Ok, dann hier das Combofix-Log:
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 10-07-07.02 - *** 08.07.2010 18:45:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2225 [GMT 2:00]
ausgeführt von:: c:\users\***\Free Download Manager\Software\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\***\Uninstal.exe
c:\windows\system32\vb6ko.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-08 bis 2010-07-08 ))))))))))))))))))))))))))))))
.
2010-07-08 16:33 . 2010-07-08 16:33 -------- d-----w- C:\_OTL
2010-07-07 15:55 . 2010-07-07 15:55 63488 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-07 15:55 . 2010-07-07 15:55 52224 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-07 15:55 . 2010-07-07 15:55 117760 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-07 15:54 . 2010-07-07 15:54 -------- d-----w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2010-07-07 15:54 . 2010-07-07 15:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-07 15:54 . 2010-07-07 15:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-06 12:40 . 2010-07-06 12:40 -------- d-----w- c:\users\***\AppData\Local\Winamp Toolbar
2010-07-05 15:51 . 2010-07-08 16:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-05 15:51 . 2010-07-08 16:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-04 20:22 . 2010-07-04 20:22 -------- d-----w- c:\program files\CCleaner
2010-07-04 15:51 . 2010-07-04 15:51 -------- d-----w- c:\program files\High-Logic FontCreator
2010-07-04 15:49 . 2009-06-16 22:02 616600 ----a-w- c:\windows\system32\FontInstaller.dll
2010-07-04 15:18 . 2010-07-04 15:51 -------- d-----w- c:\users\***\AppData\Local\FontCreator
2010-07-04 15:18 . 2010-07-04 15:56 -------- d-----w- c:\users\***\AppData\Roaming\FontCreator
2010-07-04 09:02 . 2010-07-04 09:02 -------- d-----w- c:\programdata\Bluetooth
2010-07-04 09:00 . 2010-07-04 09:00 -------- d-----w- c:\program files\IVT Corporation
2010-06-25 20:42 . 2010-06-25 20:42 -------- d-----w- C:\fc65b2e5f6d8808e3cf5302bd8
2010-06-23 20:41 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 20:41 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 20:41 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 20:41 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 20:41 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 20:37 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 20:37 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-19 11:32 . 2010-07-04 10:22 -------- d-----w- c:\programdata\DVD Shrink
2010-06-19 11:32 . 2010-06-19 11:32 -------- d-----w- c:\program files\DVD Shrink DE
2010-06-17 17:59 . 2010-06-17 17:59 -------- d-----w- c:\program files\TVersity Codec Pack
2010-06-17 17:59 . 2010-06-17 17:59 -------- d-----w- c:\users\***\AppData\Local\TVersity
2010-06-13 12:04 . 2010-06-13 12:04 -------- d-----w- c:\program files\Lavalys
2010-06-12 09:17 . 2010-06-12 09:18 -------- d-----w- c:\users\***\AppData\Roaming\Nero
2010-06-12 09:17 . 2010-07-06 12:35 119368 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 16:08 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 16:07 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 16:49 . 2010-05-23 16:48 -------- d-----w- c:\users\***\AppData\Roaming\Free Download Manager
2010-07-08 16:43 . 2008-01-21 07:15 626552 ----a-w- c:\windows\system32\perfh007.dat
2010-07-08 16:43 . 2008-01-21 07:15 126182 ----a-w- c:\windows\system32\perfc007.dat
2010-07-08 16:36 . 2010-06-04 22:06 52885 ----a-w- c:\programdata\nvModes.dat
2010-07-08 16:26 . 2010-06-05 17:19 -------- d-----w- c:\programdata\Lavasoft
2010-07-08 16:26 . 2010-06-05 17:19 -------- d-----w- c:\program files\Lavasoft
2010-07-08 05:05 . 2010-05-23 14:49 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-07-06 20:33 . 2010-06-01 16:36 -------- d-----w- c:\users\***\AppData\Roaming\DVD Flick
2010-07-05 19:55 . 2010-05-23 12:08 1356 ----a-w- c:\users\***\AppData\Local\d3d9caps.dat
2010-07-04 18:18 . 2010-05-23 17:19 -------- d-----w- c:\program files\pdfforge Toolbar
2010-07-04 17:18 . 2010-06-03 13:49 -------- d-----w- c:\users\***\AppData\Roaming\vlc
2010-07-04 16:10 . 2010-05-23 12:09 119368 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-04 09:01 . 2010-05-23 12:03 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-28 16:44 . 2010-05-31 16:13 188152 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvcwxj1o.default\FlashGot.exe
2010-06-28 16:30 . 2010-06-03 16:44 -------- d-----w- c:\users\***\AppData\Roaming\dvdcss
2010-06-25 20:43 . 2010-05-23 12:48 -------- d-----w- c:\program files\Microsoft.NET
2010-06-09 20:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 17:17 . 2010-05-23 12:47 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 17:59 . 2010-06-07 17:57 -------- d-----w- c:\program files\Intel
2010-06-07 17:57 . 2010-05-23 14:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 17:24 . 2010-06-05 17:25 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-05 07:55 . 2010-05-23 13:53 -------- d-----w- c:\programdata\NVIDIA
2010-06-05 07:54 . 2010-05-26 20:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 22:05 . 2010-06-04 22:04 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-04 22:02 . 2010-06-03 12:38 -------- d-----w- c:\program files\Microsoft
2010-06-04 08:02 . 2010-05-26 16:05 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-04 08:02 . 2010-05-26 15:59 -------- d-----w- c:\programdata\DivX
2010-06-04 07:56 . 2010-06-04 07:56 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-04 07:56 . 2010-05-26 16:01 -------- d-----w- c:\program files\DivX
2010-06-04 07:56 . 2010-06-04 07:56 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-04 07:54 . 2010-05-26 16:04 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-04 07:54 . 2010-05-26 16:04 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-04 07:53 . 2010-06-04 07:53 -------- d-----w- c:\programdata\Messenger Plus!
2010-06-03 16:41 . 2010-06-03 16:41 -------- d-----w- c:\users\***\AppData\Roaming\NeroDigital(TM)
2010-06-03 13:32 . 2010-05-26 16:05 -------- d-----w- c:\program files\DVD Flick
2010-06-03 12:43 . 2010-06-03 12:43 -------- d-----w- c:\program files\Messenger Plus! Live
2010-06-03 12:40 . 2010-06-03 12:38 -------- d-----w- c:\program files\Windows Live
2010-06-03 12:39 . 2010-06-03 12:39 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-03 12:38 . 2010-06-03 12:38 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-03 12:25 . 2010-06-03 12:25 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-03 11:28 . 2010-05-23 13:13 -------- d-----w- c:\users\***\AppData\Roaming\Nero
2010-06-03 11:00 . 2010-05-23 13:10 -------- d-----w- c:\programdata\Nero
2010-06-03 11:00 . 2010-05-23 13:10 -------- d-----w- c:\program files\Nero
2010-06-03 10:52 . 2010-05-23 13:10 -------- d-----w- c:\program files\Common Files\Nero
2010-06-02 16:38 . 2010-06-02 16:38 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-06-02 16:38 . 2010-06-02 16:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 16:38 . 2010-06-02 16:38 -------- d-----w- c:\programdata\Malwarebytes
2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\VideoLAN
2010-05-29 11:48 . 2010-05-26 17:52 -------- d-----w- c:\users\***\AppData\Roaming\Winamp
2010-05-29 08:06 . 2010-05-28 13:59 -------- d-----w- c:\program files\MP3Gain
2010-05-28 20:31 . 2010-05-28 20:31 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-28 20:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-28 20:31 . 2010-05-28 20:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-27 16:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-27 16:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-27 16:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-27 16:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-27 16:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-27 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\program files\Runtime Software
2010-05-26 17:55 . 2010-05-26 17:52 -------- d-----w- c:\program files\Winamp
2010-05-26 17:54 . 2010-05-26 17:54 -------- d-----w- c:\program files\Winamp Detect
2010-05-26 17:54 . 2010-05-26 17:54 -------- d-----w- c:\program files\Winamp Toolbar
2010-05-26 17:54 . 2010-05-26 17:54 -------- d-----w- c:\programdata\Winamp Toolbar
2010-05-26 17:54 . 2010-05-26 17:54 -------- d-----w- c:\programdata\OrbNetworks
2010-05-26 17:54 . 2010-05-26 17:54 -------- d-----w- c:\program files\Winamp Remote
2010-05-26 16:07 . 2010-05-26 16:04 -------- d-----w- c:\users\***\AppData\Roaming\DivX
2010-05-26 16:04 . 2010-05-26 16:04 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-26 16:04 . 2010-05-26 16:04 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-26 16:04 . 2010-05-26 16:04 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-05-26 16:03 . 2010-05-26 16:02 -------- d-----w- c:\program files\Google
2010-05-26 14:47 . 2010-06-09 16:08 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 20:23 . 2010-05-23 12:49 -------- d-----w- c:\program files\Microsoft Works
2010-05-24 12:38 . 2010-05-24 12:38 -------- d-----w- c:\program files\Common Files\Java
2010-05-24 12:37 . 2010-05-24 12:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-24 12:37 . 2010-05-24 12:37 -------- d-----w- c:\program files\Java
2010-05-24 12:36 . 2010-05-24 12:35 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-24 12:35 . 2010-05-24 12:35 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-24 08:45 . 2010-05-23 16:48 -------- d-----w- c:\users\***\AppData\Roaming\Software Informer
2010-05-24 07:59 . 2010-05-24 07:59 -------- d-----w- c:\program files\MSXML 4.0
2010-05-24 07:50 . 2010-05-23 14:54 65536 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-05-24 07:50 . 2010-05-23 14:54 10134 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2010-05-24 07:48 . 2010-05-23 14:51 -------- d-----w- c:\program files\Corel
2010-05-23 17:50 . 2010-05-23 17:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-23 17:20 . 2010-05-23 17:19 -------- d-----w- c:\program files\PDFCreator
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-28 3727411]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\gprs.exe [2007-12-27 43608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WiFi Station.lnk
backup=c:\windows\pss\WiFi Station.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
2005-02-08 02:00 98304 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIACE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 06:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-04-02 23:27 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 13:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-01-07 23:36 974848 ----a-w- c:\program files\pdfforge Toolbar\SearchSettings.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2006-10-04 14:41 86016 ----a-w- c:\magix\Video_deluxe_2007_PLUS\Trayserver.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):57,81,32,d8,bb,fd,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-869651104-1356322529-2937558675-1000]
"EnableNotificationsRef"=dword:00000003
R3 RT70x86;Hercules Wireless USB Dongle Driver;c:\windows\system32\DRIVERS\netr70.sys [2006-12-27 245248]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 135664]
R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 16:02]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 16:02]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvcwxj1o.default\
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvcwxj1o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-EWABQAF7KL - c:\users\***\AppData\Local\Temp\Fg1.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-08 18:50
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-07-08 18:52:40
ComboFix-quarantined-files.txt 2010-07-08 16:52
Vor Suchlauf: 11 Verzeichnis(se), 864.627.585.024 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 864.541.630.464 Bytes frei
- - End Of File - - 5244F7D70120F3628FF9005D87384620
--- --- ---
08.07.2010, 17:57
Hybrid-Darstellung
