tr/ dropper.gen

annaswelten · 27.03.2010, 19:21

OTL logfile created on: 3/27/2010 7:18:52 PM - Run 5
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Anna\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 29.85 Gb Free Space | 26.79% Space Free | Partition Type: NTFS
Drive D: | 104.90 Gb Total Space | 23.60 Gb Free Space | 22.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNA-PC
Current User Name: Anna
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/27 13:30:30 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/22 20:48:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Downloads\OTL.exe
PRC - [2009/12/15 10:40:54 | 000,207,504 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/16 14:01:16 | 000,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/07/21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/05/13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

========== Modules (SafeList) ==========

MOD - [2010/03/22 20:48:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Downloads\OTL.exe
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/10 17:29:28 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/04 20:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/16 14:01:16 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/07/21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 13:30:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/27 13:30:32 | 000,000,000 | ---D | M]

[2009/12/03 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Mozilla\Extensions
[2010/03/27 13:30:44 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\extensions
[2009/12/08 18:38:56 | 000,000,881 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\conduit.xml
[2010/03/21 10:33:54 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-1.xml
[2010/02/20 12:54:17 | 000,000,961 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-2.xml
[2010/03/18 21:32:48 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-3.xml
[2010/03/27 13:30:46 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-4.xml
[2010/03/27 13:35:29 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-5.xml
[2009/12/31 17:13:23 | 000,000,961 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin.xml
[2010/02/13 15:54:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/05 21:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/02/13 15:54:35 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/17 12:56:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/03/17 12:56:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/03/17 12:56:57 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/03/17 12:56:57 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/03/17 12:56:57 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/03/27 09:51:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/27 19:12:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/27 19:11:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/27 19:06:14 | 000,000,000 | ---D | C] -- C:\cofi3774c
[2010/03/27 19:05:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/27 19:05:55 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/27 13:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/27 13:27:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/27 09:50:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\temp
[2010/03/27 09:39:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/27 09:39:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/27 09:39:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/27 09:39:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/27 09:39:13 | 000,000,000 | ---D | C] -- C:\cofi
[2010/03/27 09:38:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/24 21:23:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/22 14:53:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/03/22 03:59:43 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/21 20:07:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2010/03/21 20:06:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/21 20:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/21 20:06:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/21 20:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/21 12:55:00 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Diagnostics
[2010/03/21 12:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/21 11:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/19 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2010/03/19 21:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra
[2010/03/19 19:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010/03/19 19:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010/03/19 19:05:05 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/03/19 19:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/03/19 19:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/03/19 18:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/03/14 17:30:48 | 000,000,000 | ---D | C] -- C:\Users\Anna\Desktop\SPIELE + CHAT MATTHIAS
[2010/03/14 17:22:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\Desktop\Bewerbung etc

========== Files - Modified Within 14 Days ==========

[2010/03/27 19:16:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/27 19:16:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/27 19:16:11 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/27 19:15:32 | 001,572,864 | -HS- | M] () -- C:\Users\Anna\NTUSER.DAT
[2010/03/27 19:11:55 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/27 14:29:46 | 000,025,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 14:29:46 | 000,025,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 09:51:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/27 09:35:07 | 003,903,606 | R--- | M] () -- C:\Users\Anna\Desktop\cofi.exe
[2010/03/27 09:30:43 | 001,292,140 | -H-- | M] () -- C:\Users\Anna\AppData\Local\IconCache.db
[2010/03/27 09:30:25 | 000,000,020 | ---- | M] () -- C:\Users\Anna\defogger_reenable
[2010/03/24 21:23:52 | 508,247,827 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/21 20:06:59 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/21 13:30:29 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/21 13:30:29 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/21 13:30:29 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/21 12:35:51 | 000,002,047 | ---- | M] () -- C:\Users\Anna\Desktop\HijackThis.lnk
[2010/03/21 11:52:53 | 000,001,839 | ---- | M] () -- C:\Users\Anna\Desktop\CCleaner.lnk
[2010/03/20 03:03:14 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/19 19:27:11 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini
[2010/03/19 19:05:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys

========== Files Created - No Company Name ==========

[2010/03/27 09:39:34 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/27 09:39:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/27 09:39:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/27 09:39:34 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/27 09:39:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/27 09:35:03 | 003,903,606 | R--- | C] () -- C:\Users\Anna\Desktop\cofi.exe
[2010/03/27 09:30:12 | 000,000,020 | ---- | C] () -- C:\Users\Anna\defogger_reenable
[2010/03/24 21:23:52 | 508,247,827 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/21 20:06:59 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/21 12:32:19 | 000,002,047 | ---- | C] () -- C:\Users\Anna\Desktop\HijackThis.lnk
[2010/03/21 11:52:53 | 000,001,839 | ---- | C] () -- C:\Users\Anna\Desktop\CCleaner.lnk
[2010/03/19 19:27:52 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/19 19:27:17 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/03/19 19:27:14 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/03/19 19:27:11 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/02/13 16:05:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/04 19:19:37 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/02/28 19:27:29 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Advanced Chemistry Development
[2009/12/20 18:48:54 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ICQ
[2010/01/16 09:40:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ratiopharm
[2010/02/16 08:51:38 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Larusso · 27.03.2010, 20:00

Hat das deinstallieren von ComboFix geklappt ???
Keine Fehlermeldung etc.

annaswelten · 28.03.2010, 12:16

ja es hat geklappt, gab keine probleme dabei...
also alles supi

Larusso · 28.03.2010, 13:39

Einmal noch

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Run Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

schritt 2

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java (Java SE Runtime Environment (JRE) 6 Update 17) von http://www.trojaner-board.de/105213-java-update-einstellungen.html]SUN[/url]. Wenn Du auf Download geklickt hast, erscheint eine Seite, wo Du das Betriebssystem auswählen musst (also Windows) und ein Häkchen bei "I agree" setzen musst. Dann auf den Button "Continue" klicken. Dort die jre-6u18-windows-i586.exe downloaden und anschließend installieren, eventuell angebotene Toolbars (Yahoo Toolbar) nicht mitinstallieren.

schritt 3

Poste mir eine letzte OTL Logfile ( Quickscan )

Bitte poste in Deiner nächsten Antwort
OTL.txt

annaswelten · 28.03.2010, 20:28

okidoki chef

also hier die ergebnisse:

OTL SCHRITT 1

All processes killed
========== OTL ==========
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" removed from keyword.URL
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anna
->Temp folder emptied: 1282 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11711982 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matthias
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.00 mb

OTL by OldTimer - Version 3.1.37.3 log created on 03282010_210810

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL SCHRITT 3

OTL logfile created on: 3/28/2010 9:23:04 PM - Run 6
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Anna\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 30.96 Gb Free Space | 27.78% Space Free | Partition Type: NTFS
Drive D: | 104.90 Gb Total Space | 23.60 Gb Free Space | 22.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNA-PC
Current User Name: Anna
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/27 14:30:30 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/22 21:48:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Downloads\OTL.exe
PRC - [2009/12/15 11:40:54 | 000,207,504 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/16 15:01:16 | 000,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/07/21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/05/13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

========== Modules (SafeList) ==========

MOD - [2010/03/22 21:48:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Downloads\OTL.exe
MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/10 18:29:28 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/16 15:01:16 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/07/21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 14:30:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/27 14:30:32 | 000,000,000 | ---D | M]

[2009/12/03 19:22:00 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Mozilla\Extensions
[2010/03/27 14:30:44 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\extensions
[2009/12/08 19:38:56 | 000,000,881 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\conduit.xml
[2010/03/28 13:54:05 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-1.xml
[2010/02/20 13:54:17 | 000,000,961 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-2.xml
[2010/03/18 22:32:48 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-3.xml
[2010/03/27 14:30:46 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-4.xml
[2010/03/27 14:35:29 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-5.xml
[2009/12/31 18:13:23 | 000,000,961 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin.xml
[2010/03/28 21:22:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/05 22:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/02/13 16:54:35 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/17 13:56:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/03/17 13:56:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/03/17 13:56:57 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/03/17 13:56:57 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/03/17 13:56:57 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/03/27 10:51:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/28 21:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/28 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/28 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/28 21:14:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/03/28 13:11:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/28 13:10:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/28 13:05:43 | 000,000,000 | ---D | C] -- C:\cofi18413c
[2010/03/28 13:05:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/28 13:05:25 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/27 20:06:14 | 000,000,000 | ---D | C] -- C:\cofi3774c
[2010/03/27 14:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/27 14:27:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/27 10:50:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\temp
[2010/03/27 10:39:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/27 10:39:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/27 10:39:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/27 10:39:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/27 10:39:13 | 000,000,000 | ---D | C] -- C:\cofi
[2010/03/27 10:38:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/24 22:23:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/22 15:53:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/03/22 04:59:43 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/21 21:07:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2010/03/21 21:06:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/21 21:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/21 21:06:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/21 21:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/21 13:55:00 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Diagnostics
[2010/03/21 13:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/21 12:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/19 22:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2010/03/19 22:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra
[2010/03/19 20:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010/03/19 20:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010/03/19 20:05:05 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/03/19 20:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/03/19 20:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/03/19 19:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Steam

========== Files - Modified Within 14 Days ==========

[2010/03/28 21:25:08 | 001,572,864 | -HS- | M] () -- C:\Users\Anna\NTUSER.DAT
[2010/03/28 21:23:07 | 000,025,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 21:23:07 | 000,025,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 21:20:11 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/28 21:20:11 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/28 21:20:11 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/28 21:15:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/28 21:15:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/28 21:15:42 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/28 21:15:05 | 001,610,536 | -H-- | M] () -- C:\Users\Anna\AppData\Local\IconCache.db
[2010/03/28 21:13:11 | 000,022,016 | ---- | M] () -- C:\Users\Anna\Desktop\All processes killed.doc
[2010/03/28 13:10:17 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/27 10:51:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/27 10:35:07 | 003,903,606 | R--- | M] () -- C:\Users\Anna\Desktop\cofi.exe
[2010/03/27 10:30:25 | 000,000,020 | ---- | M] () -- C:\Users\Anna\defogger_reenable
[2010/03/24 22:23:52 | 508,247,827 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/21 21:06:59 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/21 13:35:51 | 000,002,047 | ---- | M] () -- C:\Users\Anna\Desktop\HijackThis.lnk
[2010/03/21 12:52:53 | 000,001,839 | ---- | M] () -- C:\Users\Anna\Desktop\CCleaner.lnk
[2010/03/20 04:03:14 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/19 20:27:11 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini
[2010/03/19 20:05:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys

========== Files Created - No Company Name ==========

[2010/03/28 21:13:09 | 000,022,016 | ---- | C] () -- C:\Users\Anna\Desktop\All processes killed.doc
[2010/03/27 10:39:34 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/27 10:39:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/27 10:39:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/27 10:39:34 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/27 10:39:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/27 10:35:03 | 003,903,606 | R--- | C] () -- C:\Users\Anna\Desktop\cofi.exe
[2010/03/27 10:30:12 | 000,000,020 | ---- | C] () -- C:\Users\Anna\defogger_reenable
[2010/03/24 22:23:52 | 508,247,827 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/21 21:06:59 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/21 13:32:19 | 000,002,047 | ---- | C] () -- C:\Users\Anna\Desktop\HijackThis.lnk
[2010/03/21 12:52:53 | 000,001,839 | ---- | C] () -- C:\Users\Anna\Desktop\CCleaner.lnk
[2010/03/19 20:27:52 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/19 20:27:17 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/03/19 20:27:14 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/03/19 20:27:11 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/02/13 17:05:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/04 20:19:37 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/02/28 20:27:29 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Advanced Chemistry Development
[2009/12/20 19:48:54 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ICQ
[2010/01/16 10:40:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ratiopharm
[2010/02/16 09:51:38 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

glg
anna

Larusso · 28.03.2010, 20:40

Start >> ausführen >> notepad (hineinschreiben)
Kopiere nun folgenden Text komplett ind das leere Textdokument

Code:

ATTFilter

@ echo off
cd \
rd /s /q CoFi
del C:\Users\Anna\Desktop\cofi.exe
del combofix.txt
del Windows\pev.exe
del 0%

Datei >> Speichern unter >>
Dateiname: cf.bat (hineinschreiben)
DateiTyp : Alle Dateien (auswählen)
Speichere die cf.bat auf den Desktop
Doppelklick auf die .bat
(die .bat sollte danach weg sein)

Logfile ist sauber

:

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Wir entfernen jetzt alle Tools und Logfiles.

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den CleanUp Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.

Schritt 2

Systemwiederherstellung leeren

Windows + R- Taste drücken. Kopiere nun folgendes aus der Code-Box in die Kommandozeile:

Code:

ATTFilter

"%SystemRoot%\System32\restore\rstrui.exe"

Klick auf Systemwiederherstellungseinstellungen.
Reiter Systemwiederherstellung.
Setze nun ein Häckchen bei Systemwiederherstellung deaktivieren.
Klick auf übernehmen und OK.

Starte nun den Rechner neu auf.

Entferne nach dem Neustart das Häckchen wieder ( wichtig )

Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Klick auf Start --> Sicherheitscenter
und siehe nach ob die Automatischen Updates aktiv sind.

Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.
Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.
Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.

Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.

NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateieindung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen abonnierten Themen löschen kann.

annaswelten · 28.03.2010, 20:55

Schritt 2 funktioniert nicht es kommt die folgende fehlermeldung:

Windows cannot find `C:\Windows\System32\restore\rstrui.exe. Make sure you typed the name correctly, and then try again.

Larusso · 28.03.2010, 21:14

Okay, dann klappt das bei Win7 nicht. Sollte eigentlich.
Nur aus reiner neugier, kannst Du mal versuchen nur rstrui.exe einzugeben ob das klappt.

Sonst halte dich an diese Anleitung

annaswelten · 28.03.2010, 21:35

sah zwar alles ein wenig anders aus aber glaube ich hab schritt 2 nun hinbekommen. am ende nach dem neustart kam die meldung:

System Restore completed successfully. The system has been restored to 28.3.2010 21:21. your documents have not been affected

bei schritt 3 ist alles aktiv

Larusso · 29.03.2010, 15:06

Naaaaaaaaaaaaaaaaaain, mach das wieder rückgängig.

Systemwiederherstellung leeren

schritt 1
Ich kopier das mal hier rein. Quelle

So machen Sie die von der Systemwiederherstellung vorgenommenen Änderungen rückgängig

1.
Öffnen Sie die Systemwiederherstellung, indem Sie auf die Schaltfläche StartSchaltfläche "Start" klicken. Geben Sie im Suchfeld den Text Systemwiederherstellung ein, und klicken Sie anschließend in der Ergebnisliste auf Systemwiederherstellung.* Administratorberechtigung erforderlich Wenn Sie aufgefordert werden, ein Administratorkennwort oder eine Bestätigung einzugeben, geben Sie das Kennwort bzw. die Bestätigung ein.

2.
Klicken Sie auf Systemwiederherstellung rückgängig machen und dann auf Weiter.

3.
Überprüfen Sie die von Ihnen ausgewählten Optionen, und klicken Sie dann auf Fertig stellen.

schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Jetzt können wir nur noch beeten :/

annaswelten · 29.03.2010, 19:31

oh nein!!! was hab ich falsch gemacht??!!! ist das jetzt sehr schlimm??? also bevor ich wieder was nicht richtig mache...

bei mir sieht das alles ein wenig anders aus, aber würde jetzt bei dem programm system restore

auf undo system restore drücken und dann next bzw finish, und neu starten lassen...richtig?

Larusso · 29.03.2010, 19:53

Naja, systemwiederherstellung heist, das du dein System eventuell wieder infiziert hast.
Aber da CF vorher gelaufen ist, haben wir vl noch glück.

Warum das alles auf english ist ist fraglich.

Aber undo systemrestore hört sich gut an.

annaswelten · 30.03.2010, 08:49

OTL logfile created on: 3/30/2010 9:40:42 AM - Run 6
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Anna\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 29.97 Gb Free Space | 26.89% Space Free | Partition Type: NTFS
Drive D: | 104.90 Gb Total Space | 23.60 Gb Free Space | 22.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNA-PC
Current User Name: Anna
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/22 21:48:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Downloads\OTL.exe
PRC - [2009/12/15 11:40:54 | 000,207,504 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/16 15:01:16 | 000,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/07/21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

========== Modules (SafeList) ==========

MOD - [2010/03/22 21:48:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Downloads\OTL.exe
MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 03:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
MOD - [2009/07/14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/10 18:29:28 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/16 15:01:16 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/07/21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 14:30:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/29 20:19:58 | 000,000,000 | ---D | M]

[2009/12/03 19:22:00 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Mozilla\Extensions
[2010/03/28 22:36:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\extensions
[2010/03/28 22:23:25 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/28 22:23:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/03/28 22:23:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/08 19:38:56 | 000,000,881 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\conduit.xml
[2010/03/28 13:54:05 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-1.xml
[2010/02/20 13:54:17 | 000,000,961 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-2.xml
[2010/03/18 22:32:48 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-3.xml
[2010/03/27 14:30:46 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-4.xml
[2010/03/27 14:35:29 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin-5.xml
[2009/12/31 18:13:23 | 000,000,961 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m9ckct9e.default\searchplugins\icqplugin.xml
[2010/02/13 16:54:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/05 22:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/02/13 16:54:35 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/17 13:56:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/03/17 13:56:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/03/17 13:56:57 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/03/17 13:56:57 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/03/17 13:56:57 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/03/27 10:51:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/28 21:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/28 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/28 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/28 21:14:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/03/28 13:11:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/28 13:10:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/28 13:05:43 | 000,000,000 | ---D | C] -- C:\cofi18413c
[2010/03/28 13:05:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/28 13:05:25 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/27 20:06:14 | 000,000,000 | ---D | C] -- C:\cofi3774c
[2010/03/27 14:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/27 14:27:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/27 10:50:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\temp
[2010/03/27 10:39:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/27 10:39:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/27 10:39:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/27 10:39:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/27 10:38:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/24 22:23:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/22 15:53:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/03/21 21:07:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2010/03/21 21:06:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/21 21:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/21 21:06:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/21 21:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/21 13:55:00 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Diagnostics
[2010/03/21 13:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/21 12:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/19 22:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2010/03/19 22:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra
[2010/03/19 20:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010/03/19 20:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010/03/19 20:05:05 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/03/19 20:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/03/19 20:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/03/19 19:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Steam

========== Files - Modified Within 14 Days ==========

[2010/03/30 09:40:43 | 001,572,864 | -HS- | M] () -- C:\Users\Anna\ntuser.dat
[2010/03/30 09:35:12 | 000,025,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/30 09:35:12 | 000,025,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/30 09:32:11 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/30 09:32:11 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/30 09:32:11 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/30 09:27:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/30 09:27:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/30 09:27:45 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/29 20:54:29 | 000,524,288 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{1e66cef4-3b62-11df-b067-00a0d1a91b4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/29 20:54:29 | 000,524,288 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{1e66cef4-3b62-11df-b067-00a0d1a91b4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/29 20:54:29 | 000,065,536 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{1e66cef4-3b62-11df-b067-00a0d1a91b4c}.TM.blf
[2010/03/29 20:43:18 | 002,222,787 | -H-- | M] () -- C:\Users\Anna\AppData\Local\IconCache.db
[2010/03/28 23:24:50 | 000,524,288 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{daf95b94-3aa2-11df-98ba-00a0d1a91b4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/28 23:24:50 | 000,524,288 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{daf95b94-3aa2-11df-98ba-00a0d1a91b4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/28 23:24:50 | 000,065,536 | -HS- | M] () -- C:\Users\Anna\ntuser.dat{daf95b94-3aa2-11df-98ba-00a0d1a91b4c}.TM.blf
[2010/03/28 13:10:17 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/27 10:51:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/27 10:35:07 | 003,903,606 | R--- | M] () -- C:\Users\Anna\Desktop\cofi.exe
[2010/03/27 10:30:25 | 000,000,020 | ---- | M] () -- C:\Users\Anna\defogger_reenable
[2010/03/24 22:23:52 | 508,247,827 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/21 21:06:59 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/21 13:35:51 | 000,002,047 | ---- | M] () -- C:\Users\Anna\Desktop\HijackThis.lnk
[2010/03/21 12:52:53 | 000,001,839 | ---- | M] () -- C:\Users\Anna\Desktop\CCleaner.lnk
[2010/03/20 04:03:14 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/19 20:27:11 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini
[2010/03/19 20:05:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys

========== Files Created - No Company Name ==========

[2010/03/29 20:45:43 | 000,524,288 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{1e66cef4-3b62-11df-b067-00a0d1a91b4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/29 20:45:43 | 000,524,288 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{1e66cef4-3b62-11df-b067-00a0d1a91b4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/29 20:45:43 | 000,065,536 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{1e66cef4-3b62-11df-b067-00a0d1a91b4c}.TM.blf
[2010/03/28 22:24:30 | 000,524,288 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{daf95b94-3aa2-11df-98ba-00a0d1a91b4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/28 22:24:30 | 000,524,288 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{daf95b94-3aa2-11df-98ba-00a0d1a91b4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/28 22:24:30 | 000,065,536 | -HS- | C] () -- C:\Users\Anna\ntuser.dat{daf95b94-3aa2-11df-98ba-00a0d1a91b4c}.TM.blf
[2010/03/27 10:39:34 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/27 10:39:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/27 10:39:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/27 10:39:34 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/27 10:39:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/27 10:35:03 | 003,903,606 | R--- | C] () -- C:\Users\Anna\Desktop\cofi.exe
[2010/03/27 10:30:12 | 000,000,020 | ---- | C] () -- C:\Users\Anna\defogger_reenable
[2010/03/24 22:23:52 | 508,247,827 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/21 21:06:59 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/21 13:32:19 | 000,002,047 | ---- | C] () -- C:\Users\Anna\Desktop\HijackThis.lnk
[2010/03/21 12:52:53 | 000,001,839 | ---- | C] () -- C:\Users\Anna\Desktop\CCleaner.lnk
[2010/03/19 20:27:52 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/19 20:27:17 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/03/19 20:27:14 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/03/19 20:27:11 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/02/13 17:05:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/04 20:19:37 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/02/28 20:27:29 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Advanced Chemistry Development
[2009/12/20 19:48:54 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ICQ
[2010/01/16 10:40:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ratiopharm
[2010/02/16 09:51:38 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
< End of report >

extras.txt ist nicht erschienen...

Larusso · 30.03.2010, 14:36

Okay, sieht gut aus. Bitte lasse Malwarebytes (QuickScan) laufen und poste mir die Logfile.
Macht der PC Probleme ?

annaswelten · 31.03.2010, 08:56

nein der pc macht keine probleme, keine warnmeldungen oder dass mir irgendwas anderes aufgefallen wäre...

hier das log:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3920
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.03.2010 09:55:27
mbam-log-2010-03-31 (09-55-27).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 117978
Laufzeit: 3 minute(s), 40 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

glg
anna

27.03.2010, 20:00	#17
Larusso /// Selecta Jahrusso	tr/ dropper.gen Hat das deinstallieren von ComboFix geklappt ??? Keine Fehlermeldung etc. __________________ __________________

30.03.2010, 14:36	#29
Larusso /// Selecta Jahrusso	tr/ dropper.gen Okay, sieht gut aus. Bitte lasse Malwarebytes (QuickScan) laufen und poste mir die Logfile. Macht der PC Probleme ? __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

tr/ dropper.gen

Plagegeister aller Art und deren Bekämpfung: tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

tr/ dropper.gen

Ähnliche Themen: tr/ dropper.gen

28.03.2010, 12:16	#18
annaswelten	tr/ dropper.gen ja es hat geklappt, gab keine probleme dabei... also alles supi __________________

28.03.2010, 20:55	#22
annaswelten	tr/ dropper.gen Schritt 2 funktioniert nicht es kommt die folgende fehlermeldung: Windows cannot find `C:\Windows\System32\restore\rstrui.exe. Make sure you typed the name correctly, and then try again.

28.03.2010, 21:35	#24
annaswelten	tr/ dropper.gen sah zwar alles ein wenig anders aus aber glaube ich hab schritt 2 nun hinbekommen. am ende nach dem neustart kam die meldung: System Restore completed successfully. The system has been restored to 28.3.2010 21:21. your documents have not been affected bei schritt 3 ist alles aktiv

29.03.2010, 19:31	#26
annaswelten	tr/ dropper.gen oh nein!!! was hab ich falsch gemacht??!!! ist das jetzt sehr schlimm??? also bevor ich wieder was nicht richtig mache... bei mir sieht das alles ein wenig anders aus, aber würde jetzt bei dem programm system restore auf undo system restore drücken und dann next bzw finish, und neu starten lassen...richtig?