ComboFix 10-12-04.06 - Fabian 12/06/2010 23:24:24.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.967 [GMT 0:00] ausgeführt von:: c:\users\Fabian\Downloads\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Fabian\AppData\Local\{55EAEF55-0505-41F1-86EE-713F5EF717B0} c:\users\Fabian\AppData\Local\{55EAEF55-0505-41F1-86EE-713F5EF717B0}\chrome.manifest c:\users\Fabian\AppData\Local\{55EAEF55-0505-41F1-86EE-713F5EF717B0}\chrome\content\_cfg.js c:\users\Fabian\AppData\Local\{55EAEF55-0505-41F1-86EE-713F5EF717B0}\chrome\content\overlay.xul c:\users\Fabian\AppData\Local\{55EAEF55-0505-41F1-86EE-713F5EF717B0}\install.rdf c:\users\Fabian\AppData\Local\msDMa0.dll c:\users\Fabian\AppData\Local\TempDIR c:\users\Fabian\AppData\Roaming\2EF7296B22D8A8FB306FFA83F0336EFD c:\users\Fabian\AppData\Roaming\2EF7296B22D8A8FB306FFA83F0336EFD\binnfixdata700.exe c:\users\Fabian\AppData\Roaming\2EF7296B22D8A8FB306FFA83F0336EFD\enemies-names.txt c:\users\Fabian\AppData\Roaming\2EF7296B22D8A8FB306FFA83F0336EFD\local.ini c:\users\Fabian\AppData\Roaming\2EF7296B22D8A8FB306FFA83F0336EFD\lsrslt.ini c:\users\Fabian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp c:\users\Fabian\AppData\Roaming\MSA c:\users\Fabian\Desktop\Antimalware Doctor.lnk c:\users\Public\Documents\Server\admin.txt c:\windows\SEC c:\windows\SEC\172100logo.bmp c:\windows\SEC\banner.png c:\windows\SEC\Computer.png c:\windows\SEC\Media _S_ Logo.png c:\windows\SEC\Samsung.png c:\windows\SEC\Samsung2.png c:\windows\SEC\SamsungLogo.png c:\windows\SEC\Wallpapers\wallpaper.jpg c:\windows\SEC\Wallpapers\wallpaper1.jpg c:\windows\SEC\Wallpapers\Wallpaper2.jpg . ((((((((((((((((((((((( Dateien erstellt von 2010-11-06 bis 2010-12-06 )))))))))))))))))))))))))))))) . 2010-12-06 23:32 . 2010-12-06 23:32 -------- d-----w- c:\users\Fabian\AppData\Local\temp 2010-12-06 23:18 . 2010-12-06 23:18 -------- d-----w- c:\users\Fabian\AppData\Roaming\SpeedProject 2010-12-06 23:18 . 2010-12-06 23:18 -------- d-----w- c:\program files\Common Files\SpeedProject 2010-12-06 23:18 . 2010-12-06 23:18 -------- d-----w- c:\program files\SpeedProject 2010-12-06 22:41 . 2010-12-06 22:41 0 ----a-w- c:\users\Fabian\AppData\Local\Brawozavuyubo.bin 2010-12-06 22:40 . 2010-12-06 22:40 54784 --sha-r- c:\users\Fabian\AppData\Roaming\es-ARV.dll 2010-12-03 08:49 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77752455-2A70-4D55-A9BE-659B070EE656}\mpengine.dll 2010-11-24 17:43 . 2010-11-24 17:43 -------- d-----w- c:\program files\iPod 2010-11-24 17:43 . 2010-11-24 17:44 -------- d-----w- c:\program files\iTunes 2010-11-24 09:11 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2010-11-21 07:42 . 2010-11-21 07:42 -------- d-----w- c:\program files\Common Files\logishrd 2010-11-17 11:51 . 2010-11-17 11:51 -------- d-----w- c:\program files\Windows Portable Devices 2010-11-17 11:29 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2010-11-17 11:28 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-11-17 11:28 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-11-17 11:28 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-11-16 14:15 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe 2010-11-16 14:15 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2010-11-16 12:58 . 2010-11-16 12:58 -------- d-----w- c:\program files\Microsoft Analysis Services . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-19 10:41 . 2010-03-15 13:55 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-13 13:56 . 2010-10-14 22:22 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-08 06:01 . 2010-10-14 22:21 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-08 05:57 . 2010-10-14 22:21 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-08 05:57 . 2010-10-14 22:21 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-08 05:56 . 2010-10-14 22:21 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-09-08 05:56 . 2010-10-14 22:21 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-09-08 05:04 . 2010-10-14 22:21 385024 ----a-w- c:\windows\system32\html.iec 2010-09-08 04:26 . 2010-10-14 22:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-09-08 04:25 . 2010-10-14 22:21 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2007-01-09 17:43 . 2007-07-16 18:50 528040 ----a-w- c:\program files\MSetup.exe 2008-01-07 15:29 . 2008-01-07 15:29 117760 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "kvtjepmq"="c:\users\Fabian\AppData\Roaming\es-ARV.dll" [2010-12-06 54784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 4399104] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-07 839680] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-10 8429568] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160] c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-10-15 142336] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader - Schnellstart.lnk backup=c:\windows\pss\Adobe Reader - Schnellstart.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Fabian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk] path=c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2008-01-07 15:29 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-11-17 20:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-12-05 13:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-04-10 08:31 81920 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2007-04-10 08:31 86016 ----a-w- c:\windows\System32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-11-23 06:10 56928 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-09-02 14:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2008-01-28 10:43 2097488 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2007-10-31 09:19 378784 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViivMonitor] 2007-03-10 12:41 69632 ----a-w- c:\program files\Intel\Intel Media Share Software\Viivmonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 R3 GoogleDesktopManager-121807-210419;Google Desktop Manager 5.7.712.18632;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-07 29744] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128] R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712] R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2009-08-30 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101201.001\IDSvix86.sys [2010-12-01 353912] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504] S2 IMSSync;Intel® Media Share Synch Service;c:\program files\Intel\Intel Media Share Software\IMSSync.exe [2007-03-10 368640] S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392] S2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [2008-03-17 84657] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners 2010-12-06 c:\windows\Tasks\User_Feed_Synchronization-{67D2DE6E-8D6F-4D41-9130-EB70883EB282}.job - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\qs6ipydh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.boerse-frankfurt.de/DE/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll FF - component: c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\qs6ipydh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\qs6ipydh.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\qs6ipydh.default\extensions\moveplayer@movenetworks.com FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\qs6ipydh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\qs6ipydh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Extension: vShare: vshare@toolbar - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\qs6ipydh.default\extensions\vshare@toolbar FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Extension: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn FF - Extension: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-Fhide - c:\users\Fabian\AppData\Local\msDMa0.dll HKCU-Run-binnfixdata700.exe - c:\users\Fabian\AppData\Roaming\2EF7296B22D8A8FB306FFA83F0336EFD\binnfixdata700.exe MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe MSConfigStartUp-Play AVStation TV Scheduler - c:\program files\Samsung\Play AVStation\TvScheduler.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-06 23:32 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... c:\users\Fabian\AppData\Local\Temp\catchme.dll 53248 bytes executable Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Zeit der Fertigstellung: 2010-12-06 23:35:45 ComboFix-quarantined-files.txt 2010-12-06 23:35 Vor Suchlauf: 15 Verzeichnis(se), 39,811,735,552 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 40,664,412,160 Bytes frei - - End Of File - - F3C944F79630E1BFA4399A7117848315