ComboFix 09-02-21.01 - Bernhard 2009-02-22 14:55:20.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2046.1064 [GMT 1:00] ausgeführt von:: c:\users\Bernhard\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf D:\resycled d:\resycled\boot.com O:\Autorun.inf O:\resycled . ((((((((((((((((((((((( Dateien erstellt von 2009-01-22 bis 2009-02-22 )))))))))))))))))))))))))))))) . 2009-02-22 13:17 . 2009-02-22 13:17 d-------- c:\users\Bernhard\AppData\Roaming\Malwarebytes 2009-02-22 13:17 . 2009-02-22 13:17 d-------- c:\users\All Users\Malwarebytes 2009-02-22 13:17 . 2009-02-22 13:17 d-------- c:\programdata\Malwarebytes 2009-02-22 13:17 . 2009-02-22 13:17 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-22 13:17 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-02-22 13:17 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-02-22 00:36 . 2009-02-22 00:36 d-------- c:\windows\System32\Kaspersky Lab 2009-02-22 00:36 . 2009-02-22 00:36 79 --a------ c:\windows\wininit.ini 2009-02-13 19:51 . 2009-02-13 19:51 d-------- c:\program files\Trend Micro 2009-01-26 19:09 . 2009-01-26 19:10 d-------- c:\program files\Zattoo . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 12:41 32,554 ----a-w c:\users\Bernhard\AppData\Roaming\nvModes.dat 2009-02-22 11:21 --------- d-----w c:\program files\StarMoney 6.0 S-Edition 2009-02-22 11:03 --------- d-----w c:\users\Bernhard\AppData\Roaming\FileZilla 2009-02-21 23:07 --------- d-----w c:\programdata\Spybot - Search & Destroy 2009-02-21 23:04 --------- d-----w c:\users\Bernhard\AppData\Roaming\Orbit 2009-02-21 22:58 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-20 12:49 32,328 ----a-w c:\users\Schule\AppData\Roaming\nvModes.dat 2009-02-16 11:11 --------- d-----w c:\program files\FileZilla FTP Client 2009-01-31 18:32 --------- d-----w c:\users\Bernhard\AppData\Roaming\phpDesigner 2009-01-19 15:19 --------- d-----w c:\programdata\Symantec 2009-01-12 19:06 --------- d-----w c:\users\Bernhard\AppData\Roaming\Tobit 2009-01-10 23:42 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-10 23:42 --------- d-----w c:\program files\PC Inspector File Recovery 2009-01-08 12:40 --------- d-----w c:\users\Bernhard\AppData\Roaming\Teeworlds 2009-01-07 16:32 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-07 10:06 --------- d-----w c:\users\Schule\AppData\Roaming\TourDeFlex.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-01-06 14:01 --------- d-----r c:\program files\Norton Support 2009-01-06 12:15 --------- d-----w c:\users\Bernhard\AppData\Roaming\TourDeFlex.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-01-06 12:15 --------- d-----w c:\program files\TourDeFlex 2009-01-06 11:54 --------- d-----w c:\users\Bernhard\AppData\Roaming\be.boulevart.labs.google.gas.45760F0F8DCD5D07542C1ED0B6EC67F01FF0B30E.1 2009-01-06 11:54 --------- d-----w c:\program files\Analytics Reporting Suite - beta 3.2 2009-01-06 00:55 --------- d-----w c:\users\Bernhard\AppData\Roaming\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1 2009-01-06 00:54 --------- d-----w c:\program files\eBay Desktop 2009-01-06 00:50 --------- d-----w c:\program files\Common Files\Adobe AIR 2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr 2009-01-05 12:09 --------- d-----w c:\users\Bernhard\AppData\Roaming\Pampolina-Direkt 2009-01-03 23:24 --------- d-----w c:\program files\Orbitdownloader 2008-12-24 05:21 --------- d-----w c:\users\Bernhard\AppData\Roaming\RapidSolution Software AG 2008-12-24 00:24 --------- d-----w c:\program files\Common Files\Tobit 2008-12-24 00:11 --------- d-----w c:\users\Bernhard\AppData\Roaming\phonostar-Player 2008-12-24 00:11 --------- d-----w c:\program files\phonostar 2008-12-24 00:01 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-12-23 23:58 --------- d-----w c:\program files\Sytexis Software 2008-12-23 23:54 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2008-12-23 23:54 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2008-12-23 23:54 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2008-12-23 23:54 --------- d-----w c:\program files\Symantec 2008-12-23 23:53 --------- d-----w c:\programdata\Norton 2008-12-23 23:53 --------- d-----w c:\program files\Norton Internet Security 2008-12-23 23:49 --------- d-----w c:\programdata\NortonInstaller 2008-12-23 23:35 --------- d-----w c:\users\Bernhard\AppData\Roaming\RadioRipper 2008-12-23 23:28 --------- d-----w c:\programdata\PCSettings 2008-12-23 23:27 --------- d-----w c:\program files\NortonInstaller 2008-12-23 23:18 --------- d-----w c:\users\Bernhard\AppData\Roaming\Audacity 2008-12-23 23:18 --------- d-----w c:\program files\RadioRipper 2008-12-23 23:04 --------- d-----w c:\program files\Ratajik Software 2008-12-23 22:58 --------- d-----w c:\users\Bernhard\AppData\Roaming\No23 2008-12-23 21:46 --------- d-----w c:\users\Bernhard\AppData\Roaming\App Launcher Gadget 2008-12-23 19:38 --------- d-----w c:\program files\RapidSolution 2008-12-23 18:19 --------- d-----w c:\programdata\RapidSolution 2008-12-23 16:09 --------- d-----w c:\users\Bernhard\AppData\Roaming\RapidSolution 2008-12-23 16:07 --------- d-----w c:\program files\PixiePack Codec Pack 2008-12-20 20:19 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-12-20 20:18 315,392 ----a-w c:\windows\HideWin.exe 2008-11-02 10:54 174 --sha-w c:\program files\desktop.ini 2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll 2008-03-16 12:30 216,064 --sh--r c:\windows\System32\nbDX.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] "Google Update"="c:\users\Bernhard\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-02 133104] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PLFSet"="c:\windows\PLFSet.dll" [2007-03-09 45056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-04 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-04 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-04 81920] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-27 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-09-27 c:\windows\SkyTel.exe] c:\users\Schule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Xecutor.lnk - c:\program files\Xecutor\Xecutor.exe [2008-11-01 1326080] c:\users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Xecutor.lnk - c:\program files\Xecutor\Xecutor.exe [2008-11-01 1326080] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "msacm.l3acm"= c:\windows\system32\l3codecp.acm "msacm.l3codec"= c:\windows\system32\l3codecp.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\[u]0[/u]autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer] --a------ 2008-09-19 13:10 126976 c:\program files\phonostar\ps_timer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-18 23:38 1008184 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a------ 2008-02-29 03:12 76304 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{45B0CE88-718E-4C20-A458-FC3F6D0CB7F7}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{B51B5B69-67E2-4ABA-806D-BB483117EC88}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{ED549E96-1E38-41C5-97E5-8AE6CE9C05D0}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{5AB7C772-17ED-4418-9564-34F82DBFD580}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{2D0A663F-BA50-479F-A659-94404BFB3A5B}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{EBE00BE5-48E0-4045-B1CC-BBB81A27E5CA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4C2B4FFC-EEA0-4616-90EE-A068DCDEE66D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4784BFC3-7973-4FE8-9675-62831EE00A39}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{7F15EF89-2019-4CD7-8FE7-A6929DDE28F8}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{A68C793C-9A90-4901-A3F3-D94A5C7EEB1A}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM "{26D81E48-136C-4DF4-9A52-776AA1FE4D66}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{2CD16944-B1E1-4C8F-AF8D-C5EC1B214EC1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{DD53D772-6CF2-43AF-A115-C0647C8C07AB}"= UDP:c:\program files\MirandaFusion\miranda32.exe:Miranda Fusion "{61D7140C-0FED-4B43-AC27-3A710D04CBBD}"= TCP:c:\program files\MirandaFusion\miranda32.exe:Miranda Fusion "{E33E5983-DB3C-4CA0-986B-AF737A27626A}"= UDP:5721:LocalSubnet:LocalSubnet|IF={802DDFC3-210E-42DA-B055-C06ADAF8B13E}:@%systemroot%\WindowsMobile\wmdc.exe,-4002 "{7BBC95A2-AE11-4214-8CAD-50B89C30076A}"= UDP:1034:LocalSubnet:LocalSubnet|IF={802DDFC3-210E-42DA-B055-C06ADAF8B13E}:@%systemroot%\WindowsMobile\wmdc.exe,-4003 "{39E9A5BC-01F7-43BA-834C-A60208A8515B}"= UDP:5678:LocalSubnet:LocalSubnet|IF={802DDFC3-210E-42DA-B055-C06ADAF8B13E}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004 "{D87EEA7D-4C1C-44AC-A3DA-BD39936C98EA}"= UDP:999:LocalSubnet:LocalSubnet|IF={802DDFC3-210E-42DA-B055-C06ADAF8B13E}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005 "{17CF5151-0D7E-4FAD-B074-429C1E450D2E}"= UDP:26675:LocalSubnet:LocalSubnet|IF={802DDFC3-210E-42DA-B055-C06ADAF8B13E}:@%systemroot%\WindowsMobile\wmdc.exe,-4006 "{BB8F4E58-7B87-4F25-BD31-4E415CF4EB56}"= UDP:990:LocalSubnet:LocalSubnet|IF={802DDFC3-210E-42DA-B055-C06ADAF8B13E}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001 "{FBB6A345-97AF-4573-92E5-81EA2F5B5E8B}"= UDP:5721:LocalSubnet:LocalSubnet|IF={20559536-5DB2-4C33-8876-60E3022F54AE}:@%systemroot%\WindowsMobile\wmdc.exe,-4002 "{30BF037F-247B-4364-9ACB-A4BFF173951E}"= UDP:1034:LocalSubnet:LocalSubnet|IF={20559536-5DB2-4C33-8876-60E3022F54AE}:@%systemroot%\WindowsMobile\wmdc.exe,-4003 "{92338D76-7F88-4C66-AD7E-E8DEAB67DF61}"= UDP:5678:LocalSubnet:LocalSubnet|IF={20559536-5DB2-4C33-8876-60E3022F54AE}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004 "{98FC6073-3FD0-4C96-86CC-1DAA683FA801}"= UDP:999:LocalSubnet:LocalSubnet|IF={20559536-5DB2-4C33-8876-60E3022F54AE}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005 "{31D03C8D-9F98-46E6-A11F-1E9EAEAA4D87}"= UDP:26675:LocalSubnet:LocalSubnet|IF={20559536-5DB2-4C33-8876-60E3022F54AE}:@%systemroot%\WindowsMobile\wmdc.exe,-4006 "{C28EB93C-D8A2-4D58-A179-A91CB3D1A5B8}"= UDP:990:LocalSubnet:LocalSubnet|IF={20559536-5DB2-4C33-8876-60E3022F54AE}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001 "{A55D51E3-CBAC-4A06-B09E-DB07500989A5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{28D36B73-BD30-46D5-BCC5-72538F22533D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{8A68CD8F-0F6C-4C65-BBF0-274D5BDE863E}"= UDP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server "{EC619826-2912-4EDD-BB4C-F87C73AA7EE6}"= TCP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server "{D2C6C660-3871-4ADA-8127-19A83A88B159}"= UDP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player "{328DDCA6-2CC3-47C8-A7E1-4B0C9E0414A1}"= TCP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-17 255536] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-17 362544] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090217.002\IDSvix86.sys [2009-02-22 292912] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\[u]0[/u]00.fcl [2008-11-01 13:57:41 13560] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-17 115560] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-21 1153368] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-17 99376] R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\System32\drivers\PPJoyBus.sys [2004-01-23 13952] R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1002000.007\symndisv.sys [2009-01-17 40496] R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-05-11 43008] S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-05-11 179712] S3 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-07-23 693512] S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-07-23 910600] S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\System32\drivers\PPortJoy.sys [2004-01-23 28800] S3 TMPService;TrafficMonitor Packettreiber Initialisierung;c:\program files\TrafficMonitor\TMPacketServiceInit.exe [2008-12-09 692808] S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2008-11-02 80744] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - SymEFA [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com o: \shell\Open\command - resycled\boot.com o: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1241b430-a818-11dd-ba86-0013e8325f3d}] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com o: \shell\Open\command - resycled\boot.com o: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1241b434-a818-11dd-ba86-0013e8325f3d}] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h: \shell\Open\command - resycled\boot.com h: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1241b438-a818-11dd-ba86-0013e8325f3d}] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com p: \shell\Open\command - resycled\boot.com p: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdc48851-a809-11dd-bdfb-806e6f6e6963}] \shell\AutoRun\command - E:\PicasaCD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e989ddc8-dbfa-11dd-97d5-c79963dac7f4}] \shell\AutoRun\command - F:\StartPortableApps.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e989ddce-dbfa-11dd-97d5-c79963dac7f4}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Inhalt des "geplante Tasks" Ordners 2009-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412974691-1154792837-3567126814-1000.job - c:\users\Bernhard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-02 19:06] . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-eRecoveryService - (no file) HKU-Default-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe ShellExecuteHooks-{93f261fc-7dce-4268-9edb-4c94f8afb899} - mscoree.dll MSConfigStartUp-ClipIncSrvTray - c:\program files\Tobit ClipInc\Player\ClipIncTray.exe MSConfigStartUp-SetPanel - c:\acer\APanel\APanel.cmd . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://de.intl.acer.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://de.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: {3B444E47-DEE5-4774-80DB-E144E9FEF566} = 192.168.0.1 TCP: {B8414ADE-A623-4E7A-8B0B-529DE8DFC0D0} = 192.168.178.1,0.0.0.0 Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll FF - ProfilePath - c:\users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\dlxva49j.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (de) FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - component: c:\users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\dlxva49j.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\users\Bernhard\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 14:58:54 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(1212) c:\windows\system32\eNetHook.dll - - - - - - - > 'lsass.exe'(784) c:\windows\system32\eNetHook.dll . Zeit der Fertigstellung: 2009-02-22 15:01:02 ComboFix-quarantined-files.txt 2009-02-22 14:00:59 Vor Suchlauf: 20 Verzeichnis(se), 61.617.070.080 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 61,588,013,056 Bytes frei 287 --- E O F --- 2008-12-19 11:18:58