Trojaner-Board - Disabled.SecurityCenter und root.Trojaner

Logs von Malmware und Otl;
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4770

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

07.10.2010 20:12:52
mbam-log-2010-10-07 (20-12-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 172350
Laufzeit: 21 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Otl;OTL Logfile:

Code:

OTL logfile created on: 07.10.2010 21:48:58 - Run 1

OTL by OldTimer - Version 3.2.14.1     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 298,08 Gb Total Space | 230,97 Gb Free Space | 77,49% Space Free | Partition Type: NTFS

Drive D: | 2,21 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: DELUXE

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.10.07 19:01:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

PRC - [2010.09.28 16:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2010.09.16 13:17:30 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2009.03.06 01:04:30 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.10.07 19:01:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

MOD - [2006.08.25 17:46:44 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2004.11.11 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2009.03.06 01:04:30 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)

DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010.01.08 16:33:55 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.08.23 19:26:28 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)

DRV - [2008.08.23 19:26:28 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)

DRV - [2008.08.23 19:26:28 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)

DRV - [2008.08.23 19:26:28 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)

DRV - [2008.08.23 19:09:35 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2008.05.16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)

DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)

DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)

DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)

DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)

DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)

DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)

DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)

DRV - [2006.12.12 15:33:28 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006.11.22 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2006.10.09 16:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)

DRV - [2006.10.09 15:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)

DRV - [2006.10.04 10:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)

DRV - [2005.07.07 16:26:04 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)

DRV - [2005.01.07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004.11.11 14:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.16 13:17:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.16 13:17:34 | 000,000,000 | ---D | M]

 

[2010.10.06 16:08:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2010.10.07 16:43:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\6n8kqt7p.default\extensions

[2010.04.28 09:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\6n8kqt7p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.08.15 17:28:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\6n8kqt7p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009.07.23 22:34:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\6n8kqt7p.default\extensions\searchrecs@veoh.com

[2010.10.07 16:43:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.05.20 15:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll

[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.07.12 21:09:25 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.07.12 21:09:25 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.07.12 21:09:25 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.07.12 21:09:25 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.07.12 21:09:25 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.10.07 18:49:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [itype] C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\text.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\cf8b261e-bd9b-4fba-b515-acfbad305c9f.com (SUPERAntiSpyware.com)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\StickyNote.lnk = C:\Programme\StickyNote\StickyNote.exe (Tenebril Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll -  File not found

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.08.23 17:49:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009.07.14 13:08:11 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.10.07 19:24:10 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Dokumente und Einstellungen\Administrator\Desktop\remover.exe.exe

[2010.10.07 19:06:23 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\79k7sgd3b.exe

[2010.10.07 19:01:31 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2010.10.07 18:53:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR

[2010.10.07 18:42:09 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010.10.07 18:40:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.10.07 18:40:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.10.07 18:40:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.10.07 18:40:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.10.07 18:40:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.10.07 18:40:33 | 000,000,000 | ---D | C] -- C:\cofi.exe

[2010.10.07 18:40:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.10.07 16:49:10 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\spybotsd162.exe

[2010.10.06 18:01:46 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent

[2010.10.06 17:42:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

[2010.10.06 17:42:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com

[2010.10.06 17:40:44 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware

[2010.10.06 17:12:17 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy

[2010.10.06 17:11:09 | 009,578,576 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Administrator\Desktop\SUPERAntiSpywarePro.exe

[2010.10.06 15:52:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\XPCLEAN

[2010.10.06 15:52:19 | 000,000,000 | ---D | C] -- C:\Programme\XP-Clean Speed

[2010.10.06 15:51:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.10.06 15:51:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.10.04 16:05:42 | 000,073,728 | ---- | C] (Initex Software) -- C:\WINDOWS\System32\PrxerDrv.dll

[2010.10.04 16:05:42 | 000,061,440 | ---- | C] (Initex Software) -- C:\WINDOWS\System32\PrxerNsp.dll

[2010.10.04 16:05:42 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SPORDER.DLL

[2010.10.04 16:05:42 | 000,000,000 | ---D | C] -- C:\Programme\Proxifier

[2010.10.04 14:30:54 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft HiJackFree

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.10.07 19:06:38 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\79k7sgd3b.exe

[2010.10.07 19:04:38 | 001,402,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis.msi

[2010.10.07 19:01:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2010.10.07 18:53:29 | 000,040,375 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\remover.exe.rar

[2010.10.07 18:50:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.10.07 18:49:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.10.07 18:49:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.10.07 18:44:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.10.07 18:43:44 | 008,388,608 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT

[2010.10.07 18:43:37 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini

[2010.10.07 18:42:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010.10.07 18:37:23 | 003,875,070 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cofi.exe.exe

[2010.10.07 18:35:04 | 000,040,375 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\bootkit_remover.rar

[2010.10.07 16:54:32 | 000,001,359 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\wtvClient.ini

[2010.10.07 16:50:22 | 000,000,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\test2.com.lnk

[2010.10.07 16:49:27 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\spybotsd162.exe

[2010.10.07 16:32:25 | 000,181,020 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010.10.06 17:40:45 | 000,001,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\text.lnk

[2010.10.06 17:14:14 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\shawty.lnk

[2010.10.06 17:11:13 | 009,578,576 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Administrator\Desktop\SUPERAntiSpywarePro.exe

[2010.10.06 16:35:01 | 000,000,100 | ---- | M] () -- C:\index.ini

[2010.10.06 16:08:28 | 000,002,561 | ---- | M] () -- C:\WINDOWS\diagwrn.xml

[2010.10.06 16:08:28 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml

[2010.10.06 02:38:08 | 000,040,448 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.10.04 16:27:53 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Current.prx

[2010.10.04 16:05:42 | 000,000,620 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Proxifier.lnk

[2010.10.04 14:30:55 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Emsisoft HiJackFree.lnk

[2010.10.02 15:26:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.10.07 19:04:38 | 001,402,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis.msi

[2010.10.07 18:53:29 | 000,040,375 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\remover.exe.rar

[2010.10.07 18:42:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010.10.07 18:42:10 | 000,262,448 | RHS- | C] () -- C:\cmldr

[2010.10.07 18:40:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.10.07 18:40:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.10.07 18:40:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.10.07 18:40:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.10.07 18:40:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.10.07 18:37:06 | 003,875,070 | R--- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cofi.exe.exe

[2010.10.07 18:35:04 | 000,040,375 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\bootkit_remover.rar

[2010.10.07 16:50:22 | 000,000,921 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\test2.com.lnk

[2010.10.06 17:40:45 | 000,001,658 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\text.lnk

[2010.10.06 16:35:01 | 000,000,100 | ---- | C] () -- C:\index.ini

[2010.10.06 16:08:11 | 000,002,561 | ---- | C] () -- C:\WINDOWS\diagwrn.xml

[2010.10.06 16:08:11 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml

[2010.10.06 15:51:05 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\shawty.lnk

[2010.10.04 16:05:44 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Current.prx

[2010.10.04 16:05:42 | 000,000,620 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Proxifier.lnk

[2010.10.04 14:30:55 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Emsisoft HiJackFree.lnk

[2009.04.28 18:47:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009.04.17 17:14:05 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009.04.17 17:14:05 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008.12.23 15:24:35 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2008.12.17 00:20:56 | 000,000,059 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GoodnightTimer.ini

[2008.10.07 20:49:24 | 000,040,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2008.07.23 18:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2008.05.16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008.05.16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008.05.16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008.05.16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008.05.16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:A8ADE5D8

@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2

@Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:A3E39C6A

< End of report >

--- --- ---
combofix;Combofix Logfile:

Code:

ComboFix 10-10-06.03 - Administrator 07.10.2010  18:45:49.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.2046.1641 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpeB.dll
 

Infizierte Kopie von c:\windows\system32\drivers\pci.sys wurde gefunden und desinfiziert 

Kopie von - Kitty had a snack :p wurde wiederhergestellt 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-09-07 bis 2010-10-07  ))))))))))))))))))))))))))))))

.
 

2010-10-06 15:42 . 2010-10-06 15:42        63488        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-10-06 15:42 . 2010-10-06 15:42        52224        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-10-06 15:42 . 2010-10-06 15:42        117760        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-10-06 15:42 . 2010-10-06 15:42        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

2010-10-06 15:42 . 2010-10-06 15:42        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com

2010-10-06 15:40 . 2010-10-06 15:42        --------        d-----w-        c:\programme\SUPERAntiSpyware

2010-10-06 15:12 . 2010-10-07 14:50        --------        d-----w-        c:\programme\Spybot - Search & Destroy

2010-10-06 13:51 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-06 13:51 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-10-04 14:05 . 2010-10-04 14:05        --------        d-----w-        c:\programme\Proxifier

2010-10-04 14:05 . 2009-10-20 18:26        61440        ----a-w-        c:\windows\system32\PrxerNsp.dll

2010-10-04 14:05 . 2009-09-08 17:06        73728        ----a-w-        c:\windows\system32\PrxerDrv.dll

2010-10-04 14:05 . 1997-06-06 12:52        11264        ----a-w-        c:\windows\system32\SPORDER.DLL

2010-10-04 12:30 . 2010-10-06 14:34        --------        d-----w-        c:\programme\Emsisoft HiJackFree
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-07 14:51 . 2010-01-07 14:46        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-10-07 00:05 . 2008-08-25 19:42        --------        d-----w-        c:\programme\Warcraft III

2010-10-06 16:22 . 2010-10-06 13:52        --------        d-----w-        c:\programme\XP-Clean Speed

2010-10-06 14:36 . 2010-08-24 12:08        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-10-06 14:06 . 2009-05-01 23:14        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DeepBurner

2010-10-06 14:03 . 2008-08-23 18:17        --------        d-----w-        c:\programme\Messenger Plus! Live

2010-10-06 13:56 . 2010-07-20 15:20        --------        d-----w-        c:\programme\StickyNote

2010-10-06 13:56 . 2010-05-20 18:06        --------        d-----w-        c:\programme\Microsoft IntelliType Pro

2010-10-06 13:56 . 2010-04-26 15:23        --------        d-----w-        c:\programme\Replay Explorer

2010-10-06 13:56 . 2010-02-09 19:56        --------        d-----w-        c:\programme\JDownloader

2010-10-06 13:56 . 2009-02-08 13:55        --------        d-----w-        c:\programme\OpenOffice.org 3

2010-10-06 13:56 . 2008-12-23 13:24        --------        d-----w-        c:\programme\UseNeXT

2010-10-06 13:56 . 2008-09-19 17:40        --------        d-----w-        c:\programme\AbiSuite2

2010-10-06 13:56 . 2008-08-23 17:27        --------        d-----w-        c:\programme\Gemeinsame Dateien\Teleca Shared

2010-10-06 13:56 . 2008-10-15 22:00        --------        d-----w-        c:\programme\LimeWire

2010-10-06 13:56 . 2008-08-23 16:44        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\WLInstaller

2010-10-06 13:56 . 2008-10-14 21:09        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\LimeWire

2010-10-06 13:55 . 2009-04-17 15:25        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\CyberLink

2010-10-06 13:55 . 2009-04-17 15:11        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\dvdcss

2010-10-06 13:55 . 2009-01-02 14:11        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\InstallShield

2010-10-06 13:55 . 2008-09-20 15:44        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DivX

2010-10-06 13:55 . 2008-08-23 16:22        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Apple Computer

2010-10-06 13:55 . 2009-04-17 15:14        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVS4YOU

2010-10-06 13:55 . 2008-12-23 13:24        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\UseNeXT

2010-10-06 13:55 . 2009-04-17 15:21        --------        d-----w-        c:\programme\Gemeinsame Dateien\CyberLink

2010-10-06 13:55 . 2009-03-20 10:55        --------        d-----w-        c:\programme\QuickTime

2010-10-06 13:55 . 2008-08-23 18:25        --------        d-----w-        c:\programme\Picasa2

2010-10-06 13:55 . 2008-08-23 16:45        --------        dcsh--w-        c:\programme\Gemeinsame Dateien\WindowsLiveInstaller

2010-10-03 09:43 . 2010-08-24 11:56        --------        d-----w-        c:\programme\uTorrent

2010-10-02 13:46 . 2010-08-24 11:56        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\uTorrent

2010-09-23 17:34 . 2008-08-31 17:55        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DNA

2010-09-23 17:34 . 2009-04-17 15:20        --------        d---a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Temp

2010-09-23 17:26 . 2009-02-08 13:57        1        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-09-23 16:53 . 2008-08-31 17:55        --------        d-----w-        c:\programme\DNA

2010-08-24 12:08 . 2010-08-24 12:08        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes

2010-08-24 12:08 . 2010-08-24 12:08        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-08-15 15:31 . 2009-04-17 15:20        53319        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe

2010-08-15 15:28 . 2010-08-15 15:28        --------        d-----w-        c:\programme\CCleaner

2010-08-08 15:13 . 2010-08-08 15:13        503808        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-77d37d60-n\msvcp71.dll

2010-08-08 15:13 . 2010-08-08 15:13        499712        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-77d37d60-n\jmc.dll

2010-08-08 15:13 . 2010-08-08 15:13        348160        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-77d37d60-n\msvcr71.dll

2010-08-08 15:13 . 2010-08-08 15:13        61440        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-30cf595e-n\decora-sse.dll

2010-08-08 15:13 . 2010-08-08 15:13        12800        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-30cf595e-n\decora-d3d.dll

2010-07-31 13:46 . 2010-07-31 13:46        133172        ---ha-w-        c:\windows\system32\mlfcache.dat

2010-07-23 04:13 . 2010-07-23 04:13        72488        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\programme\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\cf8b261e-bd9b-4fba-b515-acfbad305c9f.com" [2010-10-06 2424560]

"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"nwiz"="nwiz.exe" [2008-05-16 1630208]

"RTHDCPL"="RTHDCPL.EXE" [2006-12-12 16270848]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"itype"="c:\programme\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]

"Malwarebytes Anti-Malware (reboot)"="c:\programme\Malwarebytes' Anti-Malware\text.exe" [2010-04-29 1090952]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-11-11 15360]

"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-04-29 268800]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

StickyNote.lnk - c:\programme\StickyNote\StickyNote.exe [2010-7-20 318976]
 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21        548352        ----a-w-        c:\programme\SUPERAntiSpyware\SASWINLO.DLL
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Warcraft III\\Warcraft III.exe"=

"c:\\Programme\\DNA\\btdna.exe"=

"c:\\Programme\\BitTorrent\\bittorrent.exe"=

"c:\\Programme\\MoRUN.net\\Sticker Lite\\sticker.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

"c:\\Programme\\LimeWire\\LimeWire.exe"=

"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Dokumente und Einstellungen\\Administrator\\Desktop\\wtvClient.exe"=

"c:\\Programme\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
 

R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872]

R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [07.01.2010 16:33 108289]

R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [05.01.2010 22:47 61440]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18.02.2010 13:09 27632]

S2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [18.02.2010 13:08 90112]

S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\Marmiko Shared\MACNDIS5.SYS [05.01.2010 22:47 17280]

S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\Marmiko Shared\MInfraIS\MIINPazX.SYS [05.01.2010 22:47 17152]

S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [05.01.2010 22:46 17536]

S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [02.01.2009 16:12 83880]

S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [02.01.2009 16:12 15016]

S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [02.01.2009 16:12 110632]

S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [02.01.2009 16:12 104616]

S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [02.01.2009 16:12 25512]

S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [02.01.2009 16:12 100648]

S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [02.01.2009 16:12 110120]

.

Inhalt des "geplante Tasks" Ordners
 

2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyOverride = local

LSP: %SystemRoot%\system32\PrxerDrv.dll

FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\6n8kqt7p.default\

FF - prefs.js: browser.startup.homepage - www.google.de

FF - plugin: c:\programme\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(904)

c:\windows\system32\sfc_os.dll

c:\programme\SUPERAntiSpyware\SASWINLO.DLL

.

Zeit der Fertigstellung: 2010-10-07  18:50:02

ComboFix-quarantined-files.txt  2010-10-07 16:50
 

Vor Suchlauf: 7 Verzeichnis(se), 248.029.552.640 Bytes frei

Nach Suchlauf: 8 Verzeichnis(se), 247.996.940.288 Bytes frei
 

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
 

- - End Of File - - 45D0B072FAB9090EA46FED7A7159D4D2

--- --- ---

GMER ging leider nicht.

Log Osam;
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 15:36:49 on 08.10.2010
 

OS: Windows XP Professional Service Pack 2 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.10
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\AntiVir Desktop\avconfig.cpl

"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"gdrv" (gdrv) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\gdrv.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\Marmiko Shared\MACNDIS5.SYS

"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\Marmiko Shared\MInfraIS\MIINPazX.SYS

"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\msgrapp.14.0.8089.0726.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\msgrapp.14.0.8089.0726.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll

{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplkey.dll

{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll

{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcpltp.dll

{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwir.dll

{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplzm.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{A5110426-177D-4e08-AB3F-785F10B4439C} "Sony Ericsson Datei-Manager" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"StickyNote.lnk" - "Tenebril Software" - C:\Programme\StickyNote\StickyNote.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"MsnMsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background

"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\cf8b261e-bd9b-4fba-b515-acfbad305c9f.com

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"itype" - "Microsoft Corporation" - "C:\Programme\Microsoft IntelliType Pro\itype.exe"

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)

"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

"WgaLogon" - ? - WgaLogon.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

"Proxifier NSP" - "Initex Software" - C:\WINDOWS\system32\PrxerNsp.dll

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"PROXIFIER LSP" - "Initex Software" - C:\WINDOWS\system32\PrxerDrv.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Log Mbr;

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E3000 \WINDOWS\system32\hal.dll
0xBADA8000 \WINDOWS\system32\KDCOM.DLL
0xBACB8000 \WINDOWS\system32\BOOTVID.dll
0xBA778000 ACPI.sys
0xBADAA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA767000 pci.sys
0xBA8A8000 isapnp.sys
0xBAE70000 pciide.sys
0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA8B8000 MountMgr.sys
0xBA748000 ftdisk.sys
0xBADAC000 dmload.sys
0xBA722000 dmio.sys
0xBAB30000 PartMgr.sys
0xBA8C8000 VolSnap.sys
0xBA70A000 atapi.sys
0xBA8D8000 disk.sys
0xBA8E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA6EA000 fltMgr.sys
0xBA6D8000 sr.sys
0xBA8F8000 PxHelp20.sys
0xBA6C1000 KSecDD.sys
0xBA634000 Ntfs.sys
0xBA607000 NDIS.sys
0xBA5EC000 Mup.sys
0xBAA88000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9CBE000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9CAA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBAC08000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9C87000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBAC10000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9C62000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBAA98000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBAAA8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBAAB8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9C3F000 \SystemRoot\system32\DRIVERS\ks.sys
0xBAC18000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9C01000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xBAC20000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB9BF0000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9BDC000 \SystemRoot\system32\DRIVERS\parport.sys
0xBAF08000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBAAC8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA578000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9BC5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBAAD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBAAE8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBAC28000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9BB4000 \SystemRoot\system32\DRIVERS\psched.sys
0xBAAF8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBAC30000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBAC38000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9B83000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBAB08000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBAC40000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBAC48000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBAC50000 \SystemRoot\system32\DRIVERS\seehcri.sys
0xBADD0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9B2A000 \SystemRoot\system32\DRIVERS\update.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA928000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA938000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBADD2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB7567000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB7545000 \SystemRoot\system32\drivers\portcls.sys
0xBA948000 \SystemRoot\system32\drivers\drmk.sys
0xBAC60000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBADD6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBAECD000 \SystemRoot\System32\Drivers\Null.SYS
0xBADD8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBAC70000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBAC78000 \SystemRoot\System32\drivers\vga.sys
0xBADDA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBADDC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBAC80000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAC88000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA594000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB7422000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB73CA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB73A2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB7381000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA978000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA584000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB735F000 \SystemRoot\System32\drivers\afd.sys
0xBA988000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBAC90000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB733D000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
0xBAC98000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
0xB7312000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB72A3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA998000 \SystemRoot\System32\Drivers\Fips.SYS
0xB725F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBADE0000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xBACA8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB7987000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA9A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB7983000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB797F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA9C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7247000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBADF2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7535000 \SystemRoot\System32\drivers\Dxapi.sys
0xBACB0000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xBAF0D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\nv4_disp.dll
0xBFFAA000 \SystemRoot\System32\ATMFD.DLL
0xB6EF3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB6F2B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB6C86000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6FDF000 \SystemRoot\system32\drivers\sysaudio.sys
0xB6A52000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBAE3E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB6690000 \SystemRoot\system32\DRIVERS\srv.sys
0xB6357000 \SystemRoot\System32\Drivers\HTTP.sys
0xB630C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB556B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
832 C:\WINDOWS\system32\smss.exe
880 csrss.exe
904 C:\WINDOWS\system32\winlogon.exe
948 C:\WINDOWS\system32\services.exe
960 C:\WINDOWS\system32\lsass.exe
1152 C:\WINDOWS\system32\svchost.exe
1220 svchost.exe
1320 C:\WINDOWS\system32\svchost.exe
1436 svchost.exe
1516 svchost.exe
1716 C:\WINDOWS\system32\spoolsv.exe
1764 C:\Programme\Avira\AntiVir Desktop\sched.exe
1976 C:\WINDOWS\explorer.exe
2000 svchost.exe
348 C:\WINDOWS\RTHDCPL.exe
352 C:\WINDOWS\system32\rundll32.exe
360 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
376 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
388 C:\Programme\Microsoft IntelliType Pro\itype.exe
440 C:\Programme\Windows Live\Messenger\msnmsgr.exe
528 C:\Programme\SUPERAntiSpyware\cf8b261e-bd9b-4fba-b515-acfbad305c9f.com
552 C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
656 C:\Programme\StickyNote\StickyNote.exe
240 C:\Programme\Avira\AntiVir Desktop\avguard.exe
856 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
860 C:\Programme\Bonjour\mDNSResponder.exe
1092 svchost.exe
1292 C:\Programme\Java\jre6\bin\jqs.exe
1388 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
1484 C:\WINDOWS\system32\nvsvc32.exe
1536 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2720 alg.exe
3312 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3348 wmiprvse.exe
3644 C:\Programme\Mozilla Firefox\firefox.exe
3820 C:\Programme\Mozilla Firefox\plugin-container.exe
4044 C:\WINDOWS\system32\notepad.exe
548 C:\WINDOWS\system32\wscntfy.exe
2444 C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD321KJ, Rev: CP100-12

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!