ICQ Virus: "Wie findest du mein neues Foto denn so ;D "

nightdemon · 02.06.2010, 22:26

Hi,
ich habe dummerweise auf den Link der mir geschickt wurde geklickt und hab mir wohl den Virus gefangen.
Ich habe dann die Anweisungen, die in vorigen Themen gegeben wurden, beachtet und frage mich ob mein PC soweit sauber ist.
Deshalb poste ich dann mal die Logs von Malwarebytes Anti-Malware und OTL.

Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4164

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.06.2010 22:30:55
mbam-log-2010-06-02 (22-30-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 218139
Laufzeit: 1 Stunde(n), 1 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

OTL:

Code:

ATTFilter

OTL logfile created on: 6/2/2010 10:36:48 PM - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Niklas\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 89.61 Gb Free Space | 39.77% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 224.39 Gb Free Space | 99.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Niklas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe (T-Systems International GmbH)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\T-Home\Dialerschutz-Software\df.dll (T-Systems International GmbH)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (DFSVC) -- C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe (T-Systems International GmbH)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100602.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100602.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (SymEFA) -- C:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (SipIMNDI) -- C:\Windows\System32\drivers\SipIMNDI.sys (T-Systems International GmbH)
DRV - (DFSYS) -- C:\Program Files\T-Home\Dialerschutz-Software\DFSYS.SYS (T-Systems International GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/27 16:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 15:47:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 15:47:57 | 000,000,000 | ---D | M]
 
[2009/12/25 15:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010/06/02 17:37:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wevk03zo.default\extensions
[2010/03/01 22:44:12 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Niklas\AppData\Roaming\mozilla\Firefox\Profiles\wevk03zo.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/02/25 17:45:15 | 000,000,694 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\wevk03zo.default\searchplugins\icq-search.xml
[2010/03/25 17:43:21 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\wevk03zo.default\searchplugins\icqplugin-1.xml
[2010/04/04 15:48:12 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\wevk03zo.default\searchplugins\icqplugin-2.xml
[2010/04/04 22:26:38 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\wevk03zo.default\searchplugins\icqplugin-3.xml
[2010/03/01 22:52:29 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\wevk03zo.default\searchplugins\icqplugin.xml
[2010/03/01 22:44:07 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\wevk03zo.default\searchplugins\sweetim.xml
[2010/06/02 22:34:21 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/12/25 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/03/25 17:42:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/03/25 17:42:46 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/03/25 17:42:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/03/25 17:42:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/03/25 17:42:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{36c002be-1030-11df-89a5-002454238843}\Shell - "" = AutoRun
O33 - MountPoints2\{36c002be-1030-11df-89a5-002454238843}\Shell\AutoRun\command - "" = G:\Installer.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/06/02 22:04:14 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Niklas\Desktop\OTL.exe
[2010/06/02 20:38:39 | 000,523,264 | RHS- | C] (Microsoft Corporation) -- C:\Users\Niklas\AppData\Roaming\taskctl.exe
[2010/06/02 20:25:24 | 000,523,264 | RHS- | C] (Microsoft Corporation) -- C:\Users\Niklas\AppData\Roaming\winlsa32.exe
[2010/06/02 20:25:15 | 000,523,264 | RHS- | C] (Microsoft Corporation) -- C:\Users\Niklas\AppData\Roaming\wuatask.exe
[2010/06/02 20:25:13 | 000,523,264 | RHS- | C] (Microsoft Corporation) -- C:\Users\Niklas\AppData\Roaming\ctlcsr32.exe
[2010/06/02 19:52:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL
[2010/06/02 19:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2010/06/01 17:20:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010/06/01 17:20:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/06/01 17:20:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/06/01 17:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/01 17:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 12:00:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010/05/24 18:20:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PlayFirst
[2010/05/24 18:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2010/05/24 16:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010/05/24 16:30:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TrackMania
[2010/05/24 16:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\TmNationsForever
[2010/05/24 15:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Peter
[2010/05/24 14:44:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DivX
[2010/05/24 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/05/24 14:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/05/14 15:12:57 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\System32\CmdLineExt.dll
[2010/05/11 22:18:18 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\KONAMI
[2010/05/11 21:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\KONAMI
[2010/05/11 16:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2010/05/10 12:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2010/05/07 13:01:12 | 000,024,352 | ---- | C] (T-Systems International GmbH) -- C:\windows\System32\drivers\SipIMNDI.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010/06/02 22:34:21 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/02 22:34:17 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/06/02 22:34:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/06/02 22:33:53 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/02 22:32:57 | 002,097,152 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010/06/02 22:32:56 | 015,414,375 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010/06/02 22:32:39 | 000,016,274 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt 1.odt
[2010/06/02 22:24:01 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/02 22:04:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010/06/02 21:27:11 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 21:27:11 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 20:38:31 | 000,523,264 | RHS- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\taskctl.exe
[2010/06/02 20:25:22 | 000,523,264 | RHS- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\winlsa32.exe
[2010/06/02 20:25:13 | 000,523,264 | RHS- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\wuatask.exe
[2010/06/02 20:25:12 | 000,523,264 | RHS- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\ctlcsr32.exe
[2010/06/02 20:06:59 | 000,147,092 | ---- | M] () -- C:\Users\***\Desktop\Max.jpg
[2010/06/01 17:20:16 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 20:27:42 | 000,130,560 | ---- | M] () -- C:\Users\***Desktop\Entstehung von Erdöl.ppt
[2010/05/28 14:13:01 | 001,619,442 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/05/28 14:13:01 | 000,700,836 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010/05/28 14:13:01 | 000,653,898 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/05/28 14:13:01 | 000,149,920 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010/05/28 14:13:01 | 000,121,090 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/05/23 16:36:34 | 000,001,716 | ---- | M] () -- C:\Users\***\Desktop\pes2010 - Verknüpfung.lnk
[2010/05/15 18:04:46 | 000,133,881 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.png
[2010/05/14 15:12:57 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\System32\CmdLineExt.dll
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2010/06/02 22:32:37 | 000,016,274 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt 1.odt
[2010/06/02 20:06:51 | 000,147,092 | ---- | C] () -- C:\Users\***\Desktop\Max.jpg
[2010/06/01 17:20:16 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 20:29:22 | 000,130,560 | ---- | C] () -- C:\Users\***\Desktop\Entstehung von Erdöl.ppt
[2010/05/23 16:36:34 | 000,001,716 | ---- | C] () -- C:\Users\***\Desktop\pes2010 - Verknüpfung.lnk
[2010/05/15 18:04:45 | 000,133,881 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.png
[2010/04/08 16:00:48 | 000,000,237 | ---- | C] () -- C:\windows\RomeTW.ini
[2010/02/02 21:20:38 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2009/12/24 21:27:00 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/09/22 07:21:26 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:5C5A503E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D
< End of report >

Danke schonmal im Vorraus.

PS: Ich kenn mich in dem Themenbereich nicht all zu sehr aus.

markusg · 07.06.2010, 20:28

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
[2010/06/02 20:38:39 | 000,523,264 | RHS- | C] (Microsoft Corporation) -- C:\Users\Niklas\AppData\Roaming\taskctl.exe
[2010/06/02 20:25:24 | 000,523,264 | RHS- | C] (Microsoft Corporation) -- C:\Users\Niklas\AppData\Roaming\winlsa32.exe
[2010/06/02 20:25:15 | 000,523,264 | RHS- | C] (Microsoft Corporation) -- C:\Users\Niklas\AppData\Roaming\wuatask.exe
[2010/06/02 20:25:13 | 000,523,264 | RHS- | C] (Microsoft Corporation) -- C:\Users\Niklas\AppData\Roaming\ctlcsr32.exe
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[start explorer]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

nightdemon · 09.06.2010, 20:57

Ok hab ich gemacht,
hier der Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\taskctl.exe moved successfully.
C:\Users\***\AppData\Roaming\winlsa32.exe moved successfully.
C:\Users\***\AppData\Roaming\wuatask.exe moved successfully.
C:\Users\***\AppData\Roaming\ctlcsr32.exe moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ***
->Flash cache emptied: 84012 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 2637334 bytes
->Temporary Internet Files folder emptied: 6536451 bytes
->Java cache emptied: 2511000 bytes
->FireFox cache emptied: 35296269 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 562548 bytes
RecycleBin emptied: 104307 bytes
 
Total Files Cleaned = 45,00 mb
 
 
OTL by OldTimer - Version 3.2.5.3 log created on 06092010_214922

Files\Folders moved on Reboot...
File\Folder C:\windows\temp\JETD42F.tmp not found!

Registry entries deleted on Reboot...

markusg · 10.06.2010, 18:51

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

10.06.2010, 18:51	#4
markusg /// Malware-holic	ICQ Virus: "Wie findest du mein neues Foto denn so ;D " bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix

ICQ Virus: "Wie findest du mein neues Foto denn so ;D "

Plagegeister aller Art und deren Bekämpfung: ICQ Virus: "Wie findest du mein neues Foto denn so ;D "