10 01:03 -------- d-----w- c:\users\Horwath\AppData\Roaming\Save
2010-02-14 11:57 . 2009-12-04 17:42 -------- d-----w- c:\program files\Paint.NET
2010-02-10 00:56 . 2008-11-02 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 00:55 . 2010-02-10 00:55 5299337 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-02-10 00:55 . 2010-01-17 12:20 -------- d-----w- c:\users\Horwath\AppData\Roaming\Azureus
2010-02-10 00:35 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-02-10 00:35 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-02-10 00:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-09 23:17 . 2008-11-02 19:15 -------- d-----w- c:\programdata\Microsoft Help
2010-02-09 00:08 . 2010-02-09 00:08 4141117 ----a-w- c:\users\Horwath\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-02-09 00:08 . 2010-02-09 00:08 6516755 ----a-w- c:\users\Horwath\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-02-09 00:08 . 2010-02-09 00:08 15884 ----a-w- c:\users\Horwath\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess.dll
2010-02-09 00:08 . 2010-02-09 00:07 102400 ----a-w- c:\users\Horwath\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.14.3-x86.dll
2010-02-08 18:50 . 2010-01-18 06:51 -------- d-----w- c:\users\Horwath\AppData\Roaming\Usenet.nl
2010-02-07 17:53 . 2009-06-28 07:00 -------- d-----w- c:\users\Horwath\AppData\Roaming\Winamp
2010-02-07 15:08 . 2009-09-02 13:54 -------- d-----w- c:\users\Horwath\AppData\Roaming\U3
2010-02-02 09:00 . 2010-02-02 09:00 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAB6D.tmp.exe
2010-01-31 21:46 . 2010-01-18 06:50 -------- d-----w- c:\program files\Usenet.nl
2010-01-31 13:53 . 2010-01-31 13:53 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8364.tmp.exe
2010-01-25 23:21 . 2009-12-16 04:48 -------- d-----w- c:\users\Horwath\AppData\Roaming\dvdcss
2010-01-20 10:06 . 2010-01-20 10:06 -------- d-----w- c:\users\Horwath\AppData\Roaming\ResizeMyPhotos
2010-01-20 10:06 . 2010-01-20 10:06 -------- d-----w- c:\users\Horwath\AppData\Roaming\ResizeMe_
2010-01-20 10:06 . 2010-01-20 10:06 102134 ----a-r- c:\users\Horwath\AppData\Roaming\Microsoft\Installer\{FC19BA02-E1E3-40E0-9FA9-6CEAA62C60C6}\_B647F9CE62EDCB94E803D4.exe
2010-01-20 10:06 . 2010-01-20 10:06 102134 ----a-r- c:\users\Horwath\AppData\Roaming\Microsoft\Installer\{FC19BA02-E1E3-40E0-9FA9-6CEAA62C60C6}\_6FEFF9B68218417F98F549.exe
2010-01-20 10:06 . 2010-01-20 10:06 10134 ----a-r- c:\users\Horwath\AppData\Roaming\Microsoft\Installer\{FC19BA02-E1E3-40E0-9FA9-6CEAA62C60C6}\_E358094509AD64018C65B5.exe
2010-01-20 10:06 . 2010-01-20 10:06 -------- d-----w- c:\program files\SHProd
2010-01-20 10:05 . 2010-01-20 10:05 -------- d-----w- c:\program files\ResizeMyPhotosSetup
2010-01-20 09:34 . 2010-01-20 09:34 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-20 03:28 . 2010-01-20 03:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 06:44 . 2010-01-18 06:44 -------- d-----w- c:\users\Horwath\AppData\Roaming\CommunicaEtor
2010-01-18 06:43 . 2010-01-18 06:43 164471 ----a-w- c:\programdata\CommunicaEtor\Uninstall.exe
2010-01-18 06:43 . 2010-01-18 05:09 -------- d-----w- c:\programdata\CommunicaEtor
2010-01-17 23:10 . 2010-01-17 23:10 -------- d-----w- c:\users\Horwath\AppData\Roaming\invendio Client
2010-01-17 23:10 . 2010-01-17 22:53 -------- d-----w- c:\program files\aEton Usenet Wizard
2010-01-17 20:52 . 2010-01-17 12:19 -------- d-----w- c:\program files\Vuze
2010-01-17 12:21 . 2010-01-17 12:21 -------- d-----w- c:\programdata\Azureus
2010-01-14 10:12 . 2009-11-03 10:07 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-05 10:27 . 2008-06-21 23:54 103352 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-02 06:38 . 2010-01-23 23:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-23 23:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-23 23:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-23 23:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-22 20:33 . 2009-12-22 20:01 680 ----a-w- c:\users\Dorian\AppData\Local\d3d9caps.dat
2009-12-22 20:01 . 2009-12-22 20:00 -------- d-----w- c:\users\Dorian\AppData\Roaming\CyberLink
2009-12-08 20:02 . 2009-06-21 20:51 680 ----a-w- c:\users\Horwath\AppData\Local\d3d9caps.dat
2009-12-08 20:01 . 2010-02-09 22:28 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-09 22:28 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-09 22:28 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-09 22:28 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-07 18:07 . 2009-12-07 18:07 16398 ----a-r- c:\users\Horwath\AppData\Roaming\Microsoft\Installer\{511C063E-31A6-4D9D-8797-D092934F2C86}\_9577663BA2ACB995F94A2C.exe
2009-12-07 18:07 . 2009-12-07 18:07 16398 ----a-r- c:\users\Horwath\AppData\Roaming\Microsoft\Installer\{511C063E-31A6-4D9D-8797-D092934F2C86}\_1AA0704E36E0431644D7BD.exe
2009-12-07 14:10 . 2010-02-14 16:06 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-04 18:30 . 2010-02-09 22:28 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-09 22:28 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-09 22:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-09 22:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-09 22:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-09 22:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-09 22:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-09 22:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-09 22:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 16:14 . 2009-12-04 16:14 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAC77.tmp.exe
2009-12-04 15:56 . 2010-02-09 22:28 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-09 22:28 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-24 23:54 . 2009-09-23 16:05 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-09-23 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-23 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-23 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-09-23 16:05 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-23 16:05 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-23 16:05 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-30 09:40 1182088 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0350Ext.ax"="c:\windows\system32\V0350Ext.ax" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-06-22 3673600]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-11 524288]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2008-08-07 495616]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-22 28672]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 173352]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2010-02-08 40960]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2010-2-10 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-06-22 16:37 3116032 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4a,b5,87,59,79,3c,ca,01

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [22.06.2008 17:36 43184]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [14.02.2010 17:08 64288]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [23.09.2009 17:05 114768]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [22.06.2008 17:41 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23.09.2009 17:05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23.09.2009 17:05 53328]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03.03.2008 13:11 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [22.06.2008 17:43 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [02.11.2008 19:44 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [22.06.2008 17:37 3521024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02.12.2009 14:19 1181328]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25.04.2008 21:36 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [22.06.2008 17:43 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25.04.2008 21:36 131072]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.sys [13.08.2007 03:51 5120]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [22.06.2008 00:49 22072]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28.03.2007 07:51 43008]
S2 gupdate1c9cfecca1102db;Google Update Service (gupdate1c9cfecca1102db);c:\program files\Google\Update\GoogleUpdate.exe [08.05.2009 15:53 133104]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [08.02.2010 01:11 891392]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [15.02.2010 16:36 38224]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [03.11.2008 03:41 419328]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\System32\drivers\V0350Afx.sys [22.05.2009 00:56 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\System32\drivers\V0350Vfx.sys [22.05.2009 00:56 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\System32\drivers\V0350Vid.sys [22.05.2009 00:56 170368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-02-19 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:07]

2010-02-19 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:07]

2010-02-19 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:07]

2010-02-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:07]

2010-02-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:07]

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 14:53]

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 14:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0608&m=t
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Als HTML speichern - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} - hxxps://img.web.de/v/smartdrive/v23/activex/web_de_osupload_2002.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{C4AE99E2-EA7E-4454-A422-0F613FB3C293} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-Save - c:\program files\Save\SaveUninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 22:10
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3288)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-02-19 22:17:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-02-19 21:17

Vor Suchlauf: 13 Verzeichnis(se), 26.120.626.176 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 25.603.383.296 Bytes frei

- - End Of File - - 0E5103FB1597A724BD0AC4DC0930D3E5