Trojaner eingefangen? Browser und Programme spinnen

Wolfizero

Ok, ComboFix ausgeführt, hier der/die/das Log:

ComboFix 10-02-12.01 - Wolfi 18.02.2010 9:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.884 [GMT 1:00]
ausgeführt von:: c:\users\Wolfi\Downloads\Cofi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
C:\install.exe
c:\users\Wolfi\Documents\REg_Backup_171009.reg
c:\users\Wolfi\Documents\RegistrierungssicherungM„rz.reg
c:\users\Wolfi\tueroif.exe
c:\users\Wolfi\tuoco.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\Data
c:\windows\system32\Documents .lnk
c:\windows\system32\Music .lnk
c:\windows\system32\New Folder .lnk
c:\windows\system32\Passwords .lnk
c:\windows\system32\Pictures .lnk
c:\windows\system32\setup.ini
c:\windows\system32\Video .lnk

Infizierte Kopie von c:\windows\system32\drivers\atapi.sys wurde gefunden und desinfiziert
Kopie von - c:\cofi\HarddiskVolumeShadowCopy9_!Windows!System32!drivers!atapi.sys wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-01-18 bis 2010-02-18 ))))))))))))))))))))))))))))))
.

2010-02-18 08:34 . 2010-02-18 08:35 -------- d-----w- c:\users\Wolfi\AppData\Local\temp
2010-02-18 08:34 . 2010-02-18 08:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-17 15:49 . 2010-02-17 15:49 -------- d-----w- C:\rsit
2010-02-16 17:08 . 2010-02-16 17:08 -------- d-----w- C:\!KillBox
2010-02-16 16:36 . 2010-02-16 16:36 -------- d-----w- c:\programdata\WindowsSearch
2010-02-16 16:32 . 2010-02-16 16:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-16 16:32 . 2010-02-16 16:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-16 16:32 . 2010-02-16 16:32 -------- d-----w- c:\users\Wolfi\AppData\Roaming\SUPERAntiSpyware.com
2010-02-16 16:28 . 2010-02-16 16:28 -------- d-----w- C:\GPs
2010-02-16 16:26 . 2010-02-16 16:28 -------- d-----w- C:\Guitar Pro 5.0
2010-02-16 15:19 . 2010-02-16 16:59 -------- d-----w- c:\users\Wolfi\AppData\Roaming\QuickScan
2010-02-16 14:49 . 2010-02-16 14:49 -------- d-----w- c:\program files\Trend Micro
2010-02-16 14:30 . 2010-02-16 14:30 -------- d-----w- c:\users\Wolfi\AppData\Roaming\AVG8
2010-02-16 14:26 . 2010-02-17 14:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-16 14:26 . 2010-02-17 08:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-16 09:43 . 2010-02-16 09:21 64512 --sh--r- c:\windows\system32\tuoco.exe
2010-02-16 09:43 . 2010-02-16 07:21 64512 --sh--r- c:\windows\system32\tueroif.exe
2010-02-16 09:21 . 2010-02-16 09:21 64512 --sh--r- c:\windows\system32\tuoco.scr
2010-02-16 08:35 . 2010-02-16 08:35 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Malwarebytes
2010-02-16 08:35 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 08:34 . 2010-02-16 14:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 08:34 . 2010-02-16 08:34 -------- d-----w- c:\programdata\Malwarebytes
2010-02-16 08:34 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-16 08:31 . 2010-02-16 08:31 -------- d-----w- c:\program files\CCleaner
2010-02-16 07:22 . 2010-02-16 07:45 -------- d-----w- c:\program files\Bethesda Softworks
2010-02-16 07:21 . 2010-02-16 07:21 64512 --sh--r- c:\windows\system32\tueroif.scr
2010-02-16 05:56 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-16 05:56 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-16 05:56 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-16 05:56 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-16 05:01 . 2010-02-16 05:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-16 04:54 . 2010-02-16 08:58 -------- d-----w- C:\Fallout 3 DVD
2010-02-16 03:51 . 2010-02-16 03:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-16 02:55 . 2010-02-16 02:56 -------- d-----w- C:\40966214c097f7e22a
2010-02-15 16:24 . 2010-02-15 16:24 -------- d-----w- c:\users\Wolfi\AppData\Local\Fallout3
2010-02-15 16:21 . 2010-02-15 16:21 -------- d-----w- C:\inetpub
2010-02-15 13:48 . 2010-02-15 13:48 -------- d-----w- c:\programdata\Fallout3
2010-02-15 13:39 . 2010-02-15 13:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-10 19:13 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 19:13 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 19:13 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 19:13 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-09 19:32 . 2010-02-09 19:32 -------- d-----w- c:\programdata\Creative Labs
2010-02-08 23:58 . 2010-02-08 23:58 -------- d-----w- c:\programdata\2DBoy
2010-02-08 23:57 . 2010-02-08 23:58 -------- d-----w- C:\WorldOfGoo
2010-02-08 19:48 . 2010-02-01 12:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-08 19:48 . 2010-02-01 11:57 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-02-08 19:48 . 2010-02-01 11:57 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-08 19:48 . 2010-02-08 19:48 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-08 19:48 . 2010-02-08 19:48 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-08 16:13 . 2009-04-02 10:33 2873820 ------w- c:\windows\system32\Sens_oal.dll
2010-02-08 16:12 . 2010-02-08 16:12 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-02-08 16:11 . 2009-07-10 08:07 166912 ----a-w- c:\windows\system32\APOMngr.DLL
2010-02-08 16:11 . 2009-02-06 17:52 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-02-07 14:41 . 2010-02-07 14:41 -------- d-----w- C:\EA SPORTS
2010-02-07 14:32 . 2010-02-07 14:32 -------- d-----w- c:\programdata\EA Logs
2010-02-07 01:04 . 2010-02-07 01:33 -------- d-----w- C:\FM10 DVD
2010-02-07 00:00 . 2010-02-07 00:00 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-06 23:58 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-02-06 23:57 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-06 23:57 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-06 23:57 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-06 20:22 . 2010-02-06 20:22 -------- d-----w- C:\Electronic Arts
2010-02-06 19:50 . 2010-02-06 19:51 -------- d-----w- c:\program files\NSIS
2010-02-06 18:51 . 2010-02-06 18:52 -------- d-----w- c:\windows\system32\ca-ES
2010-02-06 18:51 . 2010-02-06 18:52 -------- d-----w- c:\windows\system32\eu-ES
2010-02-06 18:51 . 2010-02-06 18:52 -------- d-----w- c:\windows\system32\vi-VN
2010-02-06 18:48 . 2010-02-06 18:48 -------- d-----w- c:\windows\system32\SPReview
2010-02-06 18:40 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-02-06 18:40 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-02-06 18:38 . 2009-04-10 22:32 527848 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-02-06 18:37 . 2009-04-10 22:28 347648 ----a-w- c:\windows\system32\wbem\wbemess.dll
2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\windows\system32\EventProviders
2010-02-06 18:10 . 2010-02-06 20:24 -------- d-----w- c:\programdata\Electronic Arts
2010-02-06 17:39 . 2009-04-10 21:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-06 17:37 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-02-06 15:48 . 2010-01-12 04:03 68200 ----a-w- c:\windows\system32\OpenCL.dll
2010-02-06 15:48 . 2010-01-12 04:03 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-02-06 15:48 . 2010-01-12 04:03 4321384 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-02-06 15:48 . 2010-01-12 04:03 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2010-02-06 15:48 . 2010-01-12 04:03 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
2010-02-06 15:48 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-02-06 15:48 . 2010-01-12 04:03 4061800 ----a-w- c:\windows\system32\nvcuda.dll
2010-02-06 15:48 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod189.dll
2010-02-06 15:48 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-02-06 15:48 . 2010-01-12 04:03 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
2010-02-06 15:37 . 2010-02-06 15:37 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-06 15:37 . 2010-02-06 15:37 -------- d-----w- c:\users\Wolfi\SystemRequirementsLab
2010-02-06 14:32 . 2010-02-06 14:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-06 13:42 . 2010-02-08 16:13 -------- d-----w- c:\program files\Creative
2010-02-06 02:00 . 2010-02-08 19:42 -------- d-----w- c:\programdata\Creative
2010-01-31 21:13 . 2010-02-03 23:08 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-01-31 01:50 . 2010-01-31 01:58 -------- d-----w- c:\program files\VirtualFem
2010-01-30 12:20 . 2010-02-17 07:52 -------- d-----w- c:\users\Wolfi\AppData\Roaming\vlc
2010-01-20 15:37 . 2010-01-23 15:26 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 08:36 . 2009-02-06 16:48 -------- d-----w- c:\programdata\NVIDIA
2010-02-18 08:35 . 2009-04-25 11:22 34895 ----a-w- c:\programdata\nvModes.dat
2010-02-18 08:31 . 2008-01-21 07:15 698602 ----a-w- c:\windows\system32\perfh007.dat
2010-02-18 08:31 . 2008-01-21 07:15 151410 ----a-w- c:\windows\system32\perfc007.dat
2010-02-17 09:21 . 2009-02-06 16:17 1356 ----a-w- c:\users\Wolfi\AppData\Local\d3d9caps.dat
2010-02-17 08:20 . 2009-02-16 22:15 -------- d-----w- c:\program files\SweetIM
2010-02-17 08:09 . 2010-02-16 16:33 117760 ----a-w- c:\users\Wolfi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-16 16:33 . 2010-02-16 16:33 52224 ----a-w- c:\users\Wolfi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-16 16:31 . 2009-02-06 16:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-16 05:31 . 2009-09-27 03:35 -------- d-----w- c:\program files\PowerArchiver
2010-02-16 05:05 . 2009-03-09 13:30 -------- d-----w- c:\users\Wolfi\AppData\Roaming\DAEMON Tools Lite
2010-02-16 05:02 . 2009-03-09 13:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-16 05:01 . 2009-03-09 14:05 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-02-16 04:14 . 2009-02-06 16:18 73800 ----a-w- c:\users\Wolfi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-16 04:12 . 2009-04-23 14:29 -------- d-----w- c:\program files\cFos
2010-02-16 04:11 . 2009-02-06 16:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 04:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-14 14:10 . 2009-02-11 10:44 -------- d-----w- c:\users\Wolfi\AppData\Roaming\ICQ
2010-02-14 02:42 . 2009-05-08 19:28 -------- d-----w- c:\program files\C3MT
2010-02-13 04:40 . 2009-05-26 02:32 -------- d-----w- c:\program files\Steam
2010-02-08 19:48 . 2009-02-09 09:08 -------- d-----w- c:\programdata\TuneUp Software
2010-02-08 19:47 . 2009-02-09 09:08 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-02-08 16:13 . 2009-09-16 08:41 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-08 16:13 . 2009-09-16 08:41 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-07 00:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-07 00:00 . 2010-02-07 00:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-07 00:00 . 2010-02-07 00:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-06 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-06 17:34 . 2009-03-09 03:57 -------- d-----w- c:\program files\Electronic Arts
2010-02-06 15:50 . 2009-08-13 21:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-06 15:50 . 2009-02-06 16:43 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-06 14:32 . 2010-02-06 14:32 38784 ----a-w- c:\users\Wolfi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-06 14:32 . 2010-02-06 14:32 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-03 23:08 . 2010-01-31 21:13 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-02-02 16:02 . 2009-05-26 02:49 -------- d-----w- c:\programdata\Media Center Programs
2010-02-02 15:38 . 2009-02-09 09:09 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-01 15:20 . 2009-10-02 10:16 -------- d-----w- c:\users\Wolfi\AppData\Roaming\Tropico 3
2010-01-31 01:51 . 2010-01-31 01:51 11502 ----a-r- c:\users\Wolfi\AppData\Roaming\Microsoft\Installer\{BAE4D301-FE3F-4B41-813C-81165BD1FB30}\_3cec1c82.exe
2010-01-31 01:51 . 2010-01-31 01:51 11502 ----a-r- c:\users\Wolfi\AppData\Roaming\Microsoft\Installer\{BAE4D301-FE3F-4B41-813C-81165BD1FB30}\_165d6e64.exe
2010-01-30 12:06 . 2009-05-25 23:40 -------- d-----w- c:\users\Wolfi\AppData\Roaming\dvdcss
2010-01-20 15:26 . 2009-04-25 09:16 -------- d-----w- c:\program files\Rockstar Games
2010-01-17 14:42 . 2010-01-17 14:37 -------- d-----w- c:\program files\Airline Tycoon - Deluxe
2010-01-16 13:46 . 2010-01-16 13:45 -------- d-----w- c:\program files\KKND Krossfire
2010-01-14 11:42 . 2010-01-07 17:33 -------- d-----w- c:\program files\Microids
2010-01-14 10:12 . 2009-10-03 09:32 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 09:36 . 2010-01-13 09:36 1273592 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-12 04:03 . 2010-02-06 15:48 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-01-12 04:03 . 2009-08-13 21:33 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2008-09-17 01:55 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
2010-01-12 04:03 . 2008-09-17 01:55 1280616 ----a-w- c:\windows\system32\nvapi.dll
2010-01-11 21:18 . 2010-01-11 21:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-11 21:18 . 2010-01-11 21:18 1515112 ----a-w- c:\windows\system32\nvsvcr.dll
2010-01-11 21:18 . 2010-01-11 21:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:18 . 2010-01-11 21:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-11 21:18 . 2010-01-11 21:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 16:33 . 2010-02-16 15:19 789320 ----a-w- c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-11 16:32 . 2010-02-16 15:19 698184 ----a-w- c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-01-07 17:02 . 2009-05-26 00:36 -------- d-----w- c:\program files\AVS4YOU
2010-01-07 16:46 . 2009-03-01 00:10 -------- d-----w- c:\program files\2K Games
2010-01-05 17:36 . 2010-01-05 17:36 -------- d-----w- c:\users\Wolfi\AppData\Roaming\c-software
2010-01-05 17:35 . 2010-01-05 17:27 -------- d-----w- c:\program files\ELBK2
2010-01-04 16:50 . 2009-05-28 23:06 -------- d-----w- c:\program files\THQ
2010-01-02 06:38 . 2010-01-22 22:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 22:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 22:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 22:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 13:39 . 2009-02-11 10:43 -------- d-----w- c:\program files\ICQ6.5
2009-12-29 22:53 . 2009-11-12 13:19 -------- d-----w- c:\users\Wolfi\AppData\Roaming\gtk-2.0
2009-12-29 10:52 . 2009-12-29 10:52 -------- d-----w- c:\programdata\TechSmith
2009-12-29 10:52 . 2009-12-29 10:52 -------- d-----w- c:\program files\TechSmith
2009-12-24 21:42 . 2009-12-24 21:42 -------- d-----w- c:\program files\Bullfrog
2009-12-23 19:35 . 2009-12-23 18:15 157184 --sh--w- c:\windows\system32\SCS.dll
2009-12-23 19:35 . 2009-12-23 18:15 113152 --sh--w- c:\windows\system32\SCX.dll
2009-12-22 22:52 . 2009-12-22 14:56 -------- d-----w- c:\program files\Crazy Machines II
2009-12-22 16:12 . 2009-10-04 05:48 -------- d-----w- c:\program files\Activision
2009-12-22 14:54 . 2009-12-22 14:54 -------- d-----w- c:\program files\OpenAL
2009-12-14 00:31 . 2009-06-24 20:14 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 20:01 . 2010-02-10 19:12 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-10 19:12 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 19:12 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 19:12 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 19:12 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 19:12 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 19:12 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 19:12 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 19:12 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 19:12 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 19:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 19:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 19:12 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-05-30 21:22 . 2009-09-19 22:10 266240 ----a-w- c:\program files\@Home Mate RegFixer.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-09-22 16:21 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-09-22 16:21 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-09-22 16:21 216064 --sh--r- c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 17:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Steam"="c:\program files\Steam\Steam.exe" -silent
"Comrade.exe"=c:\program files\GameSpy\Comrade\Comrade.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"cFosDNT"=c:\program files\cFos\cFosDNT.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"VX3000"=c:\windows\vVX3000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e5,b9,90,41,5e,a7,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1452552504-3750701632-1159496026-1000]
"EnableNotificationsRef"=dword:00000002

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [24.06.2009 21:14 108289]
R2 cFosNT;cFosNT;c:\windows\System32\drivers\cFosNT.sys [23.04.2009 15:29 1206488]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [11.01.2010 21:00 240232]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [01.02.2010 13:00 1043784]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 07:24 10064]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [08.02.2010 17:12 79360]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [09.02.2009 09:49 17536]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [09.03.2009 14:30 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-02-17 c:\windows\Tasks\User_Feed_Synchronization-{1FB89CD6-4C99-4F44-A899-DC6FBD9D05A6}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
uInternet Settings,ProxyOverride = *.t-online.de;localhost;<local>
IE: &NeoTrace It! - c:\neotra~1\NTXcontext.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\MOZILLA FIREFOX\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 09:38
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1452552504-3750701632-1159496026-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:07,a6,c4,fd,67,85,a0,db,88,60,4d,91,6b,17,83,8c,c7,e3,fc,54,5a,48,14,
33,67,3b,8d,4f,99,a4,c8,a4,44,2f,d8,10,03,a5,cb,26,ce,4f,76,3e,0e,5d,85,a4,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b

[HKEY_USERS\S-1-5-21-1452552504-3750701632-1159496026-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,23,16,ee,76,12,8e,2e,cc,00,86,6a,af,39,77,cd,cd,6b,02,a4,0c,
f7,1b,90,bd,a4,1f,72,75,43,1d,ad,87,dc,de,2a,6e,ec,be,cc,39,01,71,68,c1,76,\
"rkeysecu"=hex:21,68,02,d5,a4,cc,46,f2,d0,01,c0,80,76,61,ec,58

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-02-18 09:43:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-02-18 08:43

Vor Suchlauf: 47 Verzeichnis(se), 98.811.183.104 Bytes frei
Nach Suchlauf: 51 Verzeichnis(se), 101.815.242.752 Bytes frei

- - End Of File - - C079FCA592E6D4B207E3D0773550E061