ComboFix 10-04-07.04 - SAM 08.04.2010 13:59:33.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1960 [GMT 2:00] ausgeführt von:: c:\users\SAM\Desktop\Combo-fix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1387653278-372415685-1828523778-500 c:\$recycle.bin\S-1-5-21-1881260713-4089407654-2850825354-500 c:\windows\system32\AVSredirect.dll . ((((((((((((((((((((((( Dateien erstellt von 2010-03-08 bis 2010-04-08 )))))))))))))))))))))))))))))) . 2010-04-08 12:04 . 2010-04-08 12:04 -------- d-----w- c:\users\SAM\AppData\Local\temp 2010-04-08 12:04 . 2010-04-08 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-08 10:46 . 2010-04-08 10:46 -------- d-----w- c:\program files\Trend Micro 2010-04-08 10:08 . 2010-04-08 10:08 -------- d-----w- c:\users\SAM\AppData\Roaming\Malwarebytes 2010-04-08 10:08 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-08 10:08 . 2010-04-08 10:08 -------- d-----w- c:\programdata\Malwarebytes 2010-04-08 10:08 . 2010-04-08 10:08 -------- d-----w- c:\program files\Anti-Malware 2010-04-08 10:08 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-06 16:02 . 2010-04-06 16:02 -------- d-----w- c:\program files\Pure Motion 2010-04-06 16:02 . 2010-04-06 16:02 -------- d-----w- c:\program files\Sonic Foundry 2010-04-06 16:01 . 2010-04-06 16:01 -------- d-----w- c:\program files\DebugMode 2010-03-20 18:01 . 2010-03-20 18:10 -------- d-----w- c:\users\SAM\dwhelper 2010-03-20 17:44 . 2010-03-20 17:45 -------- d-----w- C:\Downloads 2010-03-20 17:43 . 2010-03-20 17:48 -------- d-----w- c:\users\SAM\AppData\Roaming\Orbit 2010-03-19 12:36 . 2010-03-19 12:36 1066 ----a-w- c:\windows\system32\unins000.dat 2010-03-19 12:36 . 2010-03-19 12:36 695578 ----a-w- c:\windows\system32\unins000.exe 2010-03-19 12:36 . 2008-09-30 18:35 65536 ----a-w- c:\windows\system32\camcodec.dll 2010-03-19 12:18 . 2010-03-19 12:18 -------- d-----w- c:\program files\BildschirmCam2 2010-03-19 12:01 . 2010-03-19 12:01 -------- d-----w- c:\program files\BildschirmCam 2010-03-18 15:08 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll 2010-03-18 15:08 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll 2010-03-18 15:08 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2010-03-18 15:08 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll 2010-03-18 15:08 . 2010-03-18 15:08 -------- d-----w- c:\program files\AviSynth 2.5 2010-03-18 15:08 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll 2010-03-18 15:08 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2010-03-18 15:08 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2010-03-18 15:08 . 2010-03-18 15:08 -------- d-----w- c:\program files\eRightSoft 2010-03-18 14:52 . 2010-04-06 23:24 -------- d-----w- c:\users\SAM\AppData\Roaming\vlc 2010-03-18 14:03 . 1999-01-22 17:31 180276 ----a-w- c:\windows\system32\Mspdb50.dll 2010-03-18 14:02 . 2001-02-01 15:10 45056 ----a-w- c:\windows\system32\wnaspi32.dll 2010-03-17 18:24 . 2010-03-17 18:24 0 ----a-w- c:\windows\system32\cd.dat 2010-03-17 15:15 . 2010-03-17 18:26 -------- d-----w- C:\Hotspot Shield 2010-03-17 15:05 . 2010-03-17 15:07 -------- d-----w- c:\program files\UltraVPN 2010-03-15 09:49 . 2010-03-15 09:49 -------- d-----w- C:\WebsiteBackup 2010-03-14 21:35 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-14 21:35 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-03-14 21:35 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-11 08:10 . 2009-12-16 15:05 43008 ----a-w- c:\users\SAM\AppData\Roaming\Mozilla\Firefox\Profiles\5ra7sbct.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-03-11 08:10 . 2009-12-16 15:05 471040 ----a-w- c:\users\SAM\AppData\Roaming\Mozilla\Firefox\Profiles\5ra7sbct.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll 2010-03-11 08:10 . 2009-12-16 15:05 347136 ----a-w- c:\users\SAM\AppData\Roaming\Mozilla\Firefox\Profiles\5ra7sbct.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-03-11 08:10 . 2009-12-16 15:05 340992 ----a-w- c:\users\SAM\AppData\Roaming\Mozilla\Firefox\Profiles\5ra7sbct.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-03-11 08:10 . 2009-12-16 15:05 1452032 ----a-w- c:\users\SAM\AppData\Roaming\Mozilla\Firefox\Profiles\5ra7sbct.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-03-10 13:06 . 2010-03-10 13:06 -------- d-----w- c:\program files\Audacity2 2010-03-10 09:06 . 2010-03-10 09:06 -------- d-----w- c:\program files\Audacity 2010-03-09 21:06 . 2010-03-09 21:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-03-09 21:06 . 2010-03-09 21:06 -------- d-----w- c:\program files\Spybot . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-08 11:52 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat 2010-04-08 11:52 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat 2010-04-08 11:44 . 2009-06-10 21:52 12 ----a-w- c:\windows\bthservsdp.dat 2010-04-07 20:54 . 2009-06-22 14:17 -------- d-----w- c:\users\SAM\AppData\Roaming\gtk-2.0 2010-04-06 22:34 . 2009-06-16 14:20 -------- d-----w- c:\users\SAM\AppData\Roaming\ICQ 2010-04-03 12:36 . 2009-08-09 15:09 -------- d-----w- c:\users\SAM\AppData\Roaming\dvdcss 2010-03-30 14:33 . 2009-06-16 14:19 -------- d-----w- c:\program files\ICQ6.5 2010-03-18 14:51 . 2009-06-16 14:22 -------- d-----w- c:\program files\VLC-Player 2010-03-18 14:13 . 2009-06-10 21:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-16 22:40 . 2009-06-16 16:09 -------- d-----w- c:\users\SAM\AppData\Roaming\Skype 2010-03-16 15:20 . 2009-06-16 16:11 -------- d-----w- c:\users\SAM\AppData\Roaming\skypePM 2010-03-15 07:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-14 21:37 . 2009-06-10 22:17 -------- d-----w- c:\programdata\Microsoft Help 2010-03-12 22:29 . 2009-06-16 12:26 110280 ----a-w- c:\users\SAM\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-07 10:25 . 2010-03-07 10:25 -------- d-----w- c:\programdata\Bryxen Software 2010-03-07 10:25 . 2010-03-07 10:25 -------- d-----w- c:\program files\Internetverzeichnis 2010-03-04 12:20 . 2009-06-18 19:14 -------- d-----w- c:\program files\PDFconverter 2010-03-02 19:22 . 2009-11-18 10:21 -------- d-----w- c:\program files\MSECache 2010-03-01 10:10 . 2010-02-28 21:09 -------- d-----w- c:\users\SAM\AppData\Roaming\FileZilla 2010-02-28 23:51 . 2010-02-28 23:51 -------- d-----w- c:\programdata\MySQL 2010-02-28 23:51 . 2010-02-28 23:46 -------- d-----w- c:\program files\MYsql 2010-02-28 22:40 . 2010-02-28 22:33 -------- d-----w- c:\program files\PHP 2010-02-28 21:10 . 2010-02-28 21:06 -------- d-----w- c:\program files\FileZilla-3.3.2 2010-02-24 13:33 . 2010-02-28 22:42 4927565 ----a-w- c:\windows\system32\php5ts.dll 2010-02-24 09:16 . 2009-10-03 10:10 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 16:20 . 2009-06-16 14:07 -------- d-----w- c:\users\SAM\AppData\Roaming\Apple Computer 2010-02-23 08:18 . 2010-02-23 08:18 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-02-23 08:18 . 2010-02-23 08:18 -------- d-----w- c:\program files\iTunes 2010-02-23 08:18 . 2010-02-23 08:18 -------- d-----w- c:\program files\iPod 2010-02-23 08:18 . 2009-06-16 14:04 -------- d-----w- c:\program files\Common Files\Apple 2010-02-23 08:16 . 2010-02-23 08:16 -------- d-----w- c:\program files\QuickTime 2010-02-23 08:07 . 2010-02-23 08:07 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-22 22:58 . 2009-06-16 16:08 -------- d-----r- c:\program files\Skype 2010-02-22 17:40 . 2010-02-22 17:40 -------- d-----w- c:\program files\Common Files\Skype 2010-02-22 17:40 . 2009-06-16 16:08 -------- d-----w- c:\programdata\Skype 2010-02-22 16:35 . 2009-08-20 09:42 6944 ----a-w- c:\users\SAM\AppData\Local\d3d9caps.dat 2010-02-18 21:09 . 2010-02-18 21:09 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-02-16 21:25 . 2010-02-16 21:22 -------- d-----w- c:\program files\YouTube-2 2010-02-16 21:22 . 2009-08-12 17:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-02-16 21:22 . 2010-02-16 21:22 -------- d-----w- c:\program files\DVDVideoSoft 2010-02-16 21:20 . 2010-02-16 21:19 -------- d-----w- c:\program files\Party Poker 2010-02-15 12:32 . 2010-02-15 12:32 -------- d-----w- c:\program files\Apple ACC Mp3 2010-02-14 09:01 . 2010-01-23 12:54 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-02-14 09:01 . 2010-01-23 12:54 183112 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-02-13 13:12 . 2009-06-19 14:34 -------- d-----w- c:\program files\DivX 2010-02-13 13:10 . 2009-06-10 21:53 -------- d-----w- c:\program files\Dell 2010-02-13 13:10 . 2009-06-10 22:09 -------- d-----w- c:\programdata\CyberLink 2010-02-13 13:01 . 2009-06-10 21:58 -------- d-----w- c:\program files\Dell Webcam 2010-02-13 12:40 . 2009-08-29 12:36 -------- d-----w- c:\program files\BundesligaLive2 2010-02-13 11:31 . 2009-08-12 17:27 -------- d-----w- c:\program files\YouTube 2010-02-12 14:31 . 2009-06-16 20:37 -------- d-----w- c:\program files\Steam 2010-02-12 14:31 . 2009-06-16 20:47 -------- d-----w- c:\program files\Common Files\Steam 2010-02-09 14:35 . 2010-02-09 14:35 -------- d-----w- c:\program files\AGEIA Technologies 2010-02-09 12:18 . 2009-06-10 21:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-08 19:43 . 2010-02-01 19:43 -------- d-----w- c:\program files\Rockstar Games 2010-02-08 17:08 . 2010-02-08 17:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-02-08 16:39 . 2010-02-08 16:29 -------- d-----w- c:\users\SAM\AppData\Roaming\DAEMON Tools Lite 2010-02-08 16:30 . 2010-02-08 16:30 -------- d-----w- c:\program files\Daemon Tools 2010-02-08 16:30 . 2010-02-08 16:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-08 16:29 . 2010-02-08 16:29 -------- d-----w- c:\programdata\DAEMON Tools Lite 2010-02-01 18:25 . 2010-02-01 19:35 344064 ----a-w- c:\users\SAM\AppData\Roaming\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\_setup.dll 2010-01-25 12:00 . 2010-02-27 16:04 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-27 16:04 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-27 16:04 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-27 16:04 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-27 16:04 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-27 16:04 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-27 16:04 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-27 16:04 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21 . 2010-02-27 16:04 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 12:54 . 2010-01-23 12:54 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-01-23 09:26 . 2010-02-27 16:05 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-16 15:30 . 2010-01-16 15:30 1174 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2006-05-03 10:06 . 2010-03-18 15:08 163328 --sh--r- c:\windows\System32\flvDX.dll 2007-02-21 11:47 . 2010-03-18 15:08 31232 --sh--r- c:\windows\System32\msfDX.dll 2008-03-16 13:30 . 2010-03-18 15:08 216064 --sh--r- c:\windows\System32\nbDX.dll 2009-06-11 07:15 . 2009-06-11 07:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Google Update"="c:\users\SAM\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-28 135664] "SpybotSD TeaTimer"="c:\program files\Spybot\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 200704] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Monitor Apache Servers.lnk - c:\apache\bin\ApacheMonitor.exe [2009-9-28 41051] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1616976] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-06-10 22:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^SAM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm (3).lnk] path=c:\users\SAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm (3).lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm (3).lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^SAM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm (4).lnk] path=c:\users\SAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm (4).lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm (4).lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^SAM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\SAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2008-06-03 13:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter] 2009-01-29 22:50 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-02-15 17:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-01-23 13:30 1217808 ----a-w- c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):05,3b,45,04,48,7b,ca,01 R2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [2009-09-28 24645] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-06-16 29736] R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904] R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648] R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-08 691696] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-30 81920] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2008-11-28 35840] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-08-25 54784] S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-08-25 203264] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-12-22 3662848] S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-01-19 133472] S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-01-19 279488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners 2010-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1387653278-372415685-1828523778-1000Core.job - c:\users\SAM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 20:08] 2010-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1387653278-372415685-1828523778-1000UA.job - c:\users\SAM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 20:08] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local; uInternet Settings,ProxyServer = 216.218.211.57:80 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm IE: Save YouTube Video as MP3 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\SAM\AppData\Roaming\Mozilla\Firefox\Profiles\5ra7sbct.default\ FF - prefs.js: browser.startup.homepage - www.google.de FF - component: c:\users\SAM\AppData\Roaming\Mozilla\Firefox\Profiles\5ra7sbct.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll FF - component: c:\users\SAM\AppData\Roaming\Mozilla\Firefox\Profiles\5ra7sbct.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\SAM\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-Dell DataSafe Online - c:\program files\Dell DataSafe Online\DataSafeOnline.exe MSConfigStartUp-PDFPrint - c:\program files\PDFconverter\PDFBackend.exe MSConfigStartUp-RGSC - f:\stef\Spiele\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe AddRemove-PartyPoker - c:\programs\PartyPoker\PartyPoker\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-08 14:04 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... c:\windows\TEMP\TMP000000724A3C2BDB0859F1EA 524288 bytes executable Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}] "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1387653278-372415685-1828523778-1000\Software\SecuROM\License information*] "datasecu"=hex:fd,37,bf,75,3e,cd,e6,9c,54,9e,5e,32,54,22,b4,2d,3b,da,fc,c0,33, 7c,8a,db,5e,62,af,1d,b1,40,ca,dd,65,56,05,22,23,af,8d,ee,27,4e,24,bb,c7,0b,\ "rkeysecu"=hex:69,65,08,46,4b,71,11,e7,73,11,23,1e,c9,63,74,99 . Zeit der Fertigstellung: 2010-04-08 14:06:01 ComboFix-quarantined-files.txt 2010-04-08 12:05 Vor Suchlauf: 12 Verzeichnis(se), 190.690.304.000 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 191.754.711.040 Bytes frei - - End Of File - - 49285C325856F17722558B2718FBF0F4