Ein fröhliches Moin in die Runde,

ich hab einen TR/Click Cycler Infektion an board und habe bereits die CHIP Jungens um Hilfe gebeten, die mich aber nu an Euch weitergeleitet haben.

Vielleicht könnt ihr mir helfen!

Ich habe schon alle möglichen logs gepostet - welches wollt ihr denn haben??

Gruß

Ich habe gerade mbr laufen lassen mit folgendem Ergebnis:

device: opened successfully
user: error reading MBR
kernel: MBR read successfull

welche hast du denn schon erstellt? welches windows kommt zum einsatz?

Hallo Markus,


es ist Windows Vista Home - vorinstalliert und ich habe scans von SuperSpyware, Eset online, Avira, Avenger und como Fix.

1. poste combofix.txt
2. sichere alle daten, fals es probleme gibt.
3. müssen wir den mbr neu schreiben. wenn du mit combofix auch die rettungskonsole instaliert hast, dann führst du die schritte des microsoft artikels in der konsole aus, wenn nicht, bitte von der windows cd, falls du eine richtige win cd hast, also keine recovery zb.

Beheben und Reparieren von Startproblemen in Windows Vista mit dem Hilfsprogramm "Bootrec.exe" in der Windows-Wiederherstellungsumgebung
den abschnitt fixmbr durchlesen und ausführen.
4. danach ein neues combofix log erstellen und das hier posten

Hallo Markus,

habe es grad nochmal mit mbr.exe versucht. Habe von diesem Rechner null CD und welches Posting soll ich denn nu machen?

du sollst nicht mbr.exe nutzen, ich tippe du hast die gedownloaded. du solst den mbr in der wiederherstellungskonsole reparieren, aber erst nach dem du die daten gesichert hast. dein combofix log (combofix.txt) möchte ich ebnfalls sehen.

Hab ich grad nochmal neu erstellt. Avira meldet einen HEUR/HTML Malware in c:\ComboFix\Clsid Files

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-06-18.03 - jeannette 19.06.2010  20:50:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium   
ausgeführt von:: c:\users\jeannette\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-19 bis 2010-06-19  ))))))))))))))))))))))))))))))
.

2010-06-19 18:59 . 2010-06-19 18:59	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-06-19 18:59 . 2010-06-19 18:59	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2010-06-19 18:59 . 2010-06-19 18:59	--------	d-----w-	c:\users\Gast.PC\AppData\Local\temp
2010-06-19 18:59 . 2010-06-19 18:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-06-19 18:59 . 2010-06-19 18:59	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2010-06-19 18:59 . 2010-06-19 18:59	--------	d-----w-	c:\users\abo\AppData\Local\temp
2010-06-19 09:16 . 2010-06-19 09:16	--------	d-----w-	c:\users\jeannette\AppData\Roaming\Avira
2010-06-18 22:18 . 2010-06-18 22:18	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Avira
2010-06-18 22:14 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-06-18 22:14 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-06-18 22:14 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-06-18 22:14 . 2010-06-18 22:14	--------	d-----w-	c:\programdata\Avira
2010-06-18 22:14 . 2010-06-18 22:14	--------	d-----w-	c:\program files\Avira
2010-06-18 19:53 . 2010-06-18 19:53	--------	d-----w-	c:\program files\ESET
2010-06-18 16:03 . 2010-06-18 16:04	63488	----a-w-	c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-18 16:03 . 2010-06-18 16:03	52224	----a-w-	c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-18 16:03 . 2010-06-18 16:04	117760	----a-w-	c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-18 16:02 . 2010-06-18 16:02	--------	d-----w-	c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2010-06-18 16:02 . 2010-06-18 16:02	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2010-06-18 16:02 . 2010-06-18 16:02	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-06-18 14:51 . 2010-06-19 19:00	--------	d-----w-	c:\users\jeannette\AppData\Local\temp
2010-06-18 14:40 . 2009-10-25 04:11	77312	----a-w-	C:\MBR.exe
2010-06-18 12:12 . 2010-06-18 12:12	0	----a-w-	c:\windows\nsreg.dat
2010-06-18 12:12 . 2010-06-18 12:12	--------	d-----w-	c:\users\Administrator\AppData\Local\Mozilla
2010-06-18 12:11 . 2010-06-18 12:11	--------	d-----w-	c:\users\Administrator\AppData\Local\Sony_Corporation
2010-06-18 12:11 . 2010-06-18 12:11	97632	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-18 12:10 . 2010-06-18 12:10	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Sony Corporation
2010-06-18 12:05 . 2010-06-18 12:05	--------	d-----w-	C:\_OTL
2010-06-16 09:19 . 2010-06-16 09:19	--------	d-----w-	c:\users\jeannette\AppData\Roaming\Malwarebytes
2010-06-16 09:19 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-16 09:19 . 2010-06-16 09:19	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-16 09:19 . 2010-06-16 09:19	--------	d-----w-	c:\programdata\Malwarebytes
2010-06-16 09:19 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-06-16 05:39 . 2010-06-16 05:40	--------	d-----w-	C:\Boon Jin
2010-06-15 21:57 . 2010-06-15 21:57	--------	d-----w-	c:\programdata\Simply Super Software
2010-06-15 15:29 . 2010-06-15 15:29	4	----a-w-	c:\program files\48453.dat
2010-06-13 11:40 . 2010-06-13 12:24	--------	d-----w-	c:\users\jeannette\AppData\Roaming\Audacity
2010-06-12 13:08 . 2010-06-12 13:08	--------	d-----w-	c:\programdata\Kaspersky Lab
2010-06-08 14:01 . 2010-06-08 14:01	--------	d-----w-	c:\program files\Windows Portable Devices
2010-06-08 13:51 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2010-06-08 13:51 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2010-06-08 13:51 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2010-06-08 13:49 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2010-06-08 13:49 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2010-06-08 13:49 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2010-06-07 17:30 . 2010-01-06 15:39	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-06-07 17:30 . 2010-01-06 15:38	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-06-07 17:30 . 2010-01-06 13:30	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-06 22:28 . 2010-06-06 22:29	--------	d-----w-	c:\windows\system32\ca-ES
2010-06-06 22:28 . 2010-06-06 22:29	--------	d-----w-	c:\windows\system32\eu-ES
2010-06-06 22:28 . 2010-06-06 22:29	--------	d-----w-	c:\windows\system32\vi-VN
2010-06-06 22:23 . 2010-06-06 22:23	--------	d-----w-	c:\windows\system32\SPReview
2010-06-06 22:06 . 2009-04-10 21:28	928768	----a-w-	c:\windows\system32\scavenge.dll
2010-06-06 22:06 . 2009-04-10 21:27	57856	----a-w-	c:\windows\system32\compcln.exe
2010-06-06 22:04 . 2009-04-10 21:28	978432	----a-w-	c:\windows\system32\drmv2clt.dll
2010-06-06 22:03 . 2009-04-10 21:28	29696	----a-w-	c:\windows\system32\ifmon.dll
2010-06-06 21:58 . 2010-06-06 21:58	--------	d-----w-	c:\windows\system32\EventProviders
2010-06-06 21:31 . 2010-06-06 21:31	4	----a-w-	c:\program files\30825.dat
2010-06-05 20:26 . 2010-06-12 10:17	--------	d-----w-	c:\program files\daVinci
2010-06-04 08:14 . 2010-06-12 10:20	--------	d-----w-	C:\Smoothboard
2010-05-26 07:47 . 2010-04-23 14:13	2048	----a-w-	c:\windows\system32\tzres.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 07:09 . 2008-01-21 07:15	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-06-19 07:09 . 2008-01-21 07:15	122842	----a-w-	c:\windows\system32\perfc007.dat
2010-06-18 19:44 . 2008-11-25 10:05	12	----a-w-	c:\windows\bthservsdp.dat
2010-06-18 12:10 . 2010-06-18 12:08	8224	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-18 08:54 . 2009-06-03 13:01	1356	----a-w-	c:\users\jeannette\AppData\Local\d3d9caps.dat
2010-06-16 05:42 . 2008-11-25 12:40	--------	d-----w-	c:\program files\Google
2010-06-12 10:19 . 2008-11-25 10:42	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-06-12 10:05 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-06-10 17:52 . 2009-10-04 08:29	--------	d-----w-	c:\users\jeannette\AppData\Roaming\gtk-2.0
2010-06-10 17:02 . 2009-06-04 10:45	--------	d-----w-	c:\users\jeannette\AppData\Roaming\Skype
2010-06-10 16:59 . 2009-06-04 10:55	--------	d-----w-	c:\users\jeannette\AppData\Roaming\skypePM
2010-06-08 14:01 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-06-08 14:01 . 2010-06-08 14:01	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-06 22:30 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2010-06-06 22:29 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2010-06-06 22:29 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2010-06-06 22:29 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2010-06-06 22:29 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2010-06-06 22:29 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2010-06-04 17:26 . 2010-01-14 14:42	--------	d-----w-	c:\users\jeannette\AppData\Roaming\FileZilla
2010-05-26 17:06 . 2010-06-11 11:25	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 11:25	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 06:46	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-13 09:57 . 2010-05-12 16:50	--------	d-----w-	c:\program files\pdf24
2010-05-13 09:35 . 2010-05-13 09:35	--------	d-----w-	c:\program files\gs
2010-05-04 19:15 . 2010-06-11 11:25	834048	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-11 11:25	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-11 11:25	2037248	----a-w-	c:\windows\system32\win32k.sys
2010-04-30 10:43 . 2010-04-30 10:43	--------	d-----w-	c:\program files\Ashampoo
2010-04-21 17:11 . 2010-04-21 16:58	--------	d-----w-	c:\users\jeannette\AppData\Roaming\Ashampoo
2010-04-21 16:57 . 2010-04-21 16:57	--------	d-----w-	c:\programdata\ashampoo
2010-04-21 16:56 . 2010-04-21 16:56	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-04-21 15:31 . 2010-03-20 06:49	--------	d-----w-	c:\program files\PixelNet Foto Client
2010-04-17 14:48 . 2010-04-17 14:48	6416	----a-w-	c:\programdata\AAV\SSE\15\UpdateFiles\SSEStandard_Patch_15.10.bat
2010-04-06 17:00 . 2010-04-06 17:00	97632	----a-w-	c:\users\abo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-05 17:01 . 2010-06-11 11:25	67072	----a-w-	c:\windows\system32\asycfilt.dll
2010-03-26 08:21 . 2010-02-16 10:46	97632	----a-w-	c:\users\Gast.PC\AppData\Local\GDIPFONTCACHEV1.DAT
2003-03-21 12:45 . 2010-02-25 13:24	250544	----a-w-	c:\program files\Common Files\keyhelp.ocx
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}"= "c:\program files\Spesoft\tbSpes.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
2009-11-09 17:38	2331672	----a-w-	c:\program files\Spesoft\tbSpes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}"= "c:\program files\Spesoft\tbSpes.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-11-22 270336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6295552]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-30 122880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-12-08 24576]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-09-09 1097728]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 343552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-03-11 208528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 776744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-11-05 17:32	98304	------w-	c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d9,ff,b5,18,c9,05,cb,01

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-10-21 29736]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-07-31 264704]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-05 30192]
R3 KMUSBSCN;KM USB Scan Svc;c:\windows\system32\Drivers\KMUSBSCN.sys [2005-02-25 31232]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-10-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-10-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-10-21 62752]
R3 utm4nzuz;AVZ Kernel Driver; [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-10-01 369952]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-09-19 83232]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2008-11-22 303104]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-10-17 102400]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-10-17 415584]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-11 446464]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-08-22 9344]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-06-19 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.freenet.de/freenet/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\jeannette\AppData\Roaming\Mozilla\Firefox\Profiles\etb321a9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.freenet.de/freenet/|hxxp://www.bsh.de/aktdat/wvd/wastabi_n.htm|hxxp://www.rohde-bus.de/tmpl/ExtensionPage____13361.aspx?epslanguage=ML|hxxp://wetterstationen.meteomedia.de/messnetz/eu_d.html|hxxp://wetterstationen.meteomedia.de/messnetz/forecast/100240.html|hxxp://www.dwd.de/|hxxp://www.windfinder.com/forecast/hallig_hooge|hxxp://www.eugen-traeger-schule.lernnetz.de/html/gastebuchverwaltung.php|hxxp://de.msn.com/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-19 21:00
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

 [0] 0x6F006400

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5156)
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2010-06-19  21:03:26
ComboFix-quarantined-files.txt  2010-06-19 19:03
ComboFix2.txt  2010-06-18 14:51

Vor Suchlauf: 16 Verzeichnis(se), 317.652.217.856 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 318.456.184.832 Bytes frei

- - End Of File - - 8CE0EDE857C69A942B3148EA5415A07E[/QUOTE]
         

--- --- ---

Das mit dem Sichern dauert eine Weile...