I've been infected by something...

**Barrachiel** · 2008-12-07, 13:25

hello,
I surfed through the internet to serve my problem and it really seems that nothing and nobody can help me. My Windows Vista is almost fucked up, I've got no internet-connection and even my Avast can't handle the thing I've on my laptop...

So, you guys are my last hope to solve my problem...

In advance, I read some other threads here before and I downloaded several programs to my desktop (Spybot, ATF-Cleaner, ComboFix, HiJackThis, etc.) but I didn't use it until now. (except HiJackThis and ComboFix for the logs)

So, here is, what HiJackThis says:
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:53:58, on 07.12.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Admin\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\Windows\TEMP\E_S31D9.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Admin\AppData\Local\Temp\tuVNHywV.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Admin\AppData\Local\Temp\vtUmJDuV.dll,c

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--

End of file - 11587 bytes

Here is, what ComboFix says:
ComboFix 08-12-06.06 - Admin 2008-12-07 12:59:44.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2154 [GMT 1:00]

ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe

* Neuer Wiederherstellungspunkt wurde erstellt

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll

c:\users\Admin\AppData\Roaming\.#

.

((((((((((((((((((((((( Dateien erstellt von 2008-11-07 bis 2008-12-07 ))))))))))))))))))))))))))))))

.

2008-12-07 13:04 . 2008-12-07 13:05 353,074,267 --a------ c:\windows\MEMORY.DMP

2008-12-07 08:42 . 2008-06-30 16:30 188,547 --a------ C:\wubildr

2008-12-07 08:42 . 2008-06-30 16:30 8,192 --a------ C:\wubildr.mbr

2008-12-07 08:41 . 2008-12-07 08:41 <DIR> d-------- C:\ubuntu

2008-12-07 08:38 . 2008-12-07 08:38 <DIR> d-------- C:\ubuntu-backup

2008-12-05 00:18 . 2008-12-05 00:18 183,112 --a------ c:\windows\System32\PnkBstrB.exe

2008-12-05 00:18 . 2008-12-05 00:18 138,184 --a------ c:\windows\System32\drivers\PnkBstrK.sys

2008-12-05 00:18 . 2008-12-05 00:18 66,872 --a------ c:\windows\System32\PnkBstrA.exe

2008-12-04 20:48 . 2008-12-04 20:48 <DIR> d-------- c:\users\Admin\AppData\Roaming\Leadertech

2008-12-04 19:15 . 2008-12-04 19:15 <DIR> d-------- c:\program files\EA Games

2008-11-28 15:43 . 2008-11-28 15:43 <DIR> d-------- c:\windows\Sun

2008-11-28 15:38 . 2008-11-28 15:38 <DIR> d-------- c:\users\Admin\Scilab

2008-11-28 15:20 . 2008-11-28 15:21 <DIR> d-------- c:\program files\scilab-4.1.1

2008-11-28 14:05 . 2008-12-04 11:47 <DIR> d-------- c:\program files\Java

2008-11-28 14:05 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll

2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\users\All Users\TuneUp Software

2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\users\Admin\AppData\Roaming\TuneUp Software

2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\programdata\TuneUp Software

2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\program files\TuneUp Utilities 2009

2008-11-18 20:25 . 2008-11-18 20:25 603,904 --a------ c:\windows\System32\TUProgSt.exe

2008-11-18 20:25 . 2008-11-18 20:25 362,240 --a------ c:\windows\System32\TuneUpDefragService.exe

2008-11-18 20:25 . 2008-11-12 16:44 27,904 --a------ c:\windows\System32\uxtuneup.dll

2008-11-18 20:25 . 2008-11-12 16:44 17,152 --a------ c:\windows\System32\authuitu.dll

2008-11-18 20:24 . 2008-11-18 20:24 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}

2008-11-18 20:24 . 2008-11-18 20:24 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}

2008-11-18 18:07 . 2008-11-18 18:09 <DIR> d-------- c:\users\All Users\EPSON

2008-11-18 18:07 . 2008-11-18 18:09 <DIR> d-------- c:\programdata\EPSON

2008-11-18 18:07 . 2008-11-18 18:07 <DIR> d-------- c:\program files\EPSON

2008-11-18 18:07 . 2006-12-08 02:04 76,800 --a------ c:\windows\System32\E_FLBAIE.DLL

2008-11-18 18:07 . 2006-04-19 02:00 62,976 --a------ c:\windows\System32\E_FD4BAIE.DLL

2008-11-18 18:07 . 2004-09-10 20:12 49,152 --a------ c:\windows\System32\E_DCINST.DLL

2008-11-17 10:11 . 2008-11-17 10:11 <DIR> d-------- c:\users\All Users\Acronis

2008-11-17 10:11 . 2008-11-17 10:11 <DIR> d-------- c:\users\Admin\AppData\Roaming\Acronis

2008-11-17 10:11 . 2008-11-17 10:11 <DIR> d-------- c:\programdata\Acronis

2008-11-17 10:08 . 2008-11-17 10:08 950,848 --a------ c:\windows\System32\drivers\tdrpm124.sys

2008-11-17 10:08 . 2008-11-17 10:08 539,104 --a------ c:\windows\System32\drivers\timntr.sys

2008-11-17 10:08 . 2008-11-17 10:08 134,272 --a------ c:\windows\System32\drivers\snman378.sys

2008-11-17 10:08 . 2008-11-17 10:08 44,704 --a------ c:\windows\System32\drivers\tifsfilt.sys

2008-11-17 10:07 . 2008-11-17 10:07 <DIR> d-------- c:\program files\Common Files\Acronis

2008-11-17 10:07 . 2008-11-17 10:07 <DIR> d-------- c:\program files\Acronis

2008-11-14 14:18 . 2008-11-14 14:18 <DIR> d-------- c:\users\Admin\AppData\Roaming\Apple Computer

2008-11-14 14:13 . 2008-11-14 14:13 <DIR> d-------- c:\program files\Safari

2008-11-14 14:12 . 2008-11-14 14:12 <DIR> d-------- c:\users\All Users\Apple

2008-11-14 14:12 . 2008-11-14 14:12 <DIR> d-------- c:\programdata\Apple

2008-11-14 14:12 . 2008-11-14 14:12 <DIR> d-------- c:\program files\Apple Software Update

2008-11-12 22:02 . 2008-11-12 22:07 <DIR> d-------- c:\users\Admin\Option

2008-11-12 21:58 . 2008-11-12 21:58 <DIR> d-------- c:\users\All Users\Seagate

2008-11-12 21:58 . 2008-11-12 21:58 <DIR> d-------- c:\programdata\Seagate

2008-11-12 21:58 . 2008-11-12 21:58 <DIR> d-------- c:\program files\Seagate

2008-11-12 10:11 . 2008-11-12 10:11 <DIR> d--h----- c:\windows\PIF

2008-11-10 12:25 . 2008-11-10 12:25 <DIR> d-------- c:\program files\Opera

2008-11-07 19:03 . 2008-11-07 19:03 <DIR> d-------- c:\users\Admin\AppData\Roaming\Aptana

2008-11-07 19:02 . 2008-11-07 19:02 <DIR> d-------- C:\Aptana

2008-11-07 00:43 . 2008-12-07 12:45 <DIR> d-------- c:\users\Admin\AppData\Roaming\skypePM

2008-11-07 00:43 . 2008-11-07 00:43 56 ---h----- c:\users\All Users\ezsidmv.dat

2008-11-07 00:43 . 2008-11-07 00:43 56 ---h----- c:\programdata\ezsidmv.dat

2008-11-07 00:40 . 2008-12-07 12:45 <DIR> d-------- c:\users\Admin\AppData\Roaming\Skype

2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\users\All Users\Skype

2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\programdata\Skype

2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\program files\Skype

2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\program files\Common Files\Skype

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-07 11:48 --------- d-----w c:\users\Admin\AppData\Roaming\OpenOffice.org2

2008-12-04 23:26 27,839 ----a-w c:\users\All Users\nvModes.dat

2008-12-04 23:26 27,839 ----a-w c:\programdata\nvModes.dat

2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys

2008-11-20 18:03 --------- d-----w c:\program files\Acer GameZone

2008-11-20 11:23 --------- d-----w c:\program files\Mozilla Thunderbird

2008-11-14 13:12 --------- d-----w c:\program files\Bonjour

2008-11-12 20:59 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-04 15:52 --------- d---a-w c:\programdata\TEMP

2008-11-04 15:43 --------- d-----w c:\programdata\JollyBear

2008-11-04 15:27 --------- d-----w c:\users\Admin\AppData\Roaming\FloodLightGames

2008-11-02 16:12 --------- d-----w c:\users\Admin\AppData\Roaming\dvdcss

2008-10-30 10:53 --------- d-----w c:\users\Admin\AppData\Roaming\FileZilla

2008-10-28 11:49 --------- d-----w c:\users\Admin\AppData\Roaming\vlc

2008-10-27 23:23 --------- d-----w c:\program files\QuickPar

2008-10-27 20:28 --------- d-----w c:\users\Admin\AppData\Roaming\Verimount

2008-10-27 20:27 --------- d-----w c:\program files\VideoLAN

2008-10-27 20:27 --------- d-----w c:\program files\Verimount

2008-10-27 17:11 --------- d-----w c:\programdata\NtiDvdCopy

2008-10-27 17:09 --------- d-----w c:\programdata\LightScribe

2008-10-17 13:13 --------- d-----w c:\users\Admin\AppData\Roaming\Subversion

2008-10-17 13:05 --------- d-----w c:\users\Admin\AppData\Roaming\ICSharpCode

2008-10-17 13:04 --------- d-----w c:\program files\SharpDevelop

2008-10-17 08:42 --------- d-----w c:\users\Admin\AppData\Roaming\Scilab

2008-10-16 13:06 --------- d-----w c:\program files\UltraISO

2008-10-16 10:05 --------- d-----w c:\program files\Common Files\Adobe

2008-10-16 10:02 --------- d-----w c:\program files\Common Files\Control Panels

2008-10-16 10:00 --------- d-----w c:\programdata\ALM

2008-10-16 09:53 --------- d-----w c:\program files\QuickTime

2008-10-16 09:39 --------- d-----w c:\program files\Common Files\Macrovision Shared

2008-10-15 07:43 --------- d-----w c:\program files\Totally Free Burner

2008-10-14 15:01 --------- d-----w c:\program files\Macromedia

2008-10-14 15:01 --------- d-----w c:\program files\Common Files\Macromedia

2008-10-14 14:07 --------- d-----w c:\users\Admin\AppData\Roaming\Acer

2008-10-14 08:25 --------- d-----w c:\programdata\CyberLink

2008-10-12 09:46 --------- d-----w c:\programdata\FLEXnet

2008-10-09 16:59 --------- d-----w c:\program files\Lavalys

2008-10-09 12:27 --------- d-----w c:\program files\Alwil Software

2008-10-09 08:36 352,840 ----a-w c:\program files\NSD.EXE

2008-10-07 18:49 --------- d-----w c:\program files\7-Zip

2008-10-06 19:26 409,600 ----a-w c:\windows\System32\wrap_oal.dll

2008-10-06 19:26 114,688 ----a-w c:\windows\System32\OpenAL32.dll

2008-09-25 19:54 21,840 ----atw c:\windows\System32\SIntfNT.dll

2008-09-25 19:54 17,212 ----atw c:\windows\System32\SIntf32.dll

2008-09-25 19:54 12,067 ----atw c:\windows\System32\SIntf16.dll

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2008-08-04 13:02 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-08-04 13:02 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-08-04 13:02 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-25 07:39 121392 --------- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

"EPSON Stylus Photo R220 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2006-12-25 177664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-07 13527584]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-07 92704]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]

"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-04-24 3642368]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]

"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-09-15 4353088]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-09-15 962456]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-09-15 165144]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [16.10.2008 10:52:38 295606]

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [22.10.2006 23:01:50 734872]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [24.04.2007 17:50:32 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]

2008-04-24 17:10 3024384 c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk

backup=c:\windows\pss\Acer VCM.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2006-10-22 22:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

--a------ 2008-02-25 18:57 34040 c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

--------- 2008-03-04 23:38 526896 c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

--a------ 2008-03-13 10:24 805384 c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

--a------ 2008-01-29 08:03 303104 c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{3E4BFDCE-E39C-42D1-BAC7-197FC7865DBF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{E9A6E6E6-D8AF-4037-A7B5-77B6299AAD62}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{34D57345-043F-40FA-AF98-9A250A6754C1}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{F31BCE89-8993-4828-8D15-4192EAC315BC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{E9E175FD-2D92-4F79-BC2D-A4807DD37939}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{3F96D564-BABC-47BD-A99D-78A5E29167A5}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{7A036DBC-8E61-442A-A28D-EEC4A438DE80}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{7184E325-445B-4C2F-BFF9-A1A1B571D85B}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{CB42C434-9F2B-4488-9035-8100747E1084}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM

"{C5446ADD-47AF-448D-B172-2A6FC44FF3E3}"= UDP:3703:Adobe Version Cue CS3 Server

"{65AB6F20-7575-4ADC-9439-899434DFC328}"= UDP:3704:Adobe Version Cue CS3 Server

"{83D16AF4-463B-4382-BDA0-5BEF27196470}"= UDP:50900:Adobe Version Cue CS3 Server

"{404C8D48-5C89-4056-8488-E0EFF671042B}"= UDP:50901:Adobe Version Cue CS3 Server

"{C66E2C6E-AE5F-4556-B72F-D7AA47541E21}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{7C942553-E20B-4422-8B60-C999885D10D8}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{3DACEC3B-02C2-48E1-89C9-D081171DDE2B}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{183BEC28-97A0-4613-8B1B-C0BE832820E3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{D82B78B3-C3D6-422A-B740-792A1EEF9E8E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{611F8975-9789-4F15-9C7B-11E151C0C73E}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary

"UDP Query User{13D4EA69-5039-4D53-8DF3-F3E1CD86E02E}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [24.04.2008 17:10:12 43184]

R0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\DRIVERS\snman378.sys [17.11.2008 10:08:12 134272]

R0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\DRIVERS\tdrpm124.sys [17.11.2008 10:08:31 950848]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09.10.2008 13:27:18 111184]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [09.10.2008 13:27:18 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [09.10.2008 13:27:02 51792]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [29.03.2008 03:47:57 24576]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [24.04.2008 17:30:17 233472]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18.11.2008 20:25:52 603904]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [15.02.2008 08:09:30 595248]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [29.03.2008 03:47:10 54784]

R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1E60x86.sys [28.03.2008 20:22:22 48128]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [15.02.2008 08:09:46 40752]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [29.03.2008 03:46:09 80912]

S4 BUNAgentSvc;NTI Backup Now 5 Agent Service;"c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [25.02.2008 18:57:22 21752]

S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25.02.2008 02:02:54 49152]

S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25.02.2008 18:53:16 131072]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ddf84fb-b0ee-11dd-ad84-00a0d1a52fe2}]

\shell\AutoRun\command - H:\Launch.exe /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{321e1d75-7cc3-11dd-8eed-001de0ab414f}]

\shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a52f18b3-7b1a-11dd-bd28-001de0ab414f}]

\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d82f23af-b890-11dd-9685-00a0d1a52fe2}]

\shell\AutoRun\command - I:\LaunchU3.exe -a

.

Inhalt des "geplante Tasks" Ordners

2008-12-07 c:\windows\Tasks\1-Klick-Wartung.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-13 12:03]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.at/

mStart Page = hxxp://de.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

FireFox -: Profile - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pu4of9yd.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.at/

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-07 13:05:12

Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4044)

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\windows\system32\btmmhook.dll

c:\windows\System32\SysHook.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\System32\rundll32.exe

c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\windows\System32\agrsmsvc.exe

c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\windows\System32\PnkBstrA.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\System32\rundll32.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\ehome\ehmsas.exe

c:\users\Admin\AppData\Local\Temp\RtkBtMnt.exe

c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2008-12-07 13:08:38 - PC wurde neu gestartet [Admin]

ComboFix-quarantined-files.txt 2008-12-07 12:08:34

Vor Suchlauf: 24 Verzeichnis(se), 68.147.396.608 Bytes frei

Nach Suchlauf: 24 Verzeichnis(se), 67,625,394,176 Bytes frei

314

It would be great if anyone could help me...

Thanks a lot!

**Barrachiel** · 2008-12-07, 14:22

I did a logfile-check at hijackthis.de and it says that this two files are mallicious:

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Admin\AppData\Local\Temp\tuVNHywV.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Admin\AppData\Local\Temp\vtUmJDuV.dll,c

...what should I do now? Is it possible to identify the malware which infected me?

Thread: I've been infected by something...

Thread Tools

Display

I've been infected by something...

Posting Permissions