Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und...

+max+ · 19.06.2010, 12:57

Wenn ich die CFScript.txt ins Combofix ziehe kommt folgendes:

"Some installation files are corrupt.
Please download a fresh copy and retry the installation"

Was tun ?

Larusso · 19.06.2010, 13:30

Lade dir eine neue Kopie von COmbofix herunter. Diese nicht umbenennen.

+max+ · 19.06.2010, 13:31

Ach ja, eine Frage zwischendurch:

Muss ich nach dieser ganzen Prozedur (wenn sie mal beendet ist) noch etwas gegen den MSN-Virus machen (eben weil ich auf den Link geklickt habe, kann nemanden mehr anschreiben...)???

Muss da anschließend noch was gemacht werden??? (Passwörter ändern ist klar...)

Lg Max

Larusso · 19.06.2010, 13:43

Jz mach mal das was ich dir hier schreibe sonst wird das nie was

+max+ · 19.06.2010, 15:30

so hier die Logfiles:

Combo Fix:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-06-18.03 - Administrator 19.06.2010  15:25:41.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.254.104 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-19 bis 2010-06-19  ))))))))))))))))))))))))))))))
.

2010-06-17 21:44 . 2010-06-17 21:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-17 21:44 . 2010-06-17 21:44	--------	d-----w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-17 21:43 . 2010-06-17 21:43	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-17 21:40 . 2010-06-17 21:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 21:51 . 2008-12-05 15:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2010-06-18 05:44 . 2010-06-17 21:46	63488	----a-w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-18 05:44 . 2010-06-17 21:46	117760	----a-w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-17 21:46 . 2010-06-17 21:46	52224	----a-w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-17 21:43 . 2010-06-17 21:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-17 21:42 . 2010-06-17 21:41	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-06-13 21:37 . 2008-03-13 20:17	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ICQ
2010-06-13 21:12 . 2010-05-19 18:00	--------	d-----w-	c:\program files\ICQ7.1
2010-06-13 20:31 . 2009-10-17 13:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-20 16:10 . 2010-04-28 16:35	--------	d-----w-	c:\program files\ANNO1602
2010-05-19 18:02 . 2008-03-13 20:19	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-05-18 15:55 . 2010-05-18 15:55	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Avira
2010-05-18 15:49 . 2009-03-13 21:12	--------	d-----w-	c:\program files\Avira
2010-05-18 15:41 . 2010-05-18 15:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2010-05-17 17:38 . 2010-04-06 20:48	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Winamp
2010-05-17 13:55 . 2010-05-17 13:55	604488	----a-w-	c:\windows\system32\TUProgSt.exe
2010-05-17 13:55 . 2010-05-17 13:55	361288	----a-w-	c:\windows\system32\TuneUpDefragService.exe
2010-05-17 13:55 . 2010-05-17 13:55	--------	d-----w-	c:\documents and settings\Administrator\Application Data\TuneUp Software
2010-05-17 13:54 . 2010-05-17 13:53	--------	d-----w-	c:\program files\TuneUp Utilities 2009
2010-05-17 13:53 . 2010-05-17 13:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-17 13:50 . 2010-05-17 13:50	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2010-05-02 05:22 . 2004-08-04 12:00	1851264	----a-w-	c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2010-06-17 21:41	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-06-17 21:40	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-28 19:50 . 2008-03-20 20:05	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-04-28 19:44 . 2010-04-28 19:24	--------	d-----w-	c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2010-04-28 19:32 . 2010-04-28 19:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-04-28 19:31 . 2010-04-28 19:31	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2010-04-28 19:31 . 2010-04-28 19:31	--------	d-----w-	c:\program files\DAEMON Tools Lite
2010-04-28 19:24 . 2010-04-28 19:24	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-04-20 05:30 . 2004-08-04 12:00	285696	----a-w-	c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2004-08-04 12:00	667136	----a-w-	c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2004-08-04 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-04-14 18:01 . 2010-04-14 18:01	362	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\fw_start.bat
2010-04-14 17:57 . 2010-04-14 18:01	176210	----a-w-	c:\windows\callAPI.exe
2008-05-01 12:31 . 2008-05-01 12:31	0	-c--a-w-	c:\program files\temp01
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"PCTVOICE"="pctspk.exe" [2003-02-24 163840]
"Conceptronic Conceptronic 54Mbps Wireless Utility"="c:\program files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe" [2007-01-19 950272]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-03-01 11:35	327680	----a-w-	c:\program files\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51	691656	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16	141608	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-07-07 08:42	2156368	------w-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-07 17:13	2403568	----a-w-	c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-05-20 14:11	111928	----a-r-	c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44	37888	----a-w-	c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.04.2010 20:24 721904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 19:41 67656]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [20.03.2008 20:36 264704]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-06-19 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]

2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-06-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-05 17:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.feuerwerk-forum.de/cms.php?p=home
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-19 15:41
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spqu.sys hal.dll >>UNKNOWN [0x81B1F938]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf92a5f28
\Driver\ACPI -> ACPI.sys @ 0xf90ffcb8
\Driver\atapi -> atapi.sys @ 0xf909cb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS:  -> SendCompleteHandler -> 0x0
 PacketIndicateHandler -> 0x0
 SendHandler -> 0x0
user & kernel MBR OK 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-436374069-706699826-1957994488-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,42,e5,e5,9a,13,5a,58,59,b3,38,57,cf,28,63,b1,49,6d,1e,6d,01,25,be,
   ea,30,66,12,14,9c,3d,4c,34,8a,58,14,83,f7,5c,57,60,5d,ed,20,17,73,15,82,96,\
"??"=hex:c4,8a,f6,63,3a,cc,81,12,7e,50,4c,f3,5a,84,99,8d

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(452)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2348)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TUProgSt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\pctspk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-19  16:00:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-19 15:00

Vor Suchlauf: 10.735.988.736 bytes free
Nach Suchlauf: 12 Verzeichnis(se), 10.724.880.384 Bytes frei

- - End Of File - - F0019A1ECB1156306474ED636058958E

--- --- ---

OTL Fix Log:

All processes killed
========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BE7E50E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP

507AEDA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:18B3AE54 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:46700142 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89A5891E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:72E6616C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:842B0AED deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90B52091 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP

507B5A8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2E49FF93 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP

E47A3DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0DD063D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:09867A8B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8776F88E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8F2382B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:275AA066 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BABA07C2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F264BECE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B268A25C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A6116FBB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP

1713795 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:77F07255 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90D89144 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:221F35CC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A109A3D0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:453190EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0207B271 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CB3187E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:12A8EFF7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:101708D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C5BCA2A0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DA9DB01 deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06192010_160521

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

+max+ · 19.06.2010, 15:32

Und der OTL Quick Scan Log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.06.2010 16:12:45 - Run 2
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
254,00 Mb Total Physical Memory | 95,00 Mb Available Physical Memory | 38,00% Memory free
1.008,00 Mb Paging File | 761,00 Mb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,95 Gb Total Space | 10,01 Gb Free Space | 35,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WALTERMOBIL
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.03.29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2003.02.24 15:35:12 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\pctspk.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008.04.14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.05.17 14:55:27 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2005.10.19 18:19:10 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Disabled | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.04.28 20:24:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.07.26 16:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 16:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 16:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008.07.26 16:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007.09.12 09:56:50 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006.09.05 20:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex)
DRV - [2006.09.05 20:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)
DRV - [2006.09.05 19:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006.09.05 19:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006.09.05 19:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
DRV - [2006.09.05 19:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)
DRV - [2006.09.05 19:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)
DRV - [2006.02.23 17:16:36 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.01.19 22:10:50 | 000,363,008 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005.12.11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2003.05.30 18:45:16 | 000,477,403 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2003.05.30 17:50:46 | 000,690,973 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2003.05.28 12:08:12 | 000,066,111 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2003.02.24 15:30:02 | 000,135,292 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001.08.17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.feuerwerk-forum.de/cms.php?p=home"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 21:48:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.06 21:48:20 | 000,000,000 | ---D | M]
 
[2010.04.06 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2010.06.18 01:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions
[2010.04.06 23:04:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.17 18:39:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.29 17:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\youtube2mp3@mondayx.de
[2010.06.18 01:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.14 19:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.19 15:39:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WlanMon.exe (Conceptronic )
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205436973119 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205437178203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.13 05:09:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.19 16:05:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.19 16:05:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.19 16:00:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.19 15:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010.06.19 13:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Logfiles 18.06 und 19.06
[2010.06.18 23:19:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.18 23:06:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.18 23:06:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.18 23:06:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.18 23:06:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.18 23:04:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.18 23:00:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.18 22:41:17 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.06.18 22:41:15 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010.06.17 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010.06.17 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010.06.17 22:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010.06.17 22:41:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.17 22:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.06.17 22:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.06.17 22:40:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.17 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.17 22:37:12 | 008,776,240 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010.06.17 22:35:57 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010.05.19 19:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL
[2010.05.19 19:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1
[2010.05.18 16:59:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.05.18 16:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2010.05.18 16:41:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.05.18 16:41:14 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.05.18 16:41:14 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.05.18 16:41:14 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.05.18 16:41:14 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.05.18 16:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010.05.17 14:55:35 | 000,604,488 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010.05.17 14:55:30 | 000,029,000 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.05.17 14:55:26 | 000,361,288 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010.05.17 14:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010.05.17 14:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.05.17 14:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2010.05.17 14:50:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.05.13 18:02:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.05.06 20:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\IDoser v4.5
[2010.04.28 20:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.04.28 20:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010.04.28 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.04.28 20:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010.04.28 20:13:46 | 007,658,952 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Administrator\Desktop\daemon4304-lite.exe
[2010.04.28 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\ANNO1602
[2010.04.28 16:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Musik
[2010.04.11 17:17:52 | 000,495,104 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\WECO Feuerwerk.exe
[2010.04.11 17:17:51 | 000,903,168 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\WECO Feuerwerk .scr
[2010.04.11 17:17:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WECO Feuerwerk  Uninstaller
[2010.04.11 00:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Feuerwerk Bilder und Videos
[2010.04.10 22:41:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Neu Aktenkoffer
[2010.04.07 19:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\KAMERA
[2010.04.07 18:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010.04.07 18:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FW-Sim
[2010.04.06 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010.04.06 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010.04.06 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010.04.06 21:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2010.04.06 21:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Programme
[2010.04.06 21:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Office 2007
[2010.03.22 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.19 16:12:17 | 000,013,728 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.19 16:08:22 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.06.19 16:07:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.19 16:07:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.19 16:05:43 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.06.19 16:05:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.06.19 15:43:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.19 15:39:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.19 15:06:52 | 003,715,012 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010.06.19 14:30:30 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.19 14:30:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.06.19 13:34:11 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.06.18 22:28:38 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010.06.17 22:43:10 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.17 22:42:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.17 22:38:11 | 008,776,240 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010.06.17 22:36:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010.06.17 14:17:14 | 000,011,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner Neu.docx
[2010.06.16 19:54:01 | 000,074,747 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk neu.docx
[2010.06.16 00:44:57 | 004,811,836 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010.06.13 22:08:21 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.13 21:38:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.06.13 20:42:23 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.13 20:42:23 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.13 20:42:22 | 000,505,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.08 22:32:20 | 000,054,183 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrennplan Vorschlag 1.docx
[2010.06.07 19:24:54 | 000,093,190 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\opelcorsab.JPG
[2010.06.06 23:43:48 | 000,011,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner aus dem Forum.docx
[2010.05.24 15:36:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.05.19 19:03:10 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.1.lnk
[2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010.05.17 14:55:27 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010.05.17 14:54:34 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.17 14:54:32 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010.05.13 18:26:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.05.09 14:32:56 | 000,000,370 | ---- | M] () -- C:\content_update_notification.xml
[2010.05.06 19:45:34 | 000,484,516 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Du hast es gefunden.JPG
[2010.04.29 20:19:07 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 20:24:26 | 000,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.27 22:32:01 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Eigene Dateien.lnk
[2010.04.27 21:44:03 | 000,310,191 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ich (10).JPG
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.25 22:17:04 | 000,054,652 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.25 14:45:11 | 000,096,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BLOCKPLAN-KFZ-2009-2010.pdf
[2010.04.21 22:32:56 | 000,068,643 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk bestellvorschlag 1.docx
[2010.04.20 20:23:56 | 000,012,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ipanema.jpg
[2010.04.14 19:03:21 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.properties
[2010.04.14 19:01:10 | 000,000,140 | ---- | M] () -- C:\WINDOWS\CallAPI.ini
[2010.04.14 19:01:00 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fw_start.bat
[2010.04.14 18:57:14 | 000,176,210 | ---- | M] () -- C:\WINDOWS\callAPI.exe
[2010.04.11 17:32:31 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Die Tomate ausarbeitung präsentation.doc
[2010.04.07 19:33:16 | 000,207,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fehlerfwsim.BMP
[2010.04.06 21:48:21 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010.04.06 21:26:14 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010.04.06 20:31:57 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
 
========== Files Created - No Company Name ==========
 
[2010.06.19 15:09:41 | 003,715,012 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010.06.18 23:20:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.06.18 23:19:51 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.06.18 23:06:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.18 23:06:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.18 23:06:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.18 23:06:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.18 23:06:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.17 22:43:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.17 22:42:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.16 20:08:22 | 000,011,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner Neu.docx
[2010.06.16 19:51:23 | 000,074,747 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk neu.docx
[2010.06.07 19:24:53 | 000,093,190 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\opelcorsab.JPG
[2010.06.06 21:55:28 | 000,011,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner aus dem Forum.docx
[2010.05.19 19:03:10 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.1.lnk
[2010.05.17 14:55:25 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.05.17 14:54:34 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.17 14:54:32 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010.05.06 19:45:02 | 000,484,516 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Du hast es gefunden.JPG
[2010.04.28 20:24:24 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.28 20:13:57 | 558,018,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\An.603.iso
[2010.04.27 22:32:01 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Eigene Dateien.lnk
[2010.04.27 21:43:44 | 000,310,191 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ich (10).JPG
[2010.04.25 22:15:41 | 000,054,652 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.25 14:45:11 | 000,096,440 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BLOCKPLAN-KFZ-2009-2010.pdf
[2010.04.22 21:40:28 | 000,054,183 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrennplan Vorschlag 1.docx
[2010.04.21 22:23:42 | 000,068,643 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk bestellvorschlag 1.docx
[2010.04.20 20:23:54 | 000,012,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ipanema.jpg
[2010.04.14 19:01:10 | 000,000,140 | ---- | C] () -- C:\WINDOWS\CallAPI.ini
[2010.04.14 19:01:08 | 000,176,210 | ---- | C] () -- C:\WINDOWS\callAPI.exe
[2010.04.14 19:01:00 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fw_start.bat
[2010.04.14 18:50:55 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.properties
[2010.04.14 18:50:51 | 000,088,986 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.log
[2010.04.11 17:32:28 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Die Tomate ausarbeitung präsentation.doc
[2010.04.11 17:17:53 | 000,000,639 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c4
[2010.04.11 17:17:52 | 000,825,646 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .swf
[2010.04.11 17:17:52 | 000,161,078 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .bmp
[2010.04.11 17:17:52 | 000,023,558 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .ico
[2010.04.11 17:17:52 | 000,000,767 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c3
[2010.04.11 17:17:52 | 000,000,767 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c1
[2010.04.11 17:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .ini
[2010.04.07 19:33:16 | 000,207,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fehlerfwsim.BMP
[2010.04.07 19:30:41 | 000,031,744 | ---- | C] () -- C:\WINDOWS\UNISTB32.EXE
[2010.04.06 21:48:21 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010.04.06 21:26:14 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009.09.19 15:17:36 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.03.13 21:32:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008.06.22 20:33:32 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.10.12 01:11:58 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2003.02.13 17:40:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mdmmoh.dll
 
========== LOP Check ==========
 
[2008.11.16 13:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Alawar
[2009.03.14 13:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ashampoo
[2009.11.21 21:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2008.12.03 13:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
[2009.01.05 23:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cerasus.media
[2010.04.06 21:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\concept design
[2010.04.28 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009.09.03 18:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EleFun Games
[2008.06.09 18:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gaijin Ent
[2008.12.03 18:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gemsweeperextractedgfx
[2008.11.15 14:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gogii Games
[2010.06.13 22:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ
[2008.03.20 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
[2008.03.20 21:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2008.10.13 15:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009.09.01 23:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lost in the City
[2008.06.09 17:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Meridian93
[2008.03.20 20:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2008.05.22 14:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oberon Games
[2009.09.03 14:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\panoramik
[2008.10.29 21:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\phonostar-Player
[2009.09.25 16:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2009.09.03 12:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Playrix Entertainment
[2008.08.13 16:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SultansLabyrinth
[2010.04.06 21:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teleca
[2008.08.14 14:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TheScruffs
[2010.05.17 14:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2008.05.31 14:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Turtle Odyssey II
[2008.06.09 19:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Valusoft
[2008.05.31 16:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VeniceMysteryData
[2009.03.19 17:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Live Writer
[2009.07.01 11:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YoudaGames
[2008.06.02 14:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cerasus.media
[2010.04.28 20:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008.09.01 15:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2008.12.17 16:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Global Software Publishing
[2008.08.20 18:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008.11.15 14:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2008.06.01 09:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2008.05.31 13:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2008.06.10 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009.03.14 19:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.08.31 16:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008.12.03 18:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meine Spiele
[2009.04.10 02:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age
[2008.06.09 19:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2009.09.25 16:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008.12.01 21:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2008.09.02 16:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010.04.19 20:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2010.01.05 17:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.05.17 14:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008.06.09 19:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2009.03.23 16:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.05.17 14:50:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.09.14 16:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.20 15:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.06.19 16:08:22 | 000,000,516 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Larusso · 19.06.2010, 15:39

start --> ausführen --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

@echo off
cd \
md "%userprofile%\desktop\infected"
copy "C:\WINDOWS\WECO Feuerwerk .scr" "%userprofile%\desktop\infected"
del%0

Speichere diese unter file.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklich auf die file.bat.
Vista und Win7 User: Mit Rechtsklick "als Administrator starten"

Schritt 2

Nach der ausführung solltest du einen Ordner Infected am Desktop haben.
Darin befindet sich die feuerwerk.scr
Diese bitte wie folgt hochladen

Öffne diese Webseite: virustotal
Klicke auf "Durchsuchen"
Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
"Senden der Datei"
Warte, bis der Scandurchlauf aller Virenscanner beendet ist
Auf "Filter" klicken
dann auf "Ergebnisse"
das Ergebnis (wie Du es bekommst )
komplett markieren und hier rein kopieren

Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen

Poste mir die Auswertung

+max+ · 19.06.2010, 16:09

Virustotal ist nicht erreichbar...

Liegt das am Laptop oder an der Seite?

Larusso · 19.06.2010, 16:14

Liegt an der Seite -.-

Jottis Malwarescanner

+max+ · 19.06.2010, 16:59

Jotti hat nichts gefunden...

Larusso · 19.06.2010, 17:16

Speichere folgendes als CFScript.txt ab (nicht CFScript.txt.txt!!!)

Code:

ATTFilter

KillAll::
RenV::
C:\WINDOWS\WECO Feuerwerk .scr

Poste mir erneut die Combofix.txt

+max+ · 19.06.2010, 18:12

Seit ca. 20 Minuten Steht bei Combo Fix:

R6025
- pure virtual function call

Weiter laufen lassen ?

+max+ · 19.06.2010, 18:19

Ahhh ok das Logfile ist da:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-06-18.03 - Administrator 19.06.2010  18:41:57.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.254.96 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-19 bis 2010-06-19  ))))))))))))))))))))))))))))))
.

2010-06-17 21:44 . 2010-06-17 21:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-17 21:44 . 2010-06-17 21:44	--------	d-----w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-17 21:43 . 2010-06-17 21:43	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-17 21:40 . 2010-06-17 21:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 05:44 . 2010-06-17 21:46	63488	----a-w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-18 05:44 . 2010-06-17 21:46	117760	----a-w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-17 21:46 . 2010-06-17 21:46	52224	----a-w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"PCTVOICE"="pctspk.exe" [2003-02-24 163840]
"Conceptronic Conceptronic 54Mbps Wireless Utility"="c:\program files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe" [2007-01-19 950272]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-03-01 11:35	327680	----a-w-	c:\program files\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51	691656	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16	141608	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-07-07 08:42	2156368	------w-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-07 17:13	2403568	----a-w-	c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-05-20 14:11	111928	----a-r-	c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44	37888	----a-w-	c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.04.2010 20:24 721904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 19:41 67656]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [20.03.2008 20:36 264704]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-06-19 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]

2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-06-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-05 17:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.feuerwerk-forum.de/cms.php?p=home
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-19 19:02
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys splc.sys hal.dll >>UNKNOWN [0x81B1F938]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf92a5f28
\Driver\ACPI -> ACPI.sys @ 0xf90ffcb8
\Driver\atapi -> atapi.sys @ 0xf909cb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS:  -> SendCompleteHandler -> 0x0
 PacketIndicateHandler -> 0x0
 SendHandler -> 0x0
user & kernel MBR OK 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-436374069-706699826-1957994488-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,42,e5,e5,9a,13,5a,58,59,b3,38,57,cf,28,63,b1,49,6d,1e,6d,01,25,be,
   ea,30,66,12,14,9c,3d,4c,34,8a,58,14,83,f7,5c,57,60,5d,ed,20,17,73,15,82,96,\
"??"=hex:c4,8a,f6,63,3a,cc,81,12,7e,50,4c,f3,5a,84,99,8d

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(452)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(1692)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TUProgSt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-19  19:16:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-19 18:16

Vor Suchlauf: 10.705.178.624 bytes free
Nach Suchlauf: 13 Verzeichnis(se), 10.694.291.456 Bytes frei

- - End Of File - - 9E4603F5D8598B98131C5C617FD5E8C3

--- --- ---

Larusso · 19.06.2010, 18:32

Logfile ist sauber

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.

Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.

Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.
Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.
Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.

Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.

NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

+max+ · 19.06.2010, 19:07

Deinstallation und Bereinigung bereits erledigt, der Rest folgt noch...

Sage an diesen Punkt schonmal herzlichen Dank...

Noch Abschließend:

Ist jetzt wegen MSN noch irgendetwas notwendig, oder hat sich das damit auch erledigt?

Lg Max

19.06.2010, 13:30	#17
Larusso /// Selecta Jahrusso	Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und... Lade dir eine neue Kopie von COmbofix herunter. Diese nicht umbenennen. __________________ __________________

19.06.2010, 13:43	#19
Larusso /// Selecta Jahrusso	Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und... Jz mach mal das was ich dir hier schreibe sonst wird das nie was __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

19.06.2010, 16:14	#24
Larusso /// Selecta Jahrusso	Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und... Liegt an der Seite -.- Jottis Malwarescanner __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und...

Plagegeister aller Art und deren Bekämpfung: Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und...