1.) Deinstalliere:

• Ad-Aware
• Ad-Aware
• Adobe Flash Player 10 Plugin
• Adobe Flash Player ActiveX
• Adobe Reader 7.1.0 - Deutsch
• FrostWire 4.17.2
• J2SE Runtime Environment 5.0 Update 10
• J2SE Runtime Environment 5.0 Update 11
• J2SE Runtime Environment 5.0 Update 5
• J2SE Runtime Environment 5.0 Update 8
• Java 2 Runtime Environment, SE v1.4.2_06
• Java(TM) 6 Update 7
• Java(TM) SE Runtime Environment 6 Update 1

2.) Installiere (Toolbars immer abwählen, Haken weg):

• Adobe Reader oder besser FoxIt Reader
• Adobe - Adobe Flash Player

3.) http://www.trojaner-board.de/51871-a...tispyware.html (Punkt 1-3 der Anleitung)

4.) Systemdetails mit RSIT prüfen

• Lade Random's System Information Tool (RSIT) von random/random herunter,
• speichere es auf Deinem Desktop.
• Starte mit Doppelklick die RSIT.exe.
• Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
• Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
• Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
• Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

ciao, andreas

SUPERAntiSpyware Scann-Protokoll
http://www.superantispyware.com

Generiert 05/06/2009 bei 11:35 PM

Version der Applikation : 4.26.1002

Version der Kern-Datenbank : 3880
Version der Spur-Datenbank : 1828

Scan Art : kompletter Scann
Totale Scann-Zeit : 03:04:43

Gescannte Speicherelemente : 498
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 6172
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 107908
Erfasste Datei-Elemente : 0

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-05-07 08:06:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 179 GB (75%) free of 238 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:06:50, on 07.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.de/s/v/21.13/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167295223515
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0445431-ADB4-41B2-8A17-D52CEDCC5763}: NameServer = 195.34.133.21 212.186.211.21
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe (file missing)

--
End of file - 6505 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre6\bin\ssv.dll [2009-03-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"type32"=C:\Programme\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"IntelliPoint"=C:\Programme\Microsoft IntelliPoint\point32.exe [2004-06-03 204800]
"FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2007-06-26 312320]
"avgnt"=C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe [2008-07-17 266497]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAST Defrag]
C:\PROGRA~1\FDF\FAST2.EXE [2005-08-24 97792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Firefox Preloader.lnk]
C:\PROGRA~1\FIREFO~1\FIREFO~1.EXE [2005-02-09 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3
"gusvc"=3
"gupdate1c98f9927b3e3e1"=2
"Apple Mobile Device"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95
"SpecifyDefaultButtons"=2
"Btn_Back"=1
"Btn_Forward"=1
"Btn_Stop"=1
"Btn_Refresh"=1
"Btn_Home"=1
"Btn_Search"=1
"Btn_History"=1
"Btn_Favorites"=1
"Btn_Media"=1
"Btn_MailNews"=1
"Btn_Print"=1
"Btn_Discussions"=1
"Btn_Edit"=1
"Btn_Folders"=2
"Btn_Fullscreen"=2
"Btn_Size"=2
"Btn_Cut"=2
"Btn_Copy"=2
"Btn_Paste"=2
"Btn_Encoding"=2
"Btn_Tools"=2
"NoWindowsUpdate"=0
"NoToolbarCustomize"=0
"NoBandCustomize"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programme\Windows Media Player\wmplayer.exe"="C:\Programme\Windows Media Player\wmplayer.exe:*:Enabled:wmplayer"
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ElectronicArts_Patcher_000.exe"="C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.6\cnc3game.dat"="C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.6\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.8\cnc3game.dat"="C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.8\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*isabled:@xpsp3res.dll,-20000"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programme\Corel\CorelDRAW Graphics Suite 13\Programs\CorelDRW.exe"="C:\Programme\Corel\CorelDRAW Graphics Suite 13\Programs\CorelDRW.exe:*:Enabled:CorelDRAW(R)"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX-Diagnoseprogramm"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*isabled:Skype"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*isabled:LimeWire"
"C:\Programme\FrostWire\FrostWire.exe"="C:\Programme\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*isabled:Bonjour"
"C:\Programme\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Programme\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*isabled:GPGNet - Supreme Commander"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*isabled:LimeWire swarmed installer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0555fb92-8860-11dc-85f6-001731803c73}]
shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0be01f36-c4c1-11db-85f3-000e5034074d}]
shell\AutoRun\command - F:\.\INTRO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{271ad114-fcb8-11db-8648-8a8cebf1e1f2}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd271e6-fcb5-11db-8647-c9e8ca3eacb5}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd271e7-fcb5-11db-8647-c9e8ca3eacb5}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd271e9-fcb5-11db-8647-c9e8ca3eacb5}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eea9812c-a24f-11db-8584-000e5034074d}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f282120e-09d8-11dc-8668-da33722d022c}]
shell\AutoRun\command - G:\AutoRun.exe


======List of files/folders created in the last 1 months======

2009-05-07 08:06:47 ----D---- C:\rsit
2009-05-07 08:05:42 ----D---- C:\WINDOWS\LastGood
2009-05-06 20:26:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-05-06 20:26:08 ----D---- C:\Programme\SUPERAntiSpyware
2009-05-06 20:26:08 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com
2009-05-06 20:25:14 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-05-06 20:17:52 ----D---- C:\Programme\Foxit Software
2009-05-06 20:17:52 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Foxit
2009-05-06 09:46:57 ----D---- C:\Programme\Trend Micro
2009-05-06 09:42:01 ----D---- C:\Avenger
2009-05-06 09:42:00 ----A---- C:\avenger.txt
2009-05-06 09:03:37 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2009-05-05 16:07:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-05 08:54:28 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-05-05 08:54:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-05-05 08:25:34 ----D---- C:\Programme\CCleaner
2009-04-19 19:39:35 ----D---- C:\Programme\Lavasoft
2009-04-19 19:39:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-04-17 18:11:07 ----A---- C:\WINDOWS\system32\msls2.dll
2009-04-17 18:10:20 ----D---- C:\Programme\Konvertor
2009-04-16 22:56:59 ----A---- C:\WINDOWS\system32\MRT.INI
2009-04-16 22:52:55 ----D---- C:\Programme\Incomplete
2009-04-09 21:47:28 ----D---- C:\$WIN_NT$.~BT
2009-04-09 19:24:25 ----RASH---- C:\BOOT.BAK
2009-04-09 18:29:08 ----A---- C:\WINDOWS\system32\VB5StKit.dll
2009-04-09 18:29:08 ----A---- C:\WINDOWS\ST5UNST.EXE

teil zwei:

======List of files/folders modified in the last 1 months======

2009-05-07 08:06:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-07 08:06:22 ----D---- C:\WINDOWS
2009-05-07 08:06:21 ----HD---- C:\WINDOWS\inf
2009-05-07 08:05:14 ----D---- C:\Programme\Mozilla Firefox
2009-05-07 08:04:33 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-07 08:04:32 ----D---- C:\WINDOWS\Temp
2009-05-06 20:26:10 ----SHD---- C:\WINDOWS\Installer
2009-05-06 20:26:10 ----D---- C:\Config.Msi
2009-05-06 20:26:08 ----D---- C:\Programme
2009-05-06 20:25:14 ----D---- C:\Programme\Gemeinsame Dateien
2009-05-06 20:13:04 ----D---- C:\Programme\Java
2009-05-06 20:13:02 ----D---- C:\WINDOWS\system32
2009-05-06 19:31:31 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-05-06 19:30:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-06 19:30:02 ----D---- C:\WINDOWS\system32\drivers
2009-05-06 09:52:31 ----SD---- C:\WINDOWS\Tasks
2009-05-06 09:52:31 ----D---- C:\Programme\Google
2009-05-05 08:31:41 ----D---- C:\WINDOWS\Minidump
2009-05-05 08:31:41 ----D---- C:\WINDOWS\Debug
2009-05-01 11:10:34 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-29 22:09:19 ----D---- C:\Programme\Gemeinsame Dateien\Dienste
2009-04-27 21:41:03 ----SHD---- C:\WINDOWS\CSC
2009-04-27 09:24:48 ----D---- C:\Programme\Aurelie
2009-04-19 19:22:44 ----D---- C:\Programme\Microsoft Bootvis
2009-04-19 18:57:36 ----D---- C:\WINDOWS\system32\C2MP
2009-04-19 18:57:30 ----RD---- C:\WINDOWS\Web
2009-04-19 18:57:30 ----HD---- C:\WINDOWS\ShellNew
2009-04-19 18:47:27 ----D---- C:\Programme\FDF
2009-04-18 21:14:06 ----D---- C:\temp
2009-04-18 18:22:30 ----D---- C:\Cad
2009-04-18 18:22:30 ----A---- C:\WINDOWS\Abisplan.ini
2009-04-18 16:54:01 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-04-17 23:21:09 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FrostWire
2009-04-13 20:43:36 ----D---- C:\Eigene Dateien
2009-04-12 11:23:29 ----D---- C:\Programme\Windows Media Player
2009-04-12 11:23:29 ----D---- C:\Programme\Windows Media Connect 2
2009-04-11 12:45:09 ----ASH---- C:\boot.ini
2009-04-11 12:28:11 ----A---- C:\WINDOWS\win.ini
2009-04-11 12:28:11 ----A---- C:\WINDOWS\system.ini
2009-04-10 19:41:28 ----A---- C:\WINDOWS\Abis3d.ini
2009-04-09 22:00:28 ----D---- C:\WINDOWS\pss
2009-04-09 21:47:28 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-04-09 19:24:13 ----D---- C:\WINDOWS\setup.pss
2009-04-09 19:06:43 ----D---- C:\WINDOWS\system32\MAGIX
2009-04-09 08:15:39 ----D---- C:\WINDOWS\Prefetch
2009-04-08 22:23:03 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avfwot;avfwot; C:\WINDOWS\system32\DRIVERS\avfwot.sys [2008-07-03 71592]
R1 avgio;avgio; \??\C:\Programme\Avira\Avira Premium Security Suite\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-11 75072]
R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-01-12 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-01-12 18048]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-02 229888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-27 93824]
R3 avfwim;AvFw Packet Filter Miniport; C:\WINDOWS\system32\DRIVERS\avfwim.sys [2008-07-03 71464]
R3 avgntflt;avgntflt; \??\C:\Programme\Avira\Avira Premium Security Suite\avgntflt.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 Hardlock;Hardlock; C:\WINDOWS\system32\drivers\Hardlock.sys [1999-10-14 125952]
S2 USB680x;USB Scanner; C:\WINDOWS\system32\DRIVERS\UScanner.SYS [2000-06-22 17332]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz129;cpuz129; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz_x32.sys []
S3 DVBLLC;DVB LLC Service; C:\WINDOWS\System32\Drivers\DVBLLC32.sys [2006-07-01 62080]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-03-01 88960]
S3 kncbda;KNC ONE BDA DVB-S2; C:\WINDOWS\system32\DRIVERS\kncbda32.sys [2007-01-04 84096]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2006-02-28 12288]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-16 47360]
S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2007-03-23 11776]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirFirewallService;Avira Premium Security Suite Firewall; C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-07-17 344321]
R2 AntiVirScheduler;Avira Premium Security Suite Planer; C:\Programme\Avira\Avira Premium Security Suite\sched.exe [2008-10-24 68865]
R2 AntiVirService;Avira Premium Security Suite Guard; C:\Programme\Avira\Avira Premium Security Suite\avguard.exe [2008-10-24 151297]
R2 antivirwebservice;Avira Premium Security Suite WebGuard; C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-07-17 258305]
R2 AVEService;Avira Premium Security Suite MailGuard Hilfsdienst; C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe [2008-07-17 41217]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe [2007-04-13 73728]
R2 Iprip;RIP-Überwachung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 SimpTcp;Einfache TCP/IP-Dienste; C:\WINDOWS\system32\tcpsvcs.exe [2006-02-28 19456]
S2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared files\RichVideo.exe []
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S2 W3SVC;WWW-Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Programme\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2006-02-28 19456]
S3 p2pgasvc;Peernetzwerk-Gruppenauthentifizierung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peernetzwerkidentitäts-Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peernetzwerk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Peer Name Resolution-Protokoll; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
S4 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-23 138168]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-05-07 08:06:52

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abisplan-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4096AE22-0F4E-477C-80B3-8864B7F8B1DA}\setup.exe" -l0x7 -removeonly
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AFPL Ghostscript 8.53-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.53\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\fonts\uninstal.txt"
Alpenvereinskarten Digital 2007-->"C:\Programme\Alpenverein\Alpenvereinskarten Digital 2007\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x7
Aurelie 1.9 -->C:\WINDOWS\uninstall\Aurelie\setup.exe
Avira Premium Security Suite-->C:\Programme\Avira\Avira Premium Security Suite\SETUP.EXE /REMOVE
Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x7 anything
Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x7 anything
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
Client für die Windows-Rechteverwaltung mit Service Pack 2-->MsiExec.exe /X{D2FEBD11-E587-4C41-AD33-0CD90D26A964}
Command & Conquer™ Alarmstufe Rot 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
DE-->MsiExec.exe /I{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}
FAST Defrag Freeware 2.3-->"C:\Programme\FDF\unins000.exe"
Firefox Preloader-->C:\Programme\FirefoxPreloader\unins000.exe
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
forteManager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1883A84D-94AA-432C-9519-FA31B6B118B9}\setup.exe" -l0x7 -removeonly
Foxit Reader-->C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp business inkjet 1100-->msiexec /x{242B9150-74EC-4606-AAB1-2F0C719378D7}
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Manual CanoScan LiDE 25-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{838BC0FB-4F8F-47B9-847F-06AE4CCE4181}\setup.exe" -l0x7
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Media Content-->MsiExec.exe /I{90300407-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.10)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 6 Ultra Edition-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroMIX-->C:\WINDOWS\UNNMIX.exe /UNINSTALL
Nikon FotoShare-->C:\Programme\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon Message Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x7 UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OEXtract 1.0 (Testversion)-->"C:\Programme\OEXtract\unins000.exe"
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpenAL-->"C:\Programme\OpenAL\oalinst.exe" /U
Picasa 3-->"C:\Programme\Google\Picasa3\Uninstall.exe"
PictureProject-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x7 UNINSTALL
POV-Ray for Windows v3.6.1b-->C:\PROGRA~1\POV-RA~1.6\unwise.exe C:\PROGRA~1\POV-RA~1.6\install.log
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Rückwärtskompatibilität des Clients für die Windows-Rechteverwaltung SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
SDK-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Security Update für Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x7 -removeonly
SPIF215 USB to SATA Bridge 98 Driver Installer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}\setup.exe" -l0x9 -removeonly
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Vidomi (remove only)-->"C:\Programme\Vidomi\uninst-Vidomi.exe"
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Programme\WinRAR\uninstall.exe

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (disabled)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (disabled)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira Premium Security Suite
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
FW: Avira Firewall

======System event log======

Computer Name: PC_HUBER
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IIS Admin" gesendet.

Record Number: 63047
Source Name: Service Control Manager
Time Written: 20090423161342.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: PC_HUBER
Event Code: 7036
Message: Dienst "HTTP-SSL" befindet sich jetzt im Status "Ausgeführt".

Record Number: 63046
Source Name: Service Control Manager
Time Written: 20090423161341.000000+120
Event Type: Informationen
User:

Computer Name: PC_HUBER
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "HTTP-SSL" gesendet.

Record Number: 63045
Source Name: Service Control Manager
Time Written: 20090423161341.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: PC_HUBER
Event Code: 7036
Message: Dienst "Universeller Plug & Play-Gerätehost" befindet sich jetzt im Status "Ausgeführt".

Record Number: 63044
Source Name: Service Control Manager
Time Written: 20090423161340.000000+120
Event Type: Informationen
User:

Computer Name: PC_HUBER
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Universeller Plug & Play-Gerätehost" gesendet.

Record Number: 63043
Source Name: Service Control Manager
Time Written: 20090423161340.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: PC_HUBER
Event Code: 0
Message: Service started

Record Number: 11981
Source Name: AntiVirFirewallService
Time Written: 20090430185844.000000+120
Event Type: Informationen
User:

Computer Name: PC_HUBER
Event Code: 2004
Message: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Record Number: 11980
Source Name: PerfNet
Time Written: 20090430082802.000000+120
Event Type: Fehler
User:

Computer Name: PC_HUBER
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 11979
Source Name: Avira AntiVir
Time Written: 20090430082757.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: PC_HUBER
Event Code: 105
Message: The service was started.

Record Number: 11978
Source Name: DTSRVC
Time Written: 20090430082754.000000+120
Event Type: Informationen
User:

Computer Name: PC_HUBER
Event Code: 0
Message: Service started

Record Number: 11977
Source Name: AntiVirFirewallService
Time Written: 20090430082753.000000+120
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

Da tummelt sich aber einiges, dass da nicht hingehört.

Falls du noch irgendetwas hast, dass du mit dem Computer verbindest, wie Speicherkarten, USB-Sticks, externe Festplatten, ... dann stecke alles an.

ComboFix

Achtung: Die Anleitung ist veraltet. Den Teil mit der Systemwiederherstellungskonsole nicht ausführen. Die wird bei Internetverbindung automatisch installiert.

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

• Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  
  Sollte sich ComboFix nicht starten lassen, dann benenne es um in cf.com und versuche es nocheinmal.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

ciao, andreas

soweit so gut! teil1

ComboFix 09-05-06.08 - Administrator 07.05.2009 17:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1652 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira Premium Security Suite *On-access scanning disabled* (Updated)
FW: Avira Firewall *enabled*
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Administrator\Anwendungsdaten\inst.exe
c:\windows\system32\Cache
c:\windows\system32\drivers\UACpjkdsxyl.sys
c:\windows\system32\UACbkrxoqvi.db
c:\windows\system32\UACctjixjgo.dll
c:\windows\system32\UACeiodoynm.dll
c:\windows\system32\UAChuijnoed.dll
c:\windows\system32\UAChxxtrwlg.log
c:\windows\system32\UACkayufvao.dll
c:\windows\system32\UAClvaptihx.log
c:\windows\system32\UACtoqmurcx.dll
c:\windows\system32\UACturrrlhe.log
c:\windows\system32\UACwkmfdnjc.dat
c:\windows\system32\UACxeddwyot.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip
-------\Service_UACd.sys


((((((((((((((((((((((( Dateien erstellt von 2009-04-07 bis 2009-05-07 ))))))))))))))))))))))))))))))
.

2009-05-07 06:06 . 2009-05-07 06:06 -------- d-----w C:\rsit
2009-05-06 18:26 . 2009-05-06 18:26 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-05-06 18:26 . 2009-05-06 18:26 -------- d-----w c:\programme\SUPERAntiSpyware
2009-05-06 18:26 . 2009-05-06 18:26 -------- d-----w c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com
2009-05-06 18:25 . 2009-05-06 18:25 -------- d-----w c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-05-06 18:17 . 2009-05-06 18:17 -------- d-----w c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Foxit
2009-05-06 18:17 . 2009-05-06 18:17 -------- d-----w c:\programme\Foxit Software
2009-05-06 07:46 . 2009-05-06 07:46 -------- d-----w c:\programme\Trend Micro
2009-05-06 07:03 . 2009-05-06 07:03 -------- d-----w c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2009-05-05 06:54 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 06:54 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 06:54 . 2009-05-05 06:54 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-05-05 06:54 . 2009-05-06 07:03 -------- d-----w c:\programme\Malwarebytes' Anti-Malware
2009-05-05 06:25 . 2009-05-05 06:25 -------- d-----w c:\programme\CCleaner
2009-04-19 17:39 . 2009-05-06 17:30 -------- d-----w c:\programme\Lavasoft
2009-04-19 17:39 . 2009-04-19 17:39 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-04-17 16:11 . 2002-06-19 10:19 91136 ----a-w c:\windows\system32\msls2.dll
2009-04-17 16:10 . 2009-04-18 19:07 -------- d-----w c:\programme\Konvertor
2009-04-16 20:52 . 2009-04-20 19:39 -------- d-----w c:\programme\Incomplete
2009-04-09 19:47 . 2009-04-09 19:47 -------- d-----w C:\$WIN_NT$.~BT
2009-04-09 16:29 . 2000-01-28 22:39 40960 ----a-w c:\windows\system32\VB5StKit.dll
2009-04-09 16:29 . 1997-01-20 16:12 71680 ----a-w c:\windows\ST5UNST.EXE

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 18:13 . 2006-12-27 13:23 -------- d-----w c:\programme\Java
2009-05-06 17:31 . 2007-01-23 13:05 -------- d-----w c:\programme\Gemeinsame Dateien\Adobe
2009-05-06 08:13 . 2007-01-23 15:55 3454 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-06 07:52 . 2006-12-27 13:23 -------- d-----w c:\programme\Google
2009-04-29 20:09 . 2006-12-27 12:40 -------- d-----w c:\programme\Gemeinsame Dateien\Dienste
2009-04-27 07:24 . 2007-12-03 08:49 -------- d-----w c:\programme\Aurelie
2009-04-19 17:22 . 2008-02-27 16:41 -------- d-----w c:\programme\Microsoft Bootvis
2009-04-19 16:47 . 2008-06-24 15:05 -------- d-----w c:\programme\FDF
2009-04-12 09:23 . 2006-12-27 13:38 -------- d-----w c:\programme\Windows Media Connect 2
2009-04-09 16:36 . 2007-09-03 09:31 1324 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-29 18:52 . 2003-04-02 12:00 498184 ----a-w c:\windows\system32\perfh007.dat
2009-03-29 18:52 . 2003-04-02 12:00 101252 ----a-w c:\windows\system32\perfc007.dat
2009-03-27 12:54 . 2006-12-27 13:07 -------- d--h--w c:\programme\InstallShield Installation Information
2009-03-27 12:52 . 2009-02-10 16:30 -------- d-----w c:\programme\Gothic III
2009-03-27 12:31 . 2007-06-06 17:47 20 ---h--w c:\dokumente und einstellungen\All Users\Anwendungsdaten\PKP_DLec.DAT
2009-03-15 22:05 . 2008-06-23 09:25 -------- d-----w c:\programme\Electronic Arts
2009-03-09 03:19 . 2008-11-23 11:32 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-09 14:04 . 2006-02-28 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2007-07-06 19:16 . 2007-07-06 19:16 56 --sha-r c:\windows\system32\08100C01AC.sys
.

------- Sigcheck -------

[-] 2006-02-28 12:00 14336 65A819B121EB6FDAB4400EA42BDFFE64 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 02:23 14336 4FBC75B74479C7A6F829E0CA19DF3366 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 02:23 14336 4FBC75B74479C7A6F829E0CA19DF3366 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 578560 4C90159A69A5FD3EB39C71411F28FCFF c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 579584 78785EFF8CB90CEC1862A4CCFD9A3C3A c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2006-02-28 12:00 578560 56785FD5236D7B22CF471A6DA9DB46D8 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-14 02:22 580096 B0050CC5340E3A0760DD8B417FF7AEBD c:\windows\ServicePackFiles\i386\user32.dll
[-] 2005-03-02 18:09 578560 3751D7CF0E0A113D84414992146BCE6A c:\windows\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2gdr\user32.dll
[-] 2007-03-08 15:36 579072 492E166CFD26A50FB9160DB536FF7D2B c:\windows\SoftwareDistribution\Download\e3b9e8cd6239a53ea3486ac0e70fdfac\sp2gdr\user32.dll
[-] 2007-03-08 15:48 579584 78785EFF8CB90CEC1862A4CCFD9A3C3A c:\windows\SoftwareDistribution\Download\e3b9e8cd6239a53ea3486ac0e70fdfac\sp2qfe\user32.dll
[-] 2008-04-14 02:22 580096 B0050CC5340E3A0760DD8B417FF7AEBD c:\windows\system32\user32.dll

[-] 2006-02-28 12:00 82944 D569240A22421D5F670BB6FB6DD522B5 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 02:22 82432 6A35E2D6F5F052C84EC2CEB296389439 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 02:22 82432 6A35E2D6F5F052C84EC2CEB296389439 c:\windows\system32\ws2_32.dll

[-] 2006-10-23 15:34 670208 47BBFEB4909D45064A992C3068610B06 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:02 670720 04A670155A6D86DFBF562F45544E1908 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2007-02-19 15:22 671232 E2CB4D46FF3638BFF234AE4253BC6430 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2007-03-07 17:34 823296 4EF1AE9A4D801AB63EC752478247BFCE c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 08:26 823808 26DB81279FED58D5199235C26D4836E2 c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 14:12 824320 17D39B59E2E3740058AE3FBCD432CEDE c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 16:14 672768 878F506D7F69E06BCCDC86C2A4D17633 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[-] 2008-06-23 15:10 671744 978542595CF09A86E2EF60552A35C937 c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 14:55 672256 6432638B5CE374D912C0C4F2A9F03DAE c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-08-20 05:33 673280 66AF60C255953898C67993CD665A2D22 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[-] 2008-08-20 05:08 671744 C5326257F4FEE83E24B06CD4BC08EBA2 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 05:06 672256 503D9BE987B9A3964816FED082F45771 c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-10-16 01:03 672768 7DBE34DA22CAB4BE922638540048379F c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-08-20 05:35 665088 53163D419C4780F65C114E746FAE1E49 c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2008-04-14 02:22 671744 B4AEE98A48917B274FACFB78BBE0BC84 c:\windows\$NtUninstallKB953838$\wininet.dll
[-] 2006-02-28 12:00 662016 B1A1DA99C4A6EBFD59F86A453BF02F39 c:\windows\$NtUninstallKB953838_0$\wininet.dll
[-] 2008-06-23 15:10 671744 978542595CF09A86E2EF60552A35C937 c:\windows\$NtUninstallKB956390$\wininet.dll
[-] 2008-06-23 15:38 665088 1B540E19ADC30A53C8410DCBBAB1EF53 c:\windows\$NtUninstallKB956390_0$\wininet.dll
[-] 2008-08-20 05:08 671744 C5326257F4FEE83E24B06CD4BC08EBA2 c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2007-02-19 15:03 664576 8D4066F7D4AC8A6174C3DD00311CC042 c:\windows\ie7\wininet.dll
[-] 2006-11-07 19:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2007-03-07 17:40 822784 C601BD2849927D44F8549F720CFA14D3 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-04-25 07:42 822784 4E9436B0301B0451ED2FB29364AB090F c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2008-04-14 02:22 671744 B4AEE98A48917B274FACFB78BBE0BC84 c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-08-22 13:13 664576 8D3CCA79F45918F6164B5BE5A3364B19 c:\windows\SoftwareDistribution\Download\3beb0aeb33f58fa8fe5f8edf680d5498\sp2gdr\wininet.dll
[-] 2007-08-22 12:56 671232 D6140D5095E62BD609DF3201C7B854AC c:\windows\SoftwareDistribution\Download\3beb0aeb33f58fa8fe5f8edf680d5498\sp2qfe\wininet.dll
[-] 2008-08-20 05:35 665088 53163D419C4780F65C114E746FAE1E49 c:\windows\SoftwareDistribution\Download\50803aecb85c11020a83a463f2e201fd\sp2gdr\wininet.dll
[-] 2008-08-20 05:33 673280 66AF60C255953898C67993CD665A2D22 c:\windows\SoftwareDistribution\Download\50803aecb85c11020a83a463f2e201fd\sp2qfe\wininet.dll
[-] 2008-08-20 05:08 671744 C5326257F4FEE83E24B06CD4BC08EBA2 c:\windows\SoftwareDistribution\Download\50803aecb85c11020a83a463f2e201fd\sp3gdr\wininet.dll
[-] 2008-08-20 05:06 672256 503D9BE987B9A3964816FED082F45771 c:\windows\SoftwareDistribution\Download\50803aecb85c11020a83a463f2e201fd\sp3qfe\wininet.dll
[-] 2007-12-07 01:06 665088 84E9262ED72810CFF255BEFD188D4038 c:\windows\SoftwareDistribution\Download\5196d7f46900f46bf7afb26dbdeff466\sp2gdr\wininet.dll
[-] 2007-12-07 00:46 671744 273F4B37B80C8D398713A88B788FE59B c:\windows\SoftwareDistribution\Download\5196d7f46900f46bf7afb26dbdeff466\sp2qfe\wininet.dll
[-] 2008-04-21 07:01 665088 FBED32C104BD9410E2DA2D3AC1CE4008 c:\windows\SoftwareDistribution\Download\6c3cd71963a57fb075df0315e528a9fd\sp2gdr\wininet.dll
[-] 2008-04-21 06:56 672256 018ADED93507A4AEA4F55741863DBC9E c:\windows\SoftwareDistribution\Download\6c3cd71963a57fb075df0315e528a9fd\sp2qfe\wininet.dll
[-] 2008-04-21 06:42 671744 11D26D87E041000EA4C0128CD0010F7A c:\windows\SoftwareDistribution\Download\6c3cd71963a57fb075df0315e528a9fd\sp3gdr\wininet.dll
[-] 2008-04-21 06:24 672256 645A4A4884EB5EB8453C01531FCBEC3A c:\windows\SoftwareDistribution\Download\6c3cd71963a57fb075df0315e528a9fd\sp3qfe\wininet.dll
[-] 2008-02-16 08:59 665088 34B6EE86F286B2595539E1617962256D c:\windows\SoftwareDistribution\Download\8081082493a4c421941d373e4716ca4d\sp2gdr\wininet.dll
[-] 2008-02-16 09:30 671744 6C49192217DF0509BC6A576535545529 c:\windows\SoftwareDistribution\Download\8081082493a4c421941d373e4716ca4d\sp2qfe\wininet.dll
[-] 2007-10-11 06:12 665088 DC532B5BD08E02DF13C9F166D0F4F73B c:\windows\SoftwareDistribution\Download\86ac1600338091b137527e1fb0e9bc9f\sp2gdr\wininet.dll
[-] 2007-10-11 05:58 671744 6BE2CDDC28610D9E73E54678A131B253 c:\windows\SoftwareDistribution\Download\86ac1600338091b137527e1fb0e9bc9f\sp2qfe\wininet.dll
[-] 2007-06-26 14:09 664576 235369F1CB42B6DF354A40586DE1C4B8 c:\windows\SoftwareDistribution\Download\a3d099e3f93fcbf431a3623b6610ac46\sp2gdr\wininet.dll
[-] 2007-06-26 14:39 671232 8FFB79A006666912364801AE679E618E c:\windows\SoftwareDistribution\Download\a3d099e3f93fcbf431a3623b6610ac46\sp2qfe\wininet.dll
[-] 2008-10-16 01:00 671744 10A2C485838D5B95CCF7905E21E9A80A c:\windows\system32\wininet.dll
[-] 2008-10-16 01:00 671744 10A2C485838D5B95CCF7905E21E9A80A c:\windows\system32\dllcache\wininet.dll

[-] 2006-06-13 19:32 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2006-02-28 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\SoftwareDistribution\Download\28401d44e28d5fe988966badd69aee22\sp2gdr\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\SoftwareDistribution\Download\2ad3df909e43001c668b20ec211136d0\sp2gdr\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\SoftwareDistribution\Download\2ad3df909e43001c668b20ec211136d0\sp2qfe\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2006-02-28 12:00 507392 2B6A0BAF33A9918F09442D873848FF72 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 02:23 513024 F09A527B422E25C478E38CAA0E44417A c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 02:23 513024 F09A527B422E25C478E38CAA0E44417A c:\windows\system32\winlogon.exe

[-] 2006-02-28 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2006-02-28 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 09:11 2059264 AE8364004BBFD70461D2EF34888D3360 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 18:43 2061696 D3767E1A7E6674CE671A8A8254945C29 c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:06 2061696 9B9CA27AD315C02B71510238574894B2 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 13:36 2065280 8F54D426024BC7E45A6F32253BBB572E c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 13:19 2068352 326C258774EB791E78FEA8A9E14D5C3E c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 17:22 2068352 C789B5AEA9AB71C5BEF6DD568F744842 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 13:42 2018304 A13D8649ECBF1445B0B0DE569EE04609 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-04-14 02:00 2026496 FEFB3BDA35CF469809B0C89AB6833AFC c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2006-02-28 12:00 2017792 F8D35488D41B19A306A454FFC0ED0336 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2008-08-14 13:19 2068352 326C258774EB791E78FEA8A9E14D5C3E c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:00 2068224 E51980EF65CED4490A7395A06C08DA34 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2005-03-02 18:06 2059136 BDFF8FFA77EE7DF9758EF8C1E0DA8EFF c:\windows\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2gdr\ntkrnlpa.exe
[-] 2007-02-28 16:02 2059904 06EFFE1520C59641FCDB8BAA94A8539F c:\windows\SoftwareDistribution\Download\11efef85c647d58f6963c8359b202b46\sp2gdr\ntkrnlpa.exe
[-] 2009-02-09 11:47 2060032 388823CCBA5AAA6FF70F04101EB1479E c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP2GDR\ntkrnlpa.exe
[-] 2009-02-09 11:39 2065280 84C1C109552E9E276FF004E181B80C25 c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP2QFE\ntkrnlpa.exe
[-] 2009-02-10 17:03 2068352 321917CFF934663C48C1E91A930E5D71 c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 11:14 2068480 1F9DA92672B8B5720C5FB1E87D8F249F c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP3QFE\ntkrnlpa.exe
[-] 2005-03-02 18:06 2059136 BDFF8FFA77EE7DF9758EF8C1E0DA8EFF c:\windows\SoftwareDistribution\Download\S-1-5-18\95179541d10a2c1a31b6eec7c12665e6\backup\sp2gdr\ntkrnlpa.exe
[-] 2004-08-03 22:50 2059136 CE41FC4C06499A389D39B301879535FB c:\windows\SoftwareDistribution\Download\S-1-5-18\95179541d10a2c1a31b6eec7c12665e6\backup\sp2qfe\ntkrnlpa.exe
[-] 2008-08-14 13:19 2026496 13334FAF18AB3B9083B8DD8A668B8BB6 c:\windows\system32\ntkrnlpa.exe
[-] 2008-08-14 13:19 2068352 326C258774EB791E78FEA8A9E14D5C3E c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 18:11 2181888 EB5538A452E0E99169E2B6CDB62FF9D2 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 18:43 2184320 00C476049FECF1D3A05C783015B9B518 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:06 2184448 E1DE7A10D46959560C3B617227D95C19 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 13:36 2188288 C7153F3F41C63C8CB912E973F2780495 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 13:19 2191488 934FBEA25F8DE017ABFC6169B8446D94 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 17:22 2191488 59282EFE7147C011530E51FF92BA86AC c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 13:42 2138624 04876E6755E505B76CE1BBB7816B1BF4 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-04-14 01:59 2147840 88077F757C6C793C33408D878B6E0F76 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2006-02-28 12:00 2150912 C3EC5DD56E3EB15D80AF9FCEE030CABD c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2008-08-14 13:19 2191488 934FBEA25F8DE017ABFC6169B8446D94 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:00 2191360 354C9291513BCE4D0ED6B0C6A15470F8 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2005-03-02 18:06 2181632 7189A2391ADC1F65C9AE87B0ABE0F945 c:\windows\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2gdr\ntoskrnl.exe
[-] 2007-02-28 16:02 2182656 2804B72EB675CD43DF7994AE4685B894 c:\windows\SoftwareDistribution\Download\11efef85c647d58f6963c8359b202b46\sp2gdr\ntoskrnl.exe
[-] 2009-02-09 11:47 2182784 61AE4B9B378CD5B0B2D4BA7346991263 c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP2GDR\ntoskrnl.exe
[-] 2009-02-09 11:39 2188416 E22124EC3A33F40755DCD2F4B1BE8A87 c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 11:21 2191360 FEE1600B76B196D9993CD468DA7524F7 c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP3GDR\ntoskrnl.exe
[-] 2009-02-10 17:12 2191488 D3453310FC92736E674FFDC6E3F455B7 c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP3QFE\ntoskrnl.exe
[-] 2005-03-02 18:06 2181632 7189A2391ADC1F65C9AE87B0ABE0F945 c:\windows\SoftwareDistribution\Download\S-1-5-18\95179541d10a2c1a31b6eec7c12665e6\backup\sp2gdr\ntoskrnl.exe
[-] 2004-08-03 22:50 2183296 DC888C9C4CA0EEA7A3CB7E6B610F75C7 c:\windows\SoftwareDistribution\Download\S-1-5-18\95179541d10a2c1a31b6eec7c12665e6\backup\sp2qfe\ntoskrnl.exe
[-] 2008-08-14 13:19 2147840 5961DD3AEC44962A76F0D8D895C172F1 c:\windows\system32\ntoskrnl.exe
[-] 2008-08-14 13:19 2191488 934FBEA25F8DE017ABFC6169B8446D94 c:\windows\system32\dllcache\ntoskrnl.exe

Dauert es tatsächlich mehr als 3 Stunden den zweiten Teil zu posten?

ciao, andreas

da hat was nicht hingehauen...soll ich von vorn nochmal combo fix durchführen?

Nein, du sollst nur das Log vollständig posten oder beim Filehoster hochladen und Link posten. Du kannst es auch in mehreren Teilen posten, aber ich muss das komplette Log haben. Du findest es unter

Start => Ausführen => C:\combofix.txt

ciao, andreas

[-] 2008-04-14 02:22 1036800 418045A93CD87A352098AB7DABE1B53E c:\windows\explorer.exe
[-] 2007-06-13 13:10 1036288 331ED93570BAF3CFE30340298762CD56 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2006-02-28 12:00 1035264 22FE1BE02EADDE1632E478E4125639E0 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 02:22 1036800 418045A93CD87A352098AB7DABE1B53E c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 13:21 1036288 64D320C0E301EEDC5A4ADBBDC5024F7F c:\windows\SoftwareDistribution\Download\e94b50580b3d9c69a3c27b7653239432\sp2gdr\explorer.exe

[-] 2006-02-28 12:00 108544 EDB6B81761BD60F32F740BBC40AFB676 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 02:22 109056 4BB6A83640F1D1792AD21CE767B621C6 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 10:04 111104 65F6B774819BD727358157CEDEA67B8E c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP2GDR\services.exe
[-] 2009-02-09 09:48 111104 A07CA23EA361A01E627D911CF139B950 c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP2QFE\services.exe
[-] 2009-02-09 11:21 111104 A3EDBE9053889FB24AB22492472B39DC c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP3GDR\services.exe
[-] 2009-02-09 11:14 111104 F0A7D59AF279326528715B206669B86C c:\windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP3QFE\services.exe
[-] 2008-04-14 02:22 109056 4BB6A83640F1D1792AD21CE767B621C6 c:\windows\system32\services.exe

[-] 2006-02-28 12:00 13312 183805EB05BCA5A1E4AAAED4D2BE3690 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 02:22 13312 AFB8261B56CBA0D86AEB6DF682AF9785 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 02:22 13312 AFB8261B56CBA0D86AEB6DF682AF9785 c:\windows\system32\lsass.exe

[-] 2006-02-28 12:00 15360 7CE20569925DF6789C31799F0C538F29 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 02:22 15360 01B4E6E990B6C5EA8856D96C7FD044B2 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 02:22 15360 01B4E6E990B6C5EA8856D96C7FD044B2 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2006-02-28 12:00 57856 54E7113A4BD696E430919BCAF5C65E06 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2008-04-14 02:23 57856 39356A9CDB6753A6D13A4072A9F5A4BB c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\SoftwareDistribution\Download\2901b827758fc52142f0525729c6aeca\sp2gdr\spoolsv.exe
[-] 2008-04-14 02:23 57856 39356A9CDB6753A6D13A4072A9F5A4BB c:\windows\system32\spoolsv.exe

[-] 2006-02-28 12:00 25088 D1E53DC57143F2584B1DD53B036C0633 c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 02:23 26624 788F95312E26389D596C0FA55834E106 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 02:23 26624 788F95312E26389D596C0FA55834E106 c:\windows\system32\userinit.exe

[-] 2004-08-03 23:57 297472 1850BC10DE5DCCCEDE063FC2D0F2CEDA c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 02:22 297472 B7DE02C863D8F5A005A7BF375375A6A4 c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 02:22 297472 B7DE02C863D8F5A005A7BF375375A6A4 c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 1058816 0BEFE0BF274818EC0785B7B842967313 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:09 1059840 5D0974BD58808FACA5D2C437B6FC8D85 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2006-02-28 12:00 1057280 E6CD85D0D37416CF138F01F4BB0FC872 c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2008-04-14 02:22 1063424 4C897C69754D88F496339B1A666907C1 c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 15:53 1058304 8EEA8280A1E0E794EDFCCAD3721C7CAB c:\windows\SoftwareDistribution\Download\26305e742673f6bf3b6cce01b172d797\sp2gdr\kernel32.dll
[-] 2008-04-14 02:22 1063424 4C897C69754D88F496339B1A666907C1 c:\windows\system32\kernel32.dll

[-] 2006-02-28 12:00 17408 5604574D490B798BD9A946B021A766AD c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 02:22 17408 C8C0BDABC966B6C24D337DF0A0A399E1 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 02:22 17408 C8C0BDABC966B6C24D337DF0A0A399E1 c:\windows\system32\powrprof.dll

[-] 2006-02-28 12:00 110080 94101D13A1818A9D08337EEC12ED277A c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 02:22 110080 F9954695D246B33A5BF105029A4C6AB6 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 02:22 110080 F9954695D246B33A5BF105029A4C6AB6 c:\windows\system32\imm32.dll

[-] 2006-02-28 12:00 1548288 80F7B7198B869C07C98627AF812D68B6 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 02:22 1571840 5251425B86EA4A3532B8BB8D14044E61 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 02:22 1571840 5251425B86EA4A3532B8BB8D14044E61 c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\programme\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"IntelliPoint"="c:\programme\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"avgnt"="c:\programme\Avira\Avira Premium Security Suite\avgnt.exe" [2008-07-17 266497]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 2 (0x2)
"Btn_Back"= 1 (0x1)
"Btn_Forward"= 1 (0x1)
"Btn_Stop"= 1 (0x1)
"Btn_Refresh"= 1 (0x1)
"Btn_Home"= 1 (0x1)
"Btn_Search"= 1 (0x1)
"Btn_History"= 1 (0x1)
"Btn_Favorites"= 1 (0x1)
"Btn_Media"= 1 (0x1)
"Btn_MailNews"= 1 (0x1)
"Btn_Print"= 1 (0x1)
"Btn_Discussions"= 1 (0x1)
"Btn_Edit"= 1 (0x1)
"Btn_Folders"= 2 (0x2)
"Btn_Fullscreen"= 2 (0x2)
"Btn_Size"= 2 (0x2)
"Btn_Cut"= 2 (0x2)
"Btn_Copy"= 2 (0x2)
"Btn_Paste"= 2 (0x2)
"Btn_Encoding"= 2 (0x2)
"Btn_Tools"= 2 (0x2)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Firefox Preloader.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Firefox Preloader.lnk
backup=c:\windows\pss\Firefox Preloader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c98f9927b3e3e1"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\MSN Messenger\\livecall.exe"=
"c:\\Programme\\Corel\\CorelDRAW Graphics Suite 13\\Programs\\CorelDRW.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:UDP"= 1755:UDP:*isabled:fm4
"554:UDP"= 554:UDP:*isabled:fm4
"554:TCP"= 554:TCP:*isabled:fm4
"3587:TCP"= 3587:TCP:Windows-Peer-zu-Peer-Gruppierung
"3540:UDP"= 3540:UDP:Peer Name Resolution-Protokoll (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [03.07.2008 23:24 71592]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [28.04.2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [28.04.2009 11:33 72944]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\programme\Avira\Avira Premium Security Suite\avfwsvc.exe [03.07.2008 23:23 344321]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\programme\Avira\Avira Premium Security Suite\avwebgrd.exe [03.07.2008 23:24 258305]
R2 AVEService;Avira Premium Security Suite MailGuard Hilfsdienst;c:\programme\Avira\Avira Premium Security Suite\avesvc.exe [03.07.2008 23:23 41217]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [03.07.2008 23:24 71464]
R3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [28.04.2009 11:33 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 USB680x;USB Scanner;c:\windows\system32\drivers\UScanner.SYS [22.06.2000 10:42 17332]
S3 cpuz129;cpuz129;\??\c:\dokume~1\ADMINI~1\LOKALE~1\Temp\cpuz_x32.sys --> c:\dokume~1\ADMINI~1\LOKALE~1\Temp\cpuz_x32.sys [?]
S3 DVBLLC;DVB LLC Service;c:\windows\system32\drivers\DVBLLC32.sys [27.12.2006 15:19 62080]
S3 kncbda;KNC ONE BDA DVB-S2;c:\windows\system32\drivers\kncbda32.sys [29.11.2006 10:00 84096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0555fb92-8860-11dc-85f6-001731803c73}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0be01f36-c4c1-11db-85f3-000e5034074d}]
\Shell\AutoRun\command - f:\.\INTRO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{271ad114-fcb8-11db-8648-8a8cebf1e1f2}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd271e6-fcb5-11db-8647-c9e8ca3eacb5}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd271e7-fcb5-11db-8647-c9e8ca3eacb5}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd271e9-fcb5-11db-8647-c9e8ca3eacb5}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eea9812c-a24f-11db-8584-000e5034074d}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f282120e-09d8-11dc-8668-da33722d022c}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Inhalt des "geplante Tasks" Ordners

2009-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\hijhfb99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 19:14
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1390067357-725345543-500\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\programme\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1960)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\Avira Premium Security Suite\sched.exe
c:\programme\Avira\Avira Premium Security Suite\avguard.exe
c:\programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-05-07 19:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-05-07 17:19

Vor Suchlauf: 26 Verzeichnis(se), 187.763.585.024 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 188.530.249.728 Bytes frei

Current=6 Default=6 Failed=2 LastKnownGood=7 Sets=1,2,3,4,5,6,7
426 --- E O F --- 2009-05-07 15:07

1.) Deinstalliere (Start=>Einstellungen=>Systemsteuerung=>Software):

• SuperAntiSpyware
• Apple Software Update

2.) Scripten mit Combofix

• Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Code: Alles auswählenAufklappen

ATTFilter

KILLALL::

Driver::
Lbd
cpuz129

RegNull::
[HKEY_USERS\S-1-5-21-1708537768-1390067357-725345543-500\RemoteAccess\Profile\x *]

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[-HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=-
"gupdate1c98f9927b3e3e1"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0555fb92-8860-11dc-85f6-001731803c73}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0be01f36-c4c1-11db-85f3-000e5034074d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{271ad114-fcb8-11db-8648-8a8cebf1e1f2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd271e6-fcb5-11db-8647-c9e8ca3eacb5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd271e7-fcb5-11db-8647-c9e8ca3eacb5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd271e9-fcb5-11db-8647-c9e8ca3eacb5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eea9812c-a24f-11db-8584-000e5034074d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f282120e-09d8-11dc-8668-da33722d022c}]

Folder::
C:\Avenger
c:\Rsit
c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
c:\programme\SUPERAntiSpyware
c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com
c:\programme\Lavasoft
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
C:\$WIN_NT$.~BT
C:\Config.Msi

File::
C:\avenger.txt
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\system32\perfh007.dat
c:\windows\system32\perfc007.dat
C:\WINDOWS\UPGRADE.TXT

DirLook::
C:\Programme\Incomplete
C:\temp
C:\Cad
         

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

• Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!

• Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

die log datei ist im word 175 seiten lang, der text ist entweder zu lang oder die datei zu groß!?

Zitat:

die log datei ist im word

Das Log nicht mit Word sondern mit dem Editor (Start=>Ausführen=>notepad=>OK) öffnen, speichern, bei einem Filehoster (z.B. www.materialordner.de) hochladen und hier den Link posten.

ciao, andreas

http://www.materialordner.de/Q5S4fQ1KVVWp126qg1DTX9xyr6T35WI.html