Trojaner eingefangen? Browser und Programme spinnen

Wolfizero · 18.02.2010, 09:58

Ok, ComboFix ausgeführt, hier der/die/das Log:

ComboFix 10-02-12.01 - Wolfi 18.02.2010 9:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.884 [GMT 1:00]
ausgeführt von:: c:\users\Wolfi\Downloads\Cofi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
C:\install.exe
c:\users\Wolfi\Documents\REg_Backup_171009.reg
c:\users\Wolfi\Documents\RegistrierungssicherungM„rz.reg
c:\users\Wolfi\tueroif.exe
c:\users\Wolfi\tuoco.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\Data
c:\windows\system32\Documents .lnk
c:\windows\system32\Music .lnk
c:\windows\system32\New Folder .lnk
c:\windows\system32\Passwords .lnk
c:\windows\system32\Pictures .lnk
c:\windows\system32\setup.ini
c:\windows\system32\Video .lnk

Infizierte Kopie von c:\windows\system32\drivers\atapi.sys wurde gefunden und desinfiziert
Kopie von - c:\cofi\HarddiskVolumeShadowCopy9_!Windows!System32!drivers!atapi.sys wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-01-18 bis 2010-02-18 ))))))))))))))))))))))))))))))
.

2010-02-18 08:34 . 2010-02-18 08:35 -------- d-----w- c:\users\Wolfi\AppData\Local\temp
2010-02-18 08:34 . 2010-02-18 08:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-17 15:49 . 2010-02-17 15:49 -------- d-----w- C:\rsit
2010-02-16 17:08 . 2010-02-16 17:08 -------- d-----w- C:\!KillBox
2010-02-16 16:36 . 2010-02-16 16:36 -------- d-----w- c:\programdata\WindowsSearch
2010-02-16 16:32 . 2010-02-16 16:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-16 16:32 . 2010-02-16 16:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-16 16:32 . 2010-02-16 16:32 -------- d-----w- c:\users\Wolfi\AppData\Roaming\SUPERAntiSpyware.com
2010-02-16 16:28 . 2010-02-16 16:28 -------- d-----w- C:\GPs
2010-02-16 16:26 . 2010-02-16 16:28 -------- d-----w- C:\Guitar Pro 5.0
2010-02-16 15:19 . 2010-02-16 16:59 -------- d-----w- c:\users\Wolfi\AppData\Roaming\QuickScan
2010-02-16 14:49 . 2010-02-16 14:49 -------- d-----w- c:\program files\Trend Micro
2010-02-16 14:30 . 2010-02-16 14:30 -------- d-----w- c:\users\Wolfi\AppData\Roaming\AVG8
2010-02-16 14:26 . 2010-02-17 14:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-16 14:26 . 2010-02-17 08:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-16 09:43 . 2010-02-16 09:21 64512 --sh--r- c:\windows\system32\tuoco.exe
2010-02-16 09:43 . 2010-02-16 07:21 64512 --sh--r- c:\windows\system32\tueroif.exe
2010-02-16 09:21 . 2010-02-16 09:21 64512 --sh--r- c:\windows\system32\tuoco.scr
2010-02-16 08:35 . 2010-02-16 08:35 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Malwarebytes
2010-02-16 08:35 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 08:34 . 2010-02-16 14:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 08:34 . 2010-02-16 08:34 -------- d-----w- c:\programdata\Malwarebytes
2010-02-16 08:34 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-16 08:31 . 2010-02-16 08:31 -------- d-----w- c:\program files\CCleaner
2010-02-16 07:22 . 2010-02-16 07:45 -------- d-----w- c:\program files\Bethesda Softworks
2010-02-16 07:21 . 2010-02-16 07:21 64512 --sh--r- c:\windows\system32\tueroif.scr
2010-02-16 05:56 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-16 05:56 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-16 05:56 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-16 05:56 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-16 05:01 . 2010-02-16 05:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-16 04:54 . 2010-02-16 08:58 -------- d-----w- C:\Fallout 3 DVD
2010-02-16 03:51 . 2010-02-16 03:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-16 02:55 . 2010-02-16 02:56 -------- d-----w- C:\40966214c097f7e22a
2010-02-15 16:24 . 2010-02-15 16:24 -------- d-----w- c:\users\Wolfi\AppData\Local\Fallout3
2010-02-15 16:21 . 2010-02-15 16:21 -------- d-----w- C:\inetpub
2010-02-15 13:48 . 2010-02-15 13:48 -------- d-----w- c:\programdata\Fallout3
2010-02-15 13:39 . 2010-02-15 13:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-10 19:13 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 19:13 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 19:13 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 19:13 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-09 19:32 . 2010-02-09 19:32 -------- d-----w- c:\programdata\Creative Labs
2010-02-08 23:58 . 2010-02-08 23:58 -------- d-----w- c:\programdata\2DBoy
2010-02-08 23:57 . 2010-02-08 23:58 -------- d-----w- C:\WorldOfGoo
2010-02-08 19:48 . 2010-02-01 12:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-08 19:48 . 2010-02-01 11:57 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-02-08 19:48 . 2010-02-01 11:57 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-08 19:48 . 2010-02-08 19:48 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-08 19:48 . 2010-02-08 19:48 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-08 16:13 . 2009-04-02 10:33 2873820 ------w- c:\windows\system32\Sens_oal.dll
2010-02-08 16:12 . 2010-02-08 16:12 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-02-08 16:11 . 2009-07-10 08:07 166912 ----a-w- c:\windows\system32\APOMngr.DLL
2010-02-08 16:11 . 2009-02-06 17:52 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-02-07 14:41 . 2010-02-07 14:41 -------- d-----w- C:\EA SPORTS
2010-02-07 14:32 . 2010-02-07 14:32 -------- d-----w- c:\programdata\EA Logs
2010-02-07 01:04 . 2010-02-07 01:33 -------- d-----w- C:\FM10 DVD
2010-02-07 00:00 . 2010-02-07 00:00 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-06 23:58 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-02-06 23:57 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-06 23:57 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-06 23:57 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-06 20:22 . 2010-02-06 20:22 -------- d-----w- C:\Electronic Arts
2010-02-06 19:50 . 2010-02-06 19:51 -------- d-----w- c:\program files\NSIS
2010-02-06 18:51 . 2010-02-06 18:52 -------- d-----w- c:\windows\system32\ca-ES
2010-02-06 18:51 . 2010-02-06 18:52 -------- d-----w- c:\windows\system32\eu-ES
2010-02-06 18:51 . 2010-02-06 18:52 -------- d-----w- c:\windows\system32\vi-VN
2010-02-06 18:48 . 2010-02-06 18:48 -------- d-----w- c:\windows\system32\SPReview
2010-02-06 18:40 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-02-06 18:40 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-02-06 18:38 . 2009-04-10 22:32 527848 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-02-06 18:37 . 2009-04-10 22:28 347648 ----a-w- c:\windows\system32\wbem\wbemess.dll
2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\windows\system32\EventProviders
2010-02-06 18:10 . 2010-02-06 20:24 -------- d-----w- c:\programdata\Electronic Arts
2010-02-06 17:39 . 2009-04-10 21:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-06 17:37 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-02-06 15:48 . 2010-01-12 04:03 68200 ----a-w- c:\windows\system32\OpenCL.dll
2010-02-06 15:48 . 2010-01-12 04:03 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-02-06 15:48 . 2010-01-12 04:03 4321384 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-02-06 15:48 . 2010-01-12 04:03 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2010-02-06 15:48 . 2010-01-12 04:03 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
2010-02-06 15:48 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-02-06 15:48 . 2010-01-12 04:03 4061800 ----a-w- c:\windows\system32\nvcuda.dll
2010-02-06 15:48 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod189.dll
2010-02-06 15:48 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-02-06 15:48 . 2010-01-12 04:03 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
2010-02-06 15:37 . 2010-02-06 15:37 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-06 15:37 . 2010-02-06 15:37 -------- d-----w- c:\users\Wolfi\SystemRequirementsLab
2010-02-06 14:32 . 2010-02-06 14:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-06 13:42 . 2010-02-08 16:13 -------- d-----w- c:\program files\Creative
2010-02-06 02:00 . 2010-02-08 19:42 -------- d-----w- c:\programdata\Creative
2010-01-31 21:13 . 2010-02-03 23:08 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-01-31 01:50 . 2010-01-31 01:58 -------- d-----w- c:\program files\VirtualFem
2010-01-30 12:20 . 2010-02-17 07:52 -------- d-----w- c:\users\Wolfi\AppData\Roaming\vlc
2010-01-20 15:37 . 2010-01-23 15:26 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 08:36 . 2009-02-06 16:48 -------- d-----w- c:\programdata\NVIDIA
2010-02-18 08:35 . 2009-04-25 11:22 34895 ----a-w- c:\programdata\nvModes.dat
2010-02-18 08:31 . 2008-01-21 07:15 698602 ----a-w- c:\windows\system32\perfh007.dat
2010-02-18 08:31 . 2008-01-21 07:15 151410 ----a-w- c:\windows\system32\perfc007.dat
2010-02-17 09:21 . 2009-02-06 16:17 1356 ----a-w- c:\users\Wolfi\AppData\Local\d3d9caps.dat
2010-02-17 08:20 . 2009-02-16 22:15 -------- d-----w- c:\program files\SweetIM
2010-02-17 08:09 . 2010-02-16 16:33 117760 ----a-w- c:\users\Wolfi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-16 16:33 . 2010-02-16 16:33 52224 ----a-w- c:\users\Wolfi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-16 16:31 . 2009-02-06 16:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-16 05:31 . 2009-09-27 03:35 -------- d-----w- c:\program files\PowerArchiver
2010-02-16 05:05 . 2009-03-09 13:30 -------- d-----w- c:\users\Wolfi\AppData\Roaming\DAEMON Tools Lite
2010-02-16 05:02 . 2009-03-09 13:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-16 05:01 . 2009-03-09 14:05 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-02-16 04:14 . 2009-02-06 16:18 73800 ----a-w- c:\users\Wolfi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-16 04:12 . 2009-04-23 14:29 -------- d-----w- c:\program files\cFos
2010-02-16 04:11 . 2009-02-06 16:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 04:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-14 14:10 . 2009-02-11 10:44 -------- d-----w- c:\users\Wolfi\AppData\Roaming\ICQ
2010-02-14 02:42 . 2009-05-08 19:28 -------- d-----w- c:\program files\C3MT
2010-02-13 04:40 . 2009-05-26 02:32 -------- d-----w- c:\program files\Steam
2010-02-08 19:48 . 2009-02-09 09:08 -------- d-----w- c:\programdata\TuneUp Software
2010-02-08 19:47 . 2009-02-09 09:08 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-02-08 16:13 . 2009-09-16 08:41 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-08 16:13 . 2009-09-16 08:41 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-07 00:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-07 00:00 . 2010-02-07 00:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-07 00:00 . 2010-02-07 00:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-06 17:34 . 2009-03-09 03:57 -------- d-----w- c:\program files\Electronic Arts
2010-02-06 15:50 . 2009-08-13 21:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-06 15:50 . 2009-02-06 16:43 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-06 14:32 . 2010-02-06 14:32 38784 ----a-w- c:\users\Wolfi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-06 14:32 . 2010-02-06 14:32 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-03 23:08 . 2010-01-31 21:13 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-02-02 16:02 . 2009-05-26 02:49 -------- d-----w- c:\programdata\Media Center Programs
2010-02-02 15:38 . 2009-02-09 09:09 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-01 15:20 . 2009-10-02 10:16 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Tropico 3
2010-01-31 01:51 . 2010-01-31 01:51 11502 ----a-r- c:\users\Wolfi\AppData\Roaming\Microsoft\Installer\{BAE4D301-FE3F-4B41-813C-81165BD1FB30}\_3cec1c82.exe
2010-01-31 01:51 . 2010-01-31 01:51 11502 ----a-r- c:\users\Wolfi\AppData\Roaming\Microsoft\Installer\{BAE4D301-FE3F-4B41-813C-81165BD1FB30}\_165d6e64.exe
2010-01-30 12:06 . 2009-05-25 23:40 -------- d-----w- c:\users\Wolfi\AppData\Roaming\dvdcss
2010-01-20 15:26 . 2009-04-25 09:16 -------- d-----w- c:\program files\Rockstar Games
2010-01-17 14:42 . 2010-01-17 14:37 -------- d-----w- c:\program files\Airline Tycoon - Deluxe
2010-01-16 13:46 . 2010-01-16 13:45 -------- d-----w- c:\program files\KKND Krossfire
2010-01-14 11:42 . 2010-01-07 17:33 -------- d-----w- c:\program files\Microids
2010-01-14 10:12 . 2009-10-03 09:32 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 09:36 . 2010-01-13 09:36 1273592 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-12 04:03 . 2010-02-06 15:48 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-01-12 04:03 . 2009-08-13 21:33 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2008-09-17 01:55 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
2010-01-12 04:03 . 2008-09-17 01:55 1280616 ----a-w- c:\windows\system32\nvapi.dll
2010-01-11 21:18 . 2010-01-11 21:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-11 21:18 . 2010-01-11 21:18 1515112 ----a-w- c:\windows\system32\nvsvcr.dll
2010-01-11 21:18 . 2010-01-11 21:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:18 . 2010-01-11 21:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-11 21:18 . 2010-01-11 21:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 16:33 . 2010-02-16 15:19 789320 ----a-w- c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-11 16:32 . 2010-02-16 15:19 698184 ----a-w- c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-01-07 17:02 . 2009-05-26 00:36 -------- d-----w- c:\program files\AVS4YOU
2010-01-07 16:46 . 2009-03-01 00:10 -------- d-----w- c:\program files\2K Games
2010-01-05 17:36 . 2010-01-05 17:36 -------- d-----w- c:\users\Wolfi\AppData\Roaming\c-software
2010-01-05 17:35 . 2010-01-05 17:27 -------- d-----w- c:\program files\ELBK2
2010-01-04 16:50 . 2009-05-28 23:06 -------- d-----w- c:\program files\THQ
2010-01-02 06:38 . 2010-01-22 22:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 22:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 22:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 22:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 13:39 . 2009-02-11 10:43 -------- d-----w- c:\program files\ICQ6.5
2009-12-29 22:53 . 2009-11-12 13:19 -------- d-----w- c:\users\Wolfi\AppData\Roaming\gtk-2.0
2009-12-29 10:52 . 2009-12-29 10:52 -------- d-----w- c:\programdata\TechSmith
2009-12-29 10:52 . 2009-12-29 10:52 -------- d-----w- c:\program files\TechSmith
2009-12-24 21:42 . 2009-12-24 21:42 -------- d-----w- c:\program files\Bullfrog
2009-12-23 19:35 . 2009-12-23 18:15 157184 --sh--w- c:\windows\system32\SCS.dll
2009-12-23 19:35 . 2009-12-23 18:15 113152 --sh--w- c:\windows\system32\SCX.dll
2009-12-22 22:52 . 2009-12-22 14:56 -------- d-----w- c:\program files\Crazy Machines II
2009-12-22 16:12 . 2009-10-04 05:48 -------- d-----w- c:\program files\Activision
2009-12-22 14:54 . 2009-12-22 14:54 -------- d-----w- c:\program files\OpenAL
2009-12-14 00:31 . 2009-06-24 20:14 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 20:01 . 2010-02-10 19:12 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-10 19:12 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 19:12 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 19:12 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 19:12 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 19:12 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 19:12 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 19:12 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 19:12 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 19:12 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 19:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 19:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 19:12 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-05-30 21:22 . 2009-09-19 22:10 266240 ----a-w- c:\program files\@Home Mate RegFixer.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-09-22 16:21 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-09-22 16:21 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-09-22 16:21 216064 --sh--r- c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 17:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Steam"="c:\program files\Steam\Steam.exe" -silent
"Comrade.exe"=c:\program files\GameSpy\Comrade\Comrade.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"cFosDNT"=c:\program files\cFos\cFosDNT.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"VX3000"=c:\windows\vVX3000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e5,b9,90,41,5e,a7,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1452552504-3750701632-1159496026-1000]
"EnableNotificationsRef"=dword:00000002

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [24.06.2009 21:14 108289]
R2 cFosNT;cFosNT;c:\windows\System32\drivers\cFosNT.sys [23.04.2009 15:29 1206488]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [11.01.2010 21:00 240232]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [01.02.2010 13:00 1043784]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 07:24 10064]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [08.02.2010 17:12 79360]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [09.02.2009 09:49 17536]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [09.03.2009 14:30 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-02-17 c:\windows\Tasks\User_Feed_Synchronization-{1FB89CD6-4C99-4F44-A899-DC6FBD9D05A6}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
uInternet Settings,ProxyOverride = *.t-online.de;localhost;<local>
IE: &NeoTrace It! - c:\neotra~1\NTXcontext.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\MOZILLA FIREFOX\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 09:38
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1452552504-3750701632-1159496026-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:07,a6,c4,fd,67,85,a0,db,88,60,4d,91,6b,17,83,8c,c7,e3,fc,54,5a,48,14,
33,67,3b,8d,4f,99,a4,c8,a4,44,2f,d8,10,03,a5,cb,26,ce,4f,76,3e,0e,5d,85,a4,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b

[HKEY_USERS\S-1-5-21-1452552504-3750701632-1159496026-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,23,16,ee,76,12,8e,2e,cc,00,86,6a,af,39,77,cd,cd,6b,02,a4,0c,
f7,1b,90,bd,a4,1f,72,75,43,1d,ad,87,dc,de,2a,6e,ec,be,cc,39,01,71,68,c1,76,\
"rkeysecu"=hex:21,68,02,d5,a4,cc,46,f2,d0,01,c0,80,76,61,ec,58

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-02-18 09:43:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-02-18 08:43

Vor Suchlauf: 47 Verzeichnis(se), 98.811.183.104 Bytes frei
Nach Suchlauf: 51 Verzeichnis(se), 101.815.242.752 Bytes frei

- - End Of File - - C079FCA592E6D4B207E3D0773550E061

Wolfizero · 18.02.2010, 10:01

Kleine Zusatzinfo (wollte nicht den Post mit dem Log editieren):
Die beiden Datein, die ich u.a. auch hier hochgeladen hatte sind weg und bislang macht auch google keine Schwierigkeiten mehr, allerdings sind das jetzt erstmal nur kurzfristige Eindrücke.

cosinus · 18.02.2010, 16:01

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

http://www.trojaner-board.de/82976-trojaner-eingefangen-browser-und-programme-spinnen.html#post504527

Collect::
c:\windows\system32\tuoco.exe
c:\windows\system32\tueroif.exe
c:\windows\system32\tuoco.scr

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Wolfizero · 19.02.2010, 09:36

Erledigt. Hier die log-Datei nach dem reinziehen des Scriptes:

ComboFix 10-02-12.01 - Wolfi 19.02.2010 9:24.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1151 [GMT 1:00]
ausgeführt von:: c:\users\Wolfi\Downloads\Cofi.exe
Benutzte Befehlsschalter :: c:\users\Wolfi\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\windows\system32\tueroif.exe
file zipped: c:\windows\system32\tuoco.exe
file zipped: c:\windows\system32\tuoco.scr
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Wolfi\Documents\RegistrierungssicherungM„rz.reg
c:\windows\system32\tueroif.exe
c:\windows\system32\tuoco.exe
c:\windows\system32\tuoco.scr

.
((((((((((((((((((((((( Dateien erstellt von 2010-01-19 bis 2010-02-19 ))))))))))))))))))))))))))))))
.

2010-02-19 08:30 . 2010-02-19 08:30 -------- d-----w- c:\users\Wolfi\AppData\Local\temp
2010-02-19 08:30 . 2010-02-19 08:30 -------- d-----w- c:\users\yfl\AppData\Local\temp
2010-02-19 08:30 . 2010-02-19 08:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-19 08:30 . 2010-02-19 08:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-17 15:49 . 2010-02-17 15:49 -------- d-----w- C:\rsit
2010-02-16 17:08 . 2010-02-16 17:08 -------- d-----w- C:\!KillBox
2010-02-16 16:36 . 2010-02-16 16:36 -------- d-----w- c:\programdata\WindowsSearch
2010-02-16 16:33 . 2010-02-16 16:33 52224 ----a-w- c:\users\Wolfi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-16 16:33 . 2010-02-17 08:09 117760 ----a-w- c:\users\Wolfi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-16 16:32 . 2010-02-16 16:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-16 16:32 . 2010-02-16 16:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-16 16:32 . 2010-02-16 16:32 -------- d-----w- c:\users\Wolfi\AppData\Roaming\SUPERAntiSpyware.com
2010-02-16 16:28 . 2010-02-16 16:28 -------- d-----w- C:\GPs
2010-02-16 16:26 . 2010-02-16 16:28 -------- d-----w- C:\Guitar Pro 5.0
2010-02-16 15:19 . 2010-02-16 16:59 -------- d-----w- c:\users\Wolfi\AppData\Roaming\QuickScan
2010-02-16 15:19 . 2010-01-11 16:32 698184 ----a-w- c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-02-16 15:19 . 2010-01-11 16:33 789320 ----a-w- c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-16 14:49 . 2010-02-16 14:49 -------- d-----w- c:\program files\Trend Micro
2010-02-16 14:30 . 2010-02-16 14:30 -------- d-----w- c:\users\Wolfi\AppData\Roaming\AVG8
2010-02-16 14:26 . 2010-02-17 14:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-16 14:26 . 2010-02-17 08:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-16 08:35 . 2010-02-16 08:35 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Malwarebytes
2010-02-16 08:35 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 08:34 . 2010-02-16 14:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 08:34 . 2010-02-16 08:34 -------- d-----w- c:\programdata\Malwarebytes
2010-02-16 08:34 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-16 08:31 . 2010-02-16 08:31 -------- d-----w- c:\program files\CCleaner
2010-02-16 07:22 . 2010-02-16 07:45 -------- d-----w- c:\program files\Bethesda Softworks
2010-02-16 07:21 . 2010-02-16 07:21 64512 --sh--r- c:\windows\system32\tueroif.scr
2010-02-16 05:56 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-16 05:56 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-16 05:56 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-16 05:56 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-16 05:01 . 2010-02-16 05:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-16 04:54 . 2010-02-16 08:58 -------- d-----w- C:\Fallout 3 DVD
2010-02-16 03:51 . 2010-02-16 03:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-16 02:55 . 2010-02-16 02:56 -------- d-----w- C:\40966214c097f7e22a
2010-02-15 16:24 . 2010-02-15 16:24 -------- d-----w- c:\users\Wolfi\AppData\Local\Fallout3
2010-02-15 16:21 . 2010-02-15 16:21 -------- d-----w- C:\inetpub
2010-02-15 13:48 . 2008-09-18 19:10 121064 ----a-r- c:\programdata\Fallout3\setup.exe
2010-02-15 13:48 . 2010-02-15 13:48 -------- d-----w- c:\programdata\Fallout3
2010-02-15 13:39 . 2010-02-15 13:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-10 19:13 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 19:13 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 19:13 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 19:13 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-09 19:32 . 2010-02-09 19:32 -------- d-----w- c:\programdata\Creative Labs
2010-02-08 23:58 . 2010-02-08 23:58 -------- d-----w- c:\programdata\2DBoy
2010-02-08 23:57 . 2010-02-08 23:58 -------- d-----w- C:\WorldOfGoo
2010-02-08 19:48 . 2010-02-01 12:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-08 19:48 . 2010-02-01 11:57 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-02-08 19:48 . 2010-02-01 11:57 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-08 19:48 . 2010-02-08 19:48 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-08 19:48 . 2010-02-08 19:48 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-08 16:13 . 2009-04-02 10:33 2873820 ------w- c:\windows\system32\Sens_oal.dll
2010-02-08 16:12 . 2010-02-08 16:12 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-02-08 16:11 . 2009-07-10 08:07 166912 ----a-w- c:\windows\system32\APOMngr.DLL
2010-02-08 16:11 . 2009-02-06 17:52 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-02-07 14:41 . 2010-02-07 14:41 -------- d-----w- C:\EA SPORTS
2010-02-07 14:32 . 2010-02-07 14:32 -------- d-----w- c:\programdata\EA Logs
2010-02-07 01:04 . 2010-02-07 01:33 -------- d-----w- C:\FM10 DVD
2010-02-07 00:00 . 2010-02-07 00:00 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-06 23:58 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-02-06 23:57 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-06 23:57 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-06 23:57 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-06 20:22 . 2010-02-06 20:22 -------- d-----w- C:\Electronic Arts
2010-02-06 19:50 . 2010-02-06 19:51 -------- d-----w- c:\program files\NSIS
2010-02-06 18:51 . 2010-02-06 18:52 -------- d-----w- c:\windows\system32\ca-ES
2010-02-06 18:51 . 2010-02-06 18:52 -------- d-----w- c:\windows\system32\eu-ES
2010-02-06 18:51 . 2010-02-06 18:52 -------- d-----w- c:\windows\system32\vi-VN
2010-02-06 18:48 . 2010-02-06 18:48 -------- d-----w- c:\windows\system32\SPReview
2010-02-06 18:40 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-02-06 18:40 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-02-06 18:38 . 2009-04-10 22:32 527848 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-02-06 18:37 . 2009-04-10 22:28 347648 ----a-w- c:\windows\system32\wbem\wbemess.dll
2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\windows\system32\EventProviders
2010-02-06 18:10 . 2010-02-06 20:24 -------- d-----w- c:\programdata\Electronic Arts
2010-02-06 17:39 . 2009-04-10 21:32 19944 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-06 17:37 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-02-06 15:48 . 2010-01-12 04:03 68200 ----a-w- c:\windows\system32\OpenCL.dll
2010-02-06 15:48 . 2010-01-12 04:03 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-02-06 15:48 . 2010-01-12 04:03 4321384 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-02-06 15:48 . 2010-01-12 04:03 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2010-02-06 15:48 . 2010-01-12 04:03 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
2010-02-06 15:48 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-02-06 15:48 . 2010-01-12 04:03 4061800 ----a-w- c:\windows\system32\nvcuda.dll
2010-02-06 15:48 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod189.dll
2010-02-06 15:48 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-02-06 15:48 . 2010-01-12 04:03 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
2010-02-06 15:37 . 2010-02-06 15:37 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-06 15:37 . 2010-02-06 15:37 -------- d-----w- c:\users\Wolfi\SystemRequirementsLab
2010-02-06 14:32 . 2010-02-06 14:32 38784 ----a-w- c:\users\Wolfi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-06 14:32 . 2010-02-06 14:32 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-06 14:32 . 2010-02-06 14:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-06 13:42 . 2010-02-08 16:13 -------- d-----w- c:\program files\Creative
2010-02-06 02:00 . 2010-02-08 19:42 -------- d-----w- c:\programdata\Creative
2010-01-31 21:13 . 2010-02-03 23:08 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-01-31 01:51 . 2010-01-31 01:51 11502 ----a-r- c:\users\Wolfi\AppData\Roaming\Microsoft\Installer\{BAE4D301-FE3F-4B41-813C-81165BD1FB30}\_3cec1c82.exe
2010-01-31 01:51 . 2010-01-31 01:51 11502 ----a-r- c:\users\Wolfi\AppData\Roaming\Microsoft\Installer\{BAE4D301-FE3F-4B41-813C-81165BD1FB30}\_165d6e64.exe
2010-01-31 01:50 . 2010-01-31 01:58 -------- d-----w- c:\program files\VirtualFem
2010-01-30 12:20 . 2010-02-18 13:16 -------- d-----w- c:\users\Wolfi\AppData\Roaming\vlc
2010-01-20 15:37 . 2010-01-23 15:26 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 07:25 . 2008-01-21 07:15 698602 ----a-w- c:\windows\system32\perfh007.dat
2010-02-19 07:25 . 2008-01-21 07:15 151410 ----a-w- c:\windows\system32\perfc007.dat
2010-02-19 07:19 . 2009-02-06 16:48 -------- d-----w- c:\programdata\NVIDIA
2010-02-19 07:19 . 2009-04-25 11:22 52735 ----a-w- c:\programdata\nvModes.dat
2010-02-17 09:21 . 2009-02-06 16:17 1356 ----a-w- c:\users\Wolfi\AppData\Local\d3d9caps.dat
2010-02-17 08:20 . 2009-02-16 22:15 -------- d-----w- c:\program files\SweetIM
2010-02-16 16:31 . 2009-02-06 16:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-16 05:31 . 2009-09-27 03:35 -------- d-----w- c:\program files\PowerArchiver
2010-02-16 05:05 . 2009-03-09 13:30 -------- d-----w- c:\users\Wolfi\AppData\Roaming\DAEMON Tools Lite
2010-02-16 05:02 . 2009-03-09 13:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-16 05:01 . 2009-03-09 14:05 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-02-16 04:14 . 2009-02-06 16:18 73800 ----a-w- c:\users\Wolfi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-16 04:12 . 2009-04-23 14:29 -------- d-----w- c:\program files\cFos
2010-02-16 04:11 . 2009-02-06 16:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 04:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-14 14:10 . 2009-02-11 10:44 -------- d-----w- c:\users\Wolfi\AppData\Roaming\ICQ
2010-02-14 02:42 . 2009-05-08 19:28 -------- d-----w- c:\program files\C3MT
2010-02-13 04:40 . 2009-05-26 02:32 -------- d-----w- c:\program files\Steam
2010-02-08 19:48 . 2009-02-09 09:08 -------- d-----w- c:\programdata\TuneUp Software
2010-02-08 19:47 . 2009-02-09 09:08 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-02-08 16:13 . 2009-09-16 08:41 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-08 16:13 . 2009-09-16 08:41 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-07 00:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-07 00:00 . 2010-02-07 00:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-07 00:00 . 2010-02-07 00:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-06 17:34 . 2009-03-09 03:57 -------- d-----w- c:\program files\Electronic Arts
2010-02-06 15:50 . 2009-08-13 21:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-06 15:50 . 2009-02-06 16:43 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-03 23:08 . 2010-01-31 21:13 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-02-02 16:02 . 2009-05-26 02:49 -------- d-----w- c:\programdata\Media Center Programs
2010-02-02 15:38 . 2009-02-09 09:09 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-01 15:20 . 2009-10-02 10:16 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Tropico 3
2010-01-30 12:06 . 2009-05-25 23:40 -------- d-----w- c:\users\Wolfi\AppData\Roaming\dvdcss
2010-01-20 15:26 . 2009-04-25 09:16 -------- d-----w- c:\program files\Rockstar Games
2010-01-17 14:42 . 2010-01-17 14:37 -------- d-----w- c:\program files\Airline Tycoon - Deluxe
2010-01-16 13:46 . 2010-01-16 13:45 -------- d-----w- c:\program files\KKND Krossfire
2010-01-14 11:42 . 2010-01-07 17:33 -------- d-----w- c:\program files\Microids
2010-01-14 10:12 . 2009-10-03 09:32 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 09:36 . 2010-01-13 09:36 1273592 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-12 04:03 . 2010-02-06 15:48 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-01-12 04:03 . 2009-08-13 21:33 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2008-09-17 01:55 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
2010-01-12 04:03 . 2008-09-17 01:55 1280616 ----a-w- c:\windows\system32\nvapi.dll
2010-01-11 21:18 . 2010-01-11 21:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-11 21:18 . 2010-01-11 21:18 1515112 ----a-w- c:\windows\system32\nvsvcr.dll
2010-01-11 21:18 . 2010-01-11 21:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:18 . 2010-01-11 21:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-11 21:18 . 2010-01-11 21:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-07 17:02 . 2009-05-26 00:36 -------- d-----w- c:\program files\AVS4YOU
2010-01-07 16:46 . 2009-03-01 00:10 -------- d-----w- c:\program files\2K Games
2010-01-05 17:36 . 2010-01-05 17:36 -------- d-----w- c:\users\Wolfi\AppData\Roaming\c-software
2010-01-05 17:35 . 2010-01-05 17:27 -------- d-----w- c:\program files\ELBK2
2010-01-04 16:50 . 2009-05-28 23:06 -------- d-----w- c:\program files\THQ
2010-01-02 06:38 . 2010-01-22 22:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 22:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 22:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 22:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 13:39 . 2009-02-11 10:43 -------- d-----w- c:\program files\ICQ6.5
2009-12-29 22:53 . 2009-11-12 13:19 -------- d-----w- c:\users\Wolfi\AppData\Roaming\gtk-2.0
2009-12-29 10:52 . 2009-12-29 10:52 -------- d-----w- c:\programdata\TechSmith
2009-12-29 10:52 . 2009-12-29 10:52 -------- d-----w- c:\program files\TechSmith
2009-12-24 21:42 . 2009-12-24 21:42 -------- d-----w- c:\program files\Bullfrog
2009-12-23 19:35 . 2009-12-23 18:15 157184 --sh--w- c:\windows\system32\SCS.dll
2009-12-23 19:35 . 2009-12-23 18:15 113152 --sh--w- c:\windows\system32\SCX.dll
2009-12-22 22:52 . 2009-12-22 14:56 -------- d-----w- c:\program files\Crazy Machines II
2009-12-22 16:12 . 2009-10-04 05:48 -------- d-----w- c:\program files\Activision
2009-12-22 14:54 . 2009-12-22 14:54 -------- d-----w- c:\program files\OpenAL
2009-12-14 00:31 . 2009-06-24 20:14 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 20:01 . 2010-02-10 19:12 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-10 19:12 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 19:12 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 19:12 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 19:12 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 19:12 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 19:12 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 19:12 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 19:12 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 19:12 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 19:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 19:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 19:12 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-05-30 21:22 . 2009-09-19 22:10 266240 ----a-w- c:\program files\@Home Mate RegFixer.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-09-22 16:21 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-09-22 16:21 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-09-22 16:21 216064 --sh--r- c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 17:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Steam"="c:\program files\Steam\Steam.exe" -silent
"Comrade.exe"=c:\program files\GameSpy\Comrade\Comrade.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"cFosDNT"=c:\program files\cFos\cFosDNT.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"VX3000"=c:\windows\vVX3000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e5,b9,90,41,5e,a7,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1452552504-3750701632-1159496026-1000]
"EnableNotificationsRef"=dword:00000002

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [24.06.2009 21:14 108289]
R2 cFosNT;cFosNT;c:\windows\System32\drivers\cFosNT.sys [23.04.2009 15:29 1206488]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [11.01.2010 21:00 240232]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [01.02.2010 13:00 1043784]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [09.02.2009 09:49 17536]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 07:24 10064]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [08.02.2010 17:12 79360]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [09.03.2009 14:30 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-02-19 c:\windows\Tasks\User_Feed_Synchronization-{1FB89CD6-4C99-4F44-A899-DC6FBD9D05A6}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
uInternet Settings,ProxyOverride = *.t-online.de;localhost;<local>
IE: &NeoTrace It! - c:\neotra~1\NTXcontext.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\MOZILLA FIREFOX\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 09:30
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1452552504-3750701632-1159496026-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:07,a6,c4,fd,67,85,a0,db,88,60,4d,91,6b,17,83,8c,c7,e3,fc,54,5a,48,14,
33,67,3b,8d,4f,99,a4,c8,a4,44,2f,d8,10,03,a5,cb,26,ce,4f,76,3e,0e,5d,85,a4,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b

[HKEY_USERS\S-1-5-21-1452552504-3750701632-1159496026-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,23,16,ee,76,12,8e,2e,cc,00,86,6a,af,39,77,cd,cd,6b,02,a4,0c,
f7,1b,90,bd,a4,1f,72,75,43,1d,ad,87,dc,de,2a,6e,ec,be,cc,39,01,71,68,c1,76,\
"rkeysecu"=hex:21,68,02,d5,a4,cc,46,f2,d0,01,c0,80,76,61,ec,58

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
Zeit der Fertigstellung: 2010-02-19 09:32:24
ComboFix-quarantined-files.txt 2010-02-19 08:32
ComboFix2.txt 2010-02-18 08:43

Vor Suchlauf: 50 Verzeichnis(se), 101.375.668.224 Bytes frei
Nach Suchlauf: 51 Verzeichnis(se), 101.320.519.680 Bytes frei

- - End Of File - - 3A6B3BC7629B150EC481F79B4EA746B7

cosinus · 19.02.2010, 18:08

Mach bitte noch einen Kontrollscan, öffne Malwarebytes, aktualisiere das Programm, starte einen Vollscan und lass alle etwaigen Funde entfernen. Anschließend wieder das Logfile posten.

Wolfizero · 19.02.2010, 20:54

Scan verlief ohne Fund. Vielen Dank für die Hilfe :-)

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3746
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

19.02.2010 20:51:45
mbam-log-2010-02-19 (20-51-45).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 486682
Laufzeit: 1 hour(s), 7 minute(s), 16 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 19.02.2010, 20:59

Schön

Wenn keine Probleme mehr da sind, bitte Updates prüfen:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Wolfizero · 20.02.2010, 10:58

Alle nötigen Updates durchgeführt. Vielen Dank nochmal

19.02.2010, 18:08	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner eingefangen? Browser und Programme spinnen Mach bitte noch einen Kontrollscan, öffne Malwarebytes, aktualisiere das Programm, starte einen Vollscan und lass alle etwaigen Funde entfernen. Anschließend wieder das Logfile posten. __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner eingefangen? Browser und Programme spinnen

Log-Analyse und Auswertung: Trojaner eingefangen? Browser und Programme spinnen