ComboFix 09-02-06.04 - Kai 2009-02-08 14:31:21.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1535.1186 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\Kai\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\Kai\Anwendungsdaten\~tmp.html c:\windows\odb.exe c:\windows\system32\i c:\windows\system32\setup_25420.exe c:\windows\system32\wsnpoem . ((((((((((((((((((((((( Dateien erstellt von 2009-01-08 bis 2009-02-08 )))))))))))))))))))))))))))))) . 2009-02-08 13:00 . 2009-02-08 13:00 d-------- c:\dokumente und einstellungen\Standart\Anwendungsdaten\Lavasoft 2009-02-07 17:17 . 2009-02-07 17:17 41,984 -r-hs---- c:\windows\system32\actmoviez.exe 2009-02-07 17:17 . 2009-02-07 17:18 109 --ahs---- c:\windows\system32\4194408.dat 2009-01-30 20:49 . 2009-01-30 20:49 d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\dscollect 2009-01-23 17:06 . 2009-01-23 17:10 4,829 --a------ c:\windows\BricoPackFoldersDelete.cmd 2009-01-11 20:43 . 2009-01-11 20:45 d-------- c:\programme\DivX . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-08 13:19 --------- d-----w c:\dokumente und einstellungen\Kai\Anwendungsdaten\Free Download Manager 2009-02-07 23:07 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2009-02-03 18:59 --------- d-----w c:\dokumente und einstellungen\Kai\Anwendungsdaten\MegauploadToolbar 2009-01-23 16:10 52,813 ----a-w c:\windows\BricoPackUninst.cmd 2008-12-24 20:47 --------- d-----w c:\programme\SecondLife 2008-12-24 19:39 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2008-12-24 19:39 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-24 18:43 --------- d-----w c:\programme\SystemRequirementsLab 2008-12-24 18:17 --------- d-----w c:\programme\Electronic Arts 2008-12-24 18:16 2,746 ----a-w c:\windows\system32\ealregsnapshot1.reg 2008-12-24 18:16 --------- d-----w c:\dokumente und einstellungen\Kai\Anwendungsdaten\Leadertech 2008-12-24 18:02 --------- d-----w c:\programme\EA GAMES 2008-12-23 08:11 --------- d-----w c:\programme\Cossacks - The Art Of War 2008-12-08 20:56 --------- d-----w c:\programme\Burn4Free 2008-11-23 14:53 98,304 ----a-w c:\windows\system32CmdLineExt.dll 2008-11-13 08:39 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll 2008-11-09 13:38 152,904 ----a-w c:\windows\system32\vghd.scr 2008-03-23 20:14 32 ----a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\ezsid.dat 2008-01-09 18:54 22,328 ----a-w c:\dokumente und einstellungen\Kai\Anwendungsdaten\PnkBstrK.sys 2006-01-06 00:31 6,029,312 ----a-w c:\programme\speed.exe 2008-04-07 07:32 67,696 ----a-w c:\programme\mozilla firefox\components\jar50.dll 2008-04-07 07:32 54,376 ----a-w c:\programme\mozilla firefox\components\jsd3250.dll 2008-04-07 07:32 34,952 ----a-w c:\programme\mozilla firefox\components\myspell.dll 2008-04-07 07:33 46,720 ----a-w c:\programme\mozilla firefox\components\spellchk.dll 2008-04-07 07:33 172,144 ----a-w c:\programme\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- 2006-03-04 05:00 669184 c91b7839095133064f9c898897f8d64c c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll 2006-05-10 06:26 669184 2e9fffc696613e2e38f2263ade718c67 c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll 2006-06-23 12:25 670208 05e47ea6708bd99df2d8e4abd55df079 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll 2006-09-14 09:36 670208 c98f3024049aaeafae1340d94c16fdc8 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll 2006-10-23 16:34 670208 47bbfeb4909d45064a992c3068610b06 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll 2007-01-04 15:02 670720 04a670155a6d86dfbf562f45544e1908 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll 2007-02-19 16:22 671232 e2cb4d46ff3638bff234ae4253bc6430 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll 2007-04-18 13:44 671232 af95c8d19c4391550dbb9fb78d078fa2 c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll 2007-06-26 15:39 671232 8ffb79a006666912364801ae679e618e c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll 2007-08-22 13:56 671232 d6140d5095e62bd609df3201c7b854ac c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll 2007-10-11 06:58 671744 6be2cddc28610d9e73e54678a131b253 c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll 2007-12-07 01:46 671744 273f4b37b80c8d398713a88b788fe59b c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll 2008-02-16 10:30 671744 6c49192217df0509bc6a576535545529 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll 2008-04-21 07:56 672256 018aded93507a4aea4f55741863dbc9e c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll 2008-04-21 07:42 671744 11d26d87e041000ea4c0128cd0010f7a c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll 2008-04-21 07:24 672256 645a4a4884eb5eb8453c01531fcbec3a c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll 2008-06-23 17:14 672768 878f506d7f69e06bccdc86c2a4d17633 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll 2008-06-23 16:10 671744 978542595cf09a86e2ef60552a35c937 c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll 2008-06-23 15:55 672256 6432638b5ce374d912c0c4f2a9f03dae c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll 2008-08-20 06:33 673280 66af60c255953898c67993cd665a2d22 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll 2008-08-20 06:08 671744 c5326257f4fee83e24b06cd4bc08eba2 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll 2008-08-20 06:06 672256 503d9be987b9a3964816fed082f45771 c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll 2008-10-16 11:22 673280 3bdcd8e52a29a36f2a4d76789df37fe1 c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll 2008-10-16 02:00 671744 10a2c485838d5b95ccf7905e21e9a80a c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll 2008-10-16 02:03 672768 7dbe34da22cab4be922638540048379f c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll 2001-08-18 13:00 599552 b3b023b390f7ab35900d87ae4474a045 c:\windows\$NtServicePackUninstall$\wininet.dll 2004-08-03 23:57 662016 b1a1da99c4a6ebfd59f86a453bf02f39 c:\windows\$NtUninstallKB912812$\wininet.dll 2006-03-04 04:34 664064 b29b257bd34bcf1a754c3f3a3ab98a07 c:\windows\$NtUninstallKB916281$\wininet.dll 2006-05-10 06:23 1223680 bb9bc26f4fa9797063c04267330f637e c:\windows\$NtUninstallKB918899$\wininet.dll 2006-06-23 12:10 664576 9a73ca7a43ab311cac76686add9d946f c:\windows\$NtUninstallKB922760$\wininet.dll 2006-09-14 09:39 664576 792df201f5e3dbe2c91bc40de0f62972 c:\windows\$NtUninstallKB925454$\wininet.dll 2006-10-23 16:17 664576 0eb2d621dcbc6ed6d5b48867455a165c c:\windows\$NtUninstallKB928090$\wininet.dll 2007-01-04 14:41 664576 4bb0103a8598f7ff813128956cdac8e6 c:\windows\$NtUninstallKB931768$\wininet.dll 2007-02-19 16:03 664576 8d4066f7d4ac8a6174c3dd00311cc042 c:\windows\$NtUninstallKB933566$\wininet.dll 2007-04-18 13:31 664576 905d02fa6d80f2419642649511dda661 c:\windows\$NtUninstallKB937143$\wininet.dll 2007-06-26 15:09 664576 235369f1cb42b6df354a40586de1c4b8 c:\windows\$NtUninstallKB939653$\wininet.dll 2007-08-22 14:13 664576 8d3cca79f45918f6164b5be5a3364b19 c:\windows\$NtUninstallKB942615$\wininet.dll 2007-10-11 07:12 665088 dc532b5bd08e02df13c9f166d0f4f73b c:\windows\$NtUninstallKB944533$\wininet.dll 2007-12-07 02:06 665088 84e9262ed72810cff255befd188d4038 c:\windows\$NtUninstallKB947864$\wininet.dll 2008-02-16 09:59 665088 34b6ee86f286b2595539e1617962256d c:\windows\$NtUninstallKB950759$\wininet.dll 2008-04-21 08:01 665088 fbed32c104bd9410e2da2d3ac1ce4008 c:\windows\$NtUninstallKB953838$\wininet.dll 2008-06-23 16:38 665088 1b540e19adc30a53c8410dcbbab1ef53 c:\windows\$NtUninstallKB956390$\wininet.dll 2008-08-20 06:35 665088 53163d419c4780f65c114e746fae1e49 c:\windows\$NtUninstallKB958215$\wininet.dll 2008-10-16 11:37 1142784 0d1fb8caac7a202d3c8244817b525442 c:\windows\ServicePackFiles\i386\wininet.dll 2008-04-14 03:22 671744 b4aee98a48917b274facfb78bbe0bc84 c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\wininet.dll 2008-10-16 11:37 1142784 0d1fb8caac7a202d3c8244817b525442 c:\windows\system32\wininet.dll 2008-10-16 11:37 665088 8f865b36ea1c77a4f1f0e118560f5775 c:\windows\system32\dllcache\wininet.dll 2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2001-08-18 13:00 327168 e7774698bb0d14b0710a9a31e209f9b6 c:\windows\$NtServicePackUninstall$\tcpip.sys 2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB913446$\tcpip.sys 2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys 2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys 2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys 2004-08-03 22:14 359040 1745b00fc1141404b28f4b94f69a8871 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\tcpip.sys 2008-06-20 11:45 360320 1cc09561e21a48a7f649a40f18235860 c:\windows\system32\dllcache\tcpip.sys 2008-06-20 11:45 360320 1cc09561e21a48a7f649a40f18235860 c:\windows\system32\drivers\tcpip.sys 2007-06-13 14:21 3198976 37cc4d2560bd46ccd8422ecb31594acb c:\windows\explorer.exe 2007-06-13 14:10 1036288 331ed93570baf3cfe30340298762cd56 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2001-08-18 13:00 1004032 d1a32c0c43f7cb53050042fd631020d9 c:\windows\$NtServicePackUninstall$\explorer.exe 2004-08-03 23:57 1884160 0bf8ddf539ebb834c554091cc3385276 c:\windows\$NtUninstallKB938828$\explorer.exe 2007-06-13 14:21 3198976 37cc4d2560bd46ccd8422ecb31594acb c:\windows\ServicePackFiles\i386\explorer.exe 2008-04-14 03:22 1036800 418045a93cd87a352098ab7dabe1b53e c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\explorer.exe 2007-06-13 14:21 1036288 64d320c0e301eedc5a4adbbdc5024f7f c:\windows\system32\dllcache\explorer.exe 2001-08-18 13:00 114176 c2b468065cb4ebfd490e7875a3eacbcb c:\windows\$NtServicePackUninstall$\wuauclt.exe 2008-10-16 14:09 69144 2bd9953cefe840caf31c2d6d1f9ad179 c:\windows\ServicePackFiles\i386\wuauclt.exe 2008-04-14 03:23 111616 65e60c18ddb0215c201ff75e32d564c8 c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\wuauclt.exe 2008-10-16 14:09 69144 2bd9953cefe840caf31c2d6d1f9ad179 c:\windows\system32\wuauclt.exe 2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "smapp"="c:\programme\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "WinampAgent"="c:\programme\Winamp\winampa.exe" [2007-05-14 35328] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360] c:\dokumente und einstellungen\Kai\Startmen\Programme\Autostart\ Prefetcherlite.bat.lnk - c:\dokumente und einstellungen\Kai\Eigene Dateien\Batch\Power disk scanner\Windows\Sicherheit\Prefetcherlite.bat [2006-07-24 525] RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 344064] Verknpfung mit Logonwriter.lnk - c:\dokumente und einstellungen\Kai\Eigene Dateien\Batch\Power disk scanner\Windows\Logonwriter.vbs [2006-04-23 3020] Verknpfung mit Prefetcherlite.lnk - c:\dokumente und einstellungen\Kai\Eigene Dateien\Batch\Power disk scanner\Windows\Sicherheit\Prefetcherlite.bat [2006-07-24 525] Y'z Toolbar.lnk - c:\windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 90112] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "msacm.imc"= imc32.acm "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "VIDC.MPG4"= msmpeg4.dll "VIDC.MP42"= msmpeg4.dll "VIDC.MP43"= msmpeg4.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] UpdateWin REG_SZ c:\windows\system32\actmoviez.exe [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BOINC Manager.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\BOINC Manager.lnk backup=c:\windows\pss\BOINC Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Kai^Startmenü^Programme^Autostart^Stardock ObjectDock.lnk] path=c:\dokumente und einstellungen\Kai\Startmenü\Programme\Autostart\Stardock ObjectDock.lnk backup=c:\windows\pss\Stardock ObjectDock.lnkStartup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Kai^Startmenü^Programme^Autostart^Y'z ToolBar.lnk] path=c:\dokumente und einstellungen\Kai\Startmenü\Programme\Autostart\Y'z ToolBar.lnk backup=c:\windows\pss\Y'z ToolBar.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] --a------ 2008-07-22 12:34 2772992 c:\programme\Electronic Arts\EADM\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch] --a------ 2006-03-27 14:04 712704 c:\programme\Maxtor\OneTouch\Utils\OneTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 17:24 1694208 c:\programme\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu] --a------ 2005-10-17 15:24 81920 c:\programme\Maxtor\OneTouch Status\MaxMenuMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smapp] --a------ 2003-05-05 07:57 143360 c:\programme\Analog Devices\SoundMAX\SMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-11-10 12:03 36975 c:\programme\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 16:45 313472 c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateWin] -r-hs---- 2009-02-07 17:17 41984 c:\windows\system32\actmoviez.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\SmartFTP\\SmartFTP.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "c:\\Programme\\LucasArts\\Star Wars Empire at War\\LaunchEAW.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\ICQ6\\ICQ.exe"= "c:\\Programme\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"= "c:\\Programme\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"= "c:\\Programme\\SmartFTP Client\\SmartFTP.exe"= R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [2008-07-01 222456] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26d46a37-d2f6-11da-b874-806d6172696f}] \Shell\AutoRun\command - G:\Start.exe . - - - - Entfernte verwaiste Registrierungseinträge - - - - SharedTaskScheduler-IPC Configuration Utility - (no file) MSConfigStartUp-ICQ Lite - c:\programme\ICQLite\ICQLite.exe MSConfigStartUp-Lexmark 2200 Series - c:\programme\Lexmark 2200 Series\lxbvbmgr.exe MSConfigStartUp-odb - c:\windows\odb.exe MSConfigStartUp-TkBellExe - c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe MSConfigStartUp-ToADiMon - c:\programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe MSConfigStartUp-Zone Labs Client - c:\programme\Zone Labs\ZoneAlarm\zlclient.exe . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.kapiland.de/ IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML IE: Download all with Free Download Manager - file://c:\programme\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\programme\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\programme\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\programme\Free Download Manager\dllink.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\dokumente und einstellungen\Kai\Startmenü\Programme\IMVU\Run IMVU.lnk FF - ProfilePath - c:\dokumente und einstellungen\Kai\Anwendungsdaten\Mozilla\Firefox\Profiles\p5s2la9b.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\dokumente und einstellungen\Kai\Anwendungsdaten\Mozilla\Firefox\Profiles\p5s2la9b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\dokumente und einstellungen\Kai\Anwendungsdaten\Mozilla\Firefox\Profiles\p5s2la9b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll FF - component: c:\progra~1\MOZILL~1\components\xpinstal.dll FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\programme\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-08 14:34:04 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-220523388-117609710-682003330-1004\Software\SecuROM\License information*] "datasecu"=hex:04,22,92,c8,46,e0,ff,d3,66,c4,b2,69,f7,62,4b,0a,1b,72,87,ad,c4, 50,a2,36,ca,c1,e9,95,5c,4d,fd,e6,a4,cb,ba,d0,c6,30,5f,ee,89,76,15,ee,ac,cd,\ "rkeysecu"=hex:c9,7f,d7,13,89,d9,3d,c5,fe,10,14,0d,05,a0,bb,59 . Zeit der Fertigstellung: 2009-02-08 14:36:52 ComboFix-quarantined-files.txt 2009-02-08 13:35:35 Vor Suchlauf: 7.680.479.232 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 10,144,116,736 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 280 --- E O F --- 2008-12-21 10:46:12