Trojaner-Board - g-data - andauernd virenmeldung....

das hat geklappt....

leider ist nun irgendwie mein firefox verschwunden :confused:

hier das combofix log:

Combofix Logfile:
Code:
ComboFix 12-06-28.03 - olli 29.06.2012  21:28:56.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1526.886 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\olli\Desktop\ComboFix.exe

AV: G Data InternetSecurity 2012 *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}

FW: G Data Personal Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

c:\dokumente und einstellungen\olli\Anwendungsdaten\.#

c:\dokumente und einstellungen\olli\Anwendungsdaten\.#\MBX@9B8@384198.###

c:\dokumente und einstellungen\olli\Anwendungsdaten\.#\MBX@9B8@3841C8.###

c:\dokumente und einstellungen\olli\Anwendungsdaten\.#\MBX@9B8@3841F8.###

c:\dokumente und einstellungen\olli\Anwendungsdaten\YBIcZ.exe

c:\dokumente und einstellungen\olli\GoToAssistDownloadHelper.exe

c:\dokumente und einstellungen\olli\Vorlagen\RouteConverter.exe

c:\dokumente und einstellungen\olli\WINDOWS

c:\programme\xp-AntiSpy

c:\programme\xp-AntiSpy\sponsoring\ebay.ico

c:\programme\xp-AntiSpy\sponsoring\ebay_desktop.ico

c:\programme\xp-AntiSpy\sponsoring\ebay_hover.ico

c:\programme\xp-AntiSpy\sponsoring\sponsor.html

c:\programme\xp-AntiSpy\sponsoring\sponsor.url

c:\programme\xp-AntiSpy\Uninstall.exe

c:\programme\xp-AntiSpy\xp-AntiSpy.chm

c:\programme\xp-AntiSpy\xp-AntiSpy.exe

c:\programme\xp-AntiSpy\xp-AntiSpy.url

C:\timerintray

c:\timerintray\03576683346.exe

c:\timerintray\D2FB95E8635C485

c:\windows\_detmp.2

c:\windows\IsUn0407.exe

c:\windows\system32\PowerToyReadme.htm

c:\windows\system32\SET70.tmp

c:\windows\system32\SET72.tmp

c:\windows\system32\SET80.tmp

c:\windows\system32\winsys

c:\windows\system32\winsys\klog.dat

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-29  ))))))))))))))))))))))))))))))

.

.

2012-06-28 03:32 . 2012-06-28 03:32        --------        d-----w-        c:\windows\system32\wbem\Repository

2012-06-12 18:12 . 2012-05-11 14:40        521728        -c----w-        c:\windows\system32\dllcache\jsdbgui.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-02 13:19 . 2009-12-15 22:45        15896        ----a-w-        c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2007-07-03 19:40        18456        ----a-w-        c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2007-04-27 23:12        329240        ----a-w-        c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2007-04-27 23:12        210968        ----a-w-        c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2007-04-27 23:11        219160        ----a-w-        c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2007-07-03 19:40        15896        ----a-w-        c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2007-04-28 01:32        45080        ----a-w-        c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2007-04-27 23:11        35864        ----a-w-        c:\windows\system32\wups.dll

2012-06-02 13:19 . 2007-04-27 23:11        53784        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2004-08-04 12:00        97304        ----a-w-        c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2007-07-03 19:40        23576        ----a-w-        c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2007-04-27 23:11        577048        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2007-04-27 23:11        1933848        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-02 13:18 . 2010-11-14 19:23        275696        ----a-w-        c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2010-11-14 19:23        18160        ----a-w-        c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2009-08-06 18:23        214256        ----a-w-        c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2004-08-04 12:00        604160        ----a-w-        c:\windows\system32\crypt32.dll

2012-05-16 15:07 . 2004-08-04 12:00        916992        ----a-w-        c:\windows\system32\wininet.dll

2012-05-15 13:56 . 2004-08-04 12:00        1863296        ----a-w-        c:\windows\system32\win32k.sys

2012-05-11 14:40 . 2004-08-04 12:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll

2012-05-11 14:40 . 2004-08-04 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2004-08-04 12:00        385024        ----a-w-        c:\windows\system32\html.iec

2012-05-05 03:14 . 2004-08-04 12:00        2150912        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14 . 2004-08-04 00:50        2029056        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2007-04-27 23:08        139656        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-04-04 13:56 . 2009-12-15 21:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2009-10-07 14:11 . 2009-10-07 14:11        158720        ----a-w-        c:\programme\internet explorer\plugins\LV90ActiveXControl.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\programme\IncrediMail\bin\IncMail.exe" [2007-04-29 204843]

"Akamai NetSession Interface"="c:\dokumente und einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" [2012-05-26 4327744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Tvs"="c:\programme\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]

"TPSMain"="TPSMain.exe" [2005-08-03 266240]

"TFncKy"="TFncKy.exe" [BU]

"TDispVol"="TDispVol.exe" [2005-09-16 73728]

"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]

"THotkey"="c:\programme\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"G Data AntiVirus Tray Application"="c:\programme\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-08-17 1011208]

"GDFirewallTray"="c:\programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416]

"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\olli\Startmenü\Programme\Autostart\

Verknüpfung mit VPNUK L2TP.lnk -  [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

"KiesHelper"=c:\programme\Samsung\Kies\KiesHelper.exe /s

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"CloneCDTray"="c:\programme\CloneCD\CloneCDTray.exe" /s

"igfxhkcmd"=c:\windows\system32\hkcmd.exe

"igfxpers"=c:\windows\system32\igfxpers.exe

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"NBAgent"="c:\programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

"KiesTrayAgent"=c:\programme\Samsung\Kies\KiesTrayAgent.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Programme\\IncrediMail\\bin\\IMApp.exe"=

"c:\\Programme\\IncrediMail\\bin\\ImpCnt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\National Instruments\\Shared\\mDNS Responder\\nimdnsResponder.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1049:TCP"= 1049:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [16.12.2009 07:03 40440]

R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [29.04.2007 21:11 30200]

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [20.02.2012 14:49 56208]

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [10.07.2007 20:08 15448]

R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [16.12.2009 00:06 79992]

R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [16.12.2009 19:35 69272]

R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [08.09.2011 09:43 40568]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04.08.2004 14:00 14336]

R2 AVKProxy;G Data AntiVirus Proxy;c:\programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [17.08.2011 15:00 1506824]

R2 AVKService;G Data Scheduler;c:\programme\G DATA\InternetSecurity\AVK\AVKService.exe [17.08.2011 15:00 464392]

R2 AVKWCtl;G Data Dateisystem Wächter;c:\programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe [28.07.2011 03:12 1554184]

R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [29.04.2007 21:11 52216]

R2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [20.06.2008 16:53 129144]

R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [18.06.2008 16:57 192112]

R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [20.06.2008 21:27 11360]

R2 NPWService;NPWService;c:\programme\Generic\Network Printer Wizard\NPWService.exe [17.09.2008 14:43 462848]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [09.02.2012 12:59 1529152]

R3 axvbusx;axvbusx;c:\windows\system32\drivers\axvbusx.sys [31.01.2003 21:43 8384]

R3 axvscsi;axvscsi;c:\windows\system32\drivers\axvscsi.sys [31.01.2003 21:43 100256]

R3 GDFwSvc;G Data Personal Firewall;c:\programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [10.08.2011 14:20 1613424]

R3 GDScan;G Data Scanner;c:\programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe [17.08.2011 15:00 457536]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [05.12.2011 17:45 27632]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [09.02.2012 12:48 10064]

S2 gupdate;Google Update Service (gupdate);"c:\programme\Google\Update\GoogleUpdate.exe" /svc --> c:\programme\Google\Update\GoogleUpdate.exe [?]

S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [28.05.2007 20:34 35824]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [08.01.2012 23:38 80184]

S3 DrvSnSht;DrvSnSht;\??\c:\programme\R-Drive Image\DrvSnSht.sys --> c:\programme\R-Drive Image\DrvSnSht.sys [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [14.02.2011 19:12 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [14.02.2011 19:12 8456]

S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys --> c:\windows\system32\drivers\ewfiltertdidriver.sys [?]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [05.12.2011 19:20 13224]

S3 gupdatem;Google Update-Dienst (gupdatem);"c:\programme\Google\Update\GoogleUpdate.exe" /medsvc --> c:\programme\Google\Update\GoogleUpdate.exe [?]

S3 jmusbpro;jmusbpro.sys Treiber für USB Laserausgabekarte;c:\windows\system32\drivers\jmusbpro.sys [16.11.2010 17:57 17648]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [24.04.2012 18:50 113120]

S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [13.06.2008 15:51 11360]

S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [13.06.2008 09:27 11904]

S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [13.06.2008 09:27 11896]

S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [20.06.2008 21:28 11384]

S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [20.06.2008 21:27 11360]

S3 PEEK5;PEEK5 Protocol Driver;\??\c:\dokume~1\olli\Desktop\DOWNLOAD\WIFISA~1\WINAIR~1\PEEK5.SYS --> c:\dokume~1\olli\Desktop\DOWNLOAD\WIFISA~1\WINAIR~1\PEEK5.SYS [?]

S3 R-ImageDisk;R-ImageDisk;\??\c:\programme\R-Drive Image\R-ImageDisk.sys --> c:\programme\R-Drive Image\R-ImageDisk.sys [?]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [05.12.2011 17:45 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [05.12.2011 17:45 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [05.12.2011 17:45 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [05.12.2011 17:45 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [05.12.2011 17:45 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [05.12.2011 17:45 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [05.12.2011 17:45 115752]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [05.12.2011 17:45 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [05.12.2011 17:45 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [05.12.2011 17:45 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [05.12.2011 17:45 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [05.12.2011 17:45 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [05.12.2011 17:45 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [05.12.2011 17:45 109736]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [27.01.2010 12:34 17920]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [27.01.2010 12:34 60544]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [08.01.2012 23:38 181432]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=2f618a0f0000000000000018debbaf42

mWindow Title = Microsoft Internet Explorer

uInternet Settings,ProxyOverride = <local>

IE: &Add animation to IncrediMail Style Box - c:\programme\IncrediMail\bin\resources\WebMenuImg.htm

IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

Trusted Zone: rcgroups.com\www

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{FA3DC0D0-4800-40EE-AAC3-DDF587E83B8E}: NameServer = 217.79.186.148,85.88.19.10

FF - ProfilePath - c:\dokumente und einstellungen\olli\Anwendungsdaten\Mozilla\Firefox\Profiles\ff0qexct.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2f618a0f00000000000000134611101a&tlver=1.4.35.10&affID=107763

FF - prefs.js: network.proxy.ftp - 127.0.0.1

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher - anonym.maxonymous.com

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 127.0.0.1

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 127.0.0.1

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.notify.interval - 600000

FF - user.js: content.switch.threshold - 600000

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109989

FF - user.js: extensions.BabylonToolbar_i.babExt - 

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 2f618a0f0000000000000018debbaf42

FF - user.js: extensions.BabylonToolbar_i.hardId - 2f618a0f0000000000000018debbaf42

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15382

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:54

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)

HKCU-Run-8Y8V8U6XWGYJ5W9WPHZID - c:\timerintray\03576683346.exe

HKCU-Run-gKvuL - c:\dokumente und einstellungen\olli\Anwendungsdaten\YBIcZ.exe

HKU-Default-Run-gKvuL - \YBIcZ.exe

MSConfigStartUp-SunJavaUpdateSched - c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

AddRemove-2005 Karte Europa City - c:\windows\IsUn0407.exe

AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe

AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe

AddRemove-WinSetupFromUSB - c:\winsetupfromusb\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-06-29 21:42

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="c:\programme\gemeinsame dateien\akamai/netsession_win_80c2ffa.dll"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-448539723-630328440-725345543-1003\Software\Zepter Software\RegLib*e463871f\AnyDVD/1]

"1"=dword:46366083

"2"=dword:46366083

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOSE05.00.00.01PRO"="8A8A3F52E5E965D347B1CDB3B236A6B8A9382716FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407FEBC9E127BECC74CA9C6AECB7A5D1407E9890AC214645AF1EAFD4B887444624F9EDAA2AD238D0DBC99161187937B52CBA165E7C9B33676052BBC4FF60D57F01FADDB96684387AC4F41EEDC57D71A111A0F3D840AC5CD62C49562757DE70C6AD1B324B3AC3343F9818D4CC3E4BD4CAFF7B919E01F19E296DF46B9FBFE78A697A9025F154A2A38AA51A45ADE05E15C713CBC47B2094EAF07A4EBD1D44484F5B3917D7E89F1B3E4E960C28A787235160E63465B63ABDCF31509CB7E287A27C672969EB415B8B04955F43491134CFB4B300A9BAA11CC0D7099A1BE57CE314F6F7868F3FA7018D2E8FEF8DB696295CE53F6F3124F8C997CEDE02CB0B558DDC045DC5C9E8C066DA44D6BFA2F4E4F339A07F4891627DB9F1D352A08223987571125AE6CD3EBF5F97F03172BBA4275712243B2D3A6D4B8D33695AABA264752DB2A6E6EB4DCD912E3149BED609A0AA6FB76EA2901563E8E8D5FE209E96683E28ACD85107516E0E4B3662AD315022F67E68363C8E64D8D038708F162629EDC18688BD07D94714CA6D64D481DE537FE6FA8059573F9C731E7DF711EC6151F7E055DCB3D159A74ACC91FF593949694892B1C0BEE8156135B481D31473994CC5F6F35C839A4B4B8D56F42DF2A788A08A43BFDFA623E399202E1A4B14DB2981EB3532212B9F3336BDF70D8DD32F94E9369F4F20EE466873F5F26422F991F7E22F75D3789B43B8B4C27D8619754C00ECDB5DFFE50702FC7A2F03A25BC94DD45F6EBF06EE627A756334CE63C8ABDE49CE129398EA282BE255EF977E140AFC3905111A3A13411585007B28EAE059DF56F0D2A70EEBA9BB0EC23FEEAED73DA98A8F9B0C1135074655A4603F6632C2AF42022E12CD220C39213394CD725638D1779CBD2C866EEDAD6F982A8FCE6F59AD8EC06BC444F3003E82EFA6EB2C7F1447213B94AEB25154E29585F54AFAA2FAC0BB7B56C43611C672B795A38A4F956F94BA8C5A710B99E5FCC4198F95104F6A069063D656BE5E681C1D4D7408C411835BB9209C251F63A21A7A5F852DA2CC23B46823FE1319F6C698EC00CDF7A8A9679CECCAF37FD8EEA2C131C6358F6415845E77A71DD3DB45636E3E622B5B423825484F679E3979B879B5B5BCCCD06C3540B8761A09B6AAF2708870F5923354163D1D1563C6BD518B98EC1C1BD361A1A275DD34A281F4B00B37DB52B04CF287A90851ED05E36A26682297B5055D8FB8C14116FF0FBB2A4F5243F1ECC8B24EFCAB98645F35DED1D4A3214B0A9C243A7CAB17EEEB322636DC8F4F4E02B694FA29060EF18ED490397EBF078801A4CC3CBE26E025D923581D214"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'explorer.exe'(2076)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nisvcloc.exe

c:\programme\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\TPSBattM.exe

c:\windows\system32\igfxsrvc.exe

c:\programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-06-29  21:48:08 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-06-29 19:47

.

Vor Suchlauf: 6 Verzeichnis(se), 70.021.533.696 Bytes frei

Nach Suchlauf: 8 Verzeichnis(se), 70.108.164.096 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 57E6F3D922C381A1C74692623CA23E61
--- --- ---