ComboFix 09-06-14.02 - BlueDolphin 15.06.2009 20:17.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.685 [GMT 2:00] ausgeführt von:: c:\unzip\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning disabled* (Updated) {84739484-FFA4-0121-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning disabled* (Updated) {8476C83C-FFA4-0121-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {00000246-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8462A65C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84648A1C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84656054-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8469BDDC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {846D665C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {846DCBFC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8476847C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8476947C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8476C3AC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8476C65C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8476E3E4-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8477B7BC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8477CA1C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8479D3EC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {847A243C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {847CBDDC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {847CCDDC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {847D283C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {847E4DDC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84AEB7CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84AF37CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84B9F7CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84BCD7CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84BD77CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84BE67CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84BE97CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84BF47CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84C1B7CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84C5F7CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84C657CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84C6B7CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84C737CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84C887CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84C9E7CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84CA67CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84CA87CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84CBA7CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84CC27CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84CC77CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84D017CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84D017CC-FFA4-0121-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84D027CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84D037CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84D147CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84D1E7CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84D2D7CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84D447CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84D467CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {84D567CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8503B274-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {85772DDC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {85FE63FC-FFA4-0121-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86014984-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8601F27C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8608B864-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {860916BC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {860D49DC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {860E335C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {860F83AC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86100824-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8611ABDC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8614591C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8614F2E4-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {861AB26C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {861AC3EC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {861C451C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {861C712C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {861D684C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {861EA3F4-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {861ED8CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86216A6C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8622289C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86227C44-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {862405D4-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8625466C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86264994-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86264DDC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86272C04-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86284A6C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86294DDC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {862B3054-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86319644-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8632852C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86368634-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8638146C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86393B04-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {863B3B04-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {863C765C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {863CE6DC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {863F0694-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86416724-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86417354-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8641991C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {864203B4-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8642664C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86433634-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8644647C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8644965C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8644A17C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8646B96C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8646C4AC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86492DDC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8650352C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8653D9CC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {865CB9BC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {865D94AC-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {865F28D4-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8660761C-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {86618874-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {8661E978-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {BADB0D00-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {F7874540-FFA4-00DF-0D24-347CA8A3377C} AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {FFFFFFFF-FFA4-00DF-0D24-347CA8A3377C} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\programme\INSTALL.LOG C:\sys.txt . ((((((((((((((((((((((( Dateien erstellt von 2009-05-15 bis 2009-06-15 )))))))))))))))))))))))))))))) . 2009-06-14 12:35 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\74471850.sys 2009-06-14 05:16 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\78830377.sys 2009-06-13 13:45 . 2009-06-14 05:12 -------- d-----w- c:\dokumente und einstellungen\BlueDolphin\DoctorWeb 2009-06-13 13:32 . 2009-06-13 13:32 -------- d-----w- c:\dokumente und einstellungen\BlueDolphin\Anwendungsdaten\Malwarebytes 2009-06-13 13:32 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-13 13:32 . 2009-06-13 13:32 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-06-13 13:32 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-13 13:32 . 2009-06-14 04:54 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2009-06-13 13:31 . 2009-06-13 13:31 -------- d-----w- c:\programme\Trend Micro 2009-06-13 13:29 . 2009-06-13 13:29 -------- d-sh--w- c:\dokumente und einstellungen\BlueDolphin\PrivacIE 2009-06-13 13:29 . 2009-06-13 13:29 -------- d-sh--w- c:\dokumente und einstellungen\BlueDolphin\IETldCache 2009-06-13 13:24 . 2009-06-13 13:24 -------- d-----w- c:\windows\ie8updates 2009-06-13 13:23 . 2009-06-13 13:24 -------- dc-h--w- c:\windows\ie8 2009-06-13 13:05 . 2009-06-13 13:05 -------- d-----w- C:\WinBoard_UpdatePack 2009-06-12 18:48 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-12 18:48 . 2009-04-30 21:12 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-12 18:47 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-06-02 13:22 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-02 13:22 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-02 13:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-02 13:22 . 2009-06-02 13:22 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira 2009-06-02 12:28 . 2009-06-02 12:28 -------- d-----w- C:\Aufnahme 2009-06-02 12:27 . 2009-06-02 12:27 -------- d-----w- c:\programme\Avira 2009-06-02 12:26 . 2009-06-02 12:52 -------- d-----w- c:\programme\CDex_150 2009-06-02 12:25 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-15 18:21 . 2006-01-04 16:43 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000005-00001102-00000004-20021102}.dat 2009-06-15 18:21 . 2006-01-04 16:43 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000005-00001102-00000004-20021102}.dat 2009-06-15 18:08 . 2008-10-12 09:47 -------- d-----w- c:\programme\DAEMON Tools Lite 2009-06-15 18:07 . 2008-10-07 17:30 -------- d-----w- c:\programme\Virtual CD v9 2009-06-15 18:07 . 2005-09-19 14:40 -------- d--h--w- c:\programme\InstallShield Installation Information 2009-06-15 18:04 . 2008-04-29 11:52 -------- d-----w- c:\programme\NATIONAL_GEOGRAPHIC 2009-06-15 18:03 . 2006-07-25 21:14 -------- d-----w- c:\programme\Spyware Doctor 2009-06-15 18:03 . 2007-01-30 11:36 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2009-06-15 18:02 . 2005-12-26 11:45 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-06-15 18:02 . 2005-12-26 11:45 -------- d-----w- c:\programme\Spybot - Search & Destroy 2009-06-14 09:43 . 2007-05-28 03:44 47108 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-14 09:43 . 2007-05-28 03:44 3437088 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-05-13 05:02 . 2005-09-18 23:43 915456 ----a-w- c:\windows\system32\wininet.dll 2009-04-28 13:46 . 2007-01-01 12:58 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2009-04-14 04:21 . 2006-01-15 08:16 4990 ----a-w- c:\windows\Help\hhcolreg.dat 2009-04-12 15:19 . 2005-09-18 23:43 73542 ----a-w- c:\windows\system32\perfc007.dat 2009-04-12 15:19 . 2005-09-18 23:43 410472 ----a-w- c:\windows\system32\perfh007.dat 2009-04-12 15:13 . 2005-09-19 14:02 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-05 06:28 . 2005-09-19 14:48 68704 ----a-w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2008-09-08 12:18 . 2007-01-04 11:16 1323 ----a-w- c:\programme\FotoClinic.ini 2007-02-06 08:17 . 2007-02-06 08:14 20247288 ----a-w- c:\programme\SkypeSetup.exe 2007-01-04 11:16 . 2007-01-04 11:16 3678 ----a-w- c:\programme\INSTALL1.LOG 2007-01-04 11:16 . 2007-01-04 11:15 1468 ----a-w- c:\programme\Install.cfg 2007-01-04 11:16 . 2007-01-04 11:16 894 ----a-w- c:\programme\reinstall3rdParty.ini 2007-01-04 11:16 . 2007-01-04 11:16 140 ----a-w- c:\programme\Validation.ini 2007-01-04 11:16 . 2007-01-04 11:16 2764 ----a-w- c:\programme\register.rtf 2006-07-17 10:01 . 2007-01-04 11:16 196608 ----a-w- c:\programme\reinstall3rdParty.exe 2006-02-14 14:03 . 2007-01-04 11:16 24576 ----a-w- c:\programme\Validation.exe 2005-11-02 14:34 . 2007-01-04 11:16 16460 ----a-w- c:\programme\support.rtf 2005-09-02 14:54 . 2007-01-04 11:15 402131 ----a-w- c:\programme\pa.hlp 2005-09-02 14:54 . 2007-01-04 11:15 5505 ----a-w- c:\programme\pa.cnt 2005-08-15 16:30 . 2007-01-04 11:15 237568 ----a-w- c:\programme\MxAutoUpdate.dll 2005-06-16 08:43 . 2007-01-04 11:15 8980 ----a-w- c:\programme\license.txt 2004-04-15 14:48 . 2007-01-04 11:16 32768 ----a-w- c:\programme\MagixUpdater.exe 2002-02-18 10:06 . 2007-01-04 11:15 6034 ----a-w- c:\programme\uninstall.ini 1999-12-10 12:00 . 2007-01-04 11:16 431376 ----a-w- c:\programme\riched20.dll 2007-05-29 09:18 . 2007-05-28 03:44 15904 --sha-w- c:\windows\system32\drivers\fidbox2.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2008-02-14 12:54 1555480 ----a-w- c:\programme\free-downloads.net\tbfree.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "OpwareSE4"="c:\programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\BlueDolphin\Startmen\Programme\Autostart\ is-A46EQ.lnk - c:\unzip\Virus Removal Tool\is-A46EQ\startup.exe [2009-6-14 65536] c:\dokumente und einstellungen\BlueDolphin\Startmen\Programme\Autostart\ is-A46EQ.lnk - c:\unzip\Virus Removal Tool\is-A46EQ\startup.exe [2009-6-14 65536] c:\dokumente und einstellungen\BlueDolphin\Startmen\Programme\Autostart\ is-A46EQ.lnk - c:\unzip\Virus Removal Tool\is-A46EQ\startup.exe [2009-6-14 65536] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]lsdelete\[u]0[/u]sprecovr \SystemRoot\sprecovr.txt [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=c:\programme\Spybot - Search & Destroy\TeaTimer.exe "Spyware Doctor"="c:\programme\Spyware Doctor\swdoctor.exe" /Q "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" -autorun [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "OmniPage"=c:\programme\Caere\OmniPagePro90\opware32.exe "ehTray"=c:\windows\ehome\ehtray.exe "QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime "RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe "nwiz"=nwiz.exe /install "Creative WebCam Tray"=c:\programme\Creative\Shared Files\CAMTRAY.EXE "CTHelper"=CTHELPER.EXE "SoundMan"=SOUNDMAN.EXE "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "LogitechQuickCamRibbon"="c:\programme\Logitech\QuickCam\Quickcam.exe" /hide "LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" "VC9Player"=c:\programme\Virtual CD v9\System\VC9Play.exe "CanonMyPrinter"=c:\programme\Canon\MyPrinter\BJMyPrt.exe /logon "MsgCenterExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" -osboot "REGSHAVE"=c:\programme\REGSHAVE\REGSHAVE.EXE /AUTORUN "SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Programme\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"= "c:\\Programme\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"= "c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Web.de\\web_de_Update.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\SEGA\\Medieval II Total War\\medieval2.exe"= "c:\\Programme\\fotobuch.de AG\\Designer 2.0\\Designer.exe"= "c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Programme\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"= "c:\\Programme\\Ascaron Entertainment\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"= "c:\\Programme\\Ascaron Entertainment\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"= "c:\\Programme\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= R2 AdminSVC;Web.de Browser Update;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Web.de\adminsvc.exe [12.10.2006 11:54 180224] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [02.06.2009 14:25 108289] R2 NwSapAgent;SAP-Agent;c:\windows\system32\svchost.exe -k netsvcs [22.07.2008 12:51 14336] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [19.09.2005 01:47 666368] S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [06.02.2007 10:25 759050] UnknownUnknown vdrv9000;vdrv9000; [x] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhalt des "geplante Tasks" Ordners 2008-08-15 c:\windows\Tasks\1-Klick-Wartung.job - c:\programme\TuneUp Utilities 2007\SystemOptimizer.exe [2006-11-23 15:46] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.spox.com/de/sport/fussball/index.html uSearchMigratedDefaultURL = hxxp://go.web.de/suchbox/google?q={searchTerms} uInternet Connection Wizard,ShellNext = hxxp://de.yahoo.com/fsc/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\programme\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\programme\google\GoogleToolbar1.dll/cmcache.html IE: Easy-WebPrint Add To Print List - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html IE: Similar Pages - c:\programme\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\programme\google\GoogleToolbar1.dll/cmtrans.html TCP: {5B82396E-4A73-49DD-BE4B-4386AF267BE9} = 192.168.1.1 TCP: {DD70CC92-12CC-40CC-ACA8-D0B1B64E9C29} = 192.168.1.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-15 20:24 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vdrv9000] "ImagePath"="system32\DRIVERS\vdrv9000.sys" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-2943299818-2010143959-709210128-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:39,1d,c1,d1,30,77,9a,71,62,4c,f2,8c,94,84,4c,2b,32,6e,45,d2,b9,6a,c8, fd,51,d9,57,59,88,cb,83,97,67,ad,c4,8a,7d,f2,4d,95,ed,94,10,60,dc,7c,cb,36,\ "??"=hex:90,12,cd,06,91,fa,8e,98,9a,e3,0e,ab,e9,9b,30,a4 [HKEY_USERS\S-1-5-21-2943299818-2010143959-709210128-1005\Software\SecuROM\License information*] "datasecu"=hex:72,ec,c6,83,1b,d8,38,ac,a5,c6,69,86,c7,9c,c3,f1,d0,7f,be,29,6a, 3d,8b,80,73,a8,0b,41,9f,c7,e1,f2,c7,c5,93,5b,8e,41,ba,e3,70,4e,b3,43,69,ac,\ "rkeysecu"=hex:97,76,4e,19,b0,35,3b,17,aa,aa,ed,08,fb,8a,1a,61 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'explorer.exe'(7756) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\programme\ScanSoft\OmniPageSE4.0\OpHookSE4.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\Lavasoft\Ad-Aware\aawservice.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\windows\ehome\ehSched.exe c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\dllhost.exe c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\wscntfy.exe c:\windows\system32\CF19889.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-06-15 20:27 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-06-15 18:27 Vor Suchlauf: 27 Verzeichnis(se), 164.487.667.712 Bytes frei Nach Suchlauf: 27 Verzeichnis(se), 164.412.055.552 Bytes frei WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 358