Das OTL-Log ist rel. unauffällig - mach bitte mal nen Durchgang mit CF:


ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

hier das logfile

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-07-15.01 - xxx 15.07.2010  21:31:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3000.1748 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Install.cmd
c:\windows\Ydesoa.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-15 bis 2010-07-15  ))))))))))))))))))))))))))))))
.

2010-07-15 19:40 . 2010-07-15 19:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-07-15 18:31 . 2010-07-15 18:31	--------	d-----w-	c:\program files\CCleaner
2010-07-15 15:45 . 2010-07-15 15:45	--------	d-----w-	c:\users\xxx\AppData\Roaming\Malwarebytes
2010-07-15 15:43 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-15 15:43 . 2010-07-15 15:43	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-15 15:43 . 2010-07-15 15:43	--------	d-----w-	c:\programdata\Malwarebytes
2010-07-15 15:43 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-14 20:33 . 2010-07-14 20:33	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-07-14 20:28 . 2010-07-14 21:51	--------	d-----w-	c:\programdata\Lavasoft
2010-07-14 20:28 . 2010-07-14 21:51	--------	d-----w-	c:\program files\Lavasoft
2010-07-14 13:09 . 2010-07-14 13:09	--------	dc-h--w-	c:\programdata\{CBBF61D9-36A1-4A2B-A39A-BFFA9ADBB5D5}
2010-07-14 13:09 . 2009-02-11 11:23	2946584	-c--a-w-	c:\programdata\{CBBF61D9-36A1-4A2B-A39A-BFFA9ADBB5D5}\Traktor Setup.exe
2010-07-14 13:09 . 2010-07-14 13:09	--------	d-----w-	c:\programdata\Native Instruments
2010-07-14 13:09 . 2009-01-15 11:39	2932576	-c--a-w-	c:\programdata\{902029B2-957E-4066-85FA-30DA31731718}\Service Center Setup.exe
2010-07-14 13:09 . 2010-07-14 13:09	--------	dc-h--w-	c:\programdata\{902029B2-957E-4066-85FA-30DA31731718}
2010-07-14 13:08 . 2010-07-14 13:09	--------	d-----w-	c:\program files\Native Instruments
2010-07-14 13:08 . 2010-07-14 13:08	--------	d-----w-	c:\program files\Common Files\Native Instruments
2010-07-09 17:47 . 2010-07-09 17:47	--------	d-----w-	c:\users\xxx\AppData\Local\Apple Computer
2010-07-09 17:47 . 2010-07-14 15:43	--------	d-----w-	c:\users\xxx\AppData\Roaming\Apple Computer
2010-07-09 17:47 . 2010-07-14 21:51	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-07-09 17:47 . 2009-05-18 11:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-09 17:47 . 2008-04-17 10:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2010-07-09 17:46 . 2010-07-09 17:46	--------	d-----w-	c:\program files\iPod
2010-07-09 17:46 . 2010-07-09 17:47	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-09 17:46 . 2010-07-09 17:47	--------	d-----w-	c:\program files\iTunes
2010-07-09 17:45 . 2010-07-09 17:46	--------	d-----w-	c:\programdata\Apple Computer
2010-07-09 17:45 . 2010-07-09 17:45	--------	d-----w-	c:\program files\QuickTime
2010-07-09 17:44 . 2010-07-09 17:44	--------	d-----w-	c:\users\xxx\AppData\Local\Apple
2010-07-09 17:44 . 2010-07-09 17:44	--------	d-----w-	c:\program files\Apple Software Update
2010-07-09 17:42 . 2010-07-09 17:42	--------	d-----w-	c:\program files\Bonjour
2010-07-09 17:42 . 2010-07-09 17:46	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-09 17:42 . 2010-07-09 17:42	--------	d-----w-	c:\programdata\Apple
2010-07-01 08:12 . 2010-07-08 08:41	--------	d-----w-	c:\users\xxx\AppData\Roaming\HpUpdate
2010-07-01 08:12 . 2010-07-01 08:12	--------	d-----w-	c:\windows\Hewlett-Packard
2010-06-24 01:00 . 2009-11-08 08:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-06-24 01:00 . 2009-11-08 08:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-06-24 01:00 . 2009-11-08 08:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-06-24 01:00 . 2009-11-08 08:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-06-24 01:00 . 2009-11-08 08:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-06-23 10:08 . 2010-04-16 16:43	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-06-23 10:08 . 2010-04-16 14:39	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 23:02 . 2009-07-07 19:36	--------	d-----w-	c:\users\xxx\AppData\Roaming\ICQ
2010-07-14 23:02 . 2009-07-18 19:14	--------	d-----w-	c:\users\xxx\AppData\Roaming\Skype
2010-07-14 22:00 . 2009-07-18 19:20	--------	d-----w-	c:\users\xxx\AppData\Roaming\skypePM
2010-07-14 20:16 . 2008-01-21 07:15	628742	----a-w-	c:\windows\system32\perfh007.dat
2010-07-14 20:16 . 2008-01-21 07:15	126454	----a-w-	c:\windows\system32\perfc007.dat
2010-07-14 18:18 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-14 10:56 . 2010-04-27 22:44	--------	d-----w-	c:\users\xxx\AppData\Roaming\DivX
2010-07-04 15:00 . 2010-01-26 19:44	--------	d-----w-	c:\users\xxx\AppData\Roaming\HP
2010-07-04 14:59 . 2010-01-26 19:25	219077	----a-w-	c:\windows\hpoins46.dat
2010-07-01 08:14 . 2010-01-26 19:27	--------	d-----w-	c:\program files\HP
2010-06-27 11:20 . 2009-01-08 16:41	--------	d-----w-	c:\program files\Google
2010-06-26 09:52 . 2009-07-11 20:55	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-16 17:55 . 2009-09-20 16:31	--------	d-----w-	c:\program files\ICQ6.5
2010-06-15 18:01 . 2010-06-15 18:01	72504	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-05 11:39 . 2010-06-05 11:39	501872	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbDE37.tmp.exe
2010-06-04 05:18 . 2010-05-11 21:26	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-04 05:18 . 2010-05-11 21:16	--------	d-----w-	c:\programdata\DivX
2010-06-04 05:16 . 2010-05-11 21:21	895256	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-04 05:16 . 2010-05-11 21:21	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-05-28 20:12 . 2009-07-16 15:50	--------	d-----w-	c:\program files\EPSON
2010-05-27 04:09 . 2009-01-08 16:43	--------	d-----w-	c:\program files\Common Files\Adobe
2010-05-26 17:06 . 2010-06-11 19:45	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 19:45	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 20:16	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-20 23:41 . 2010-05-20 23:41	144053	----a-w-	c:\users\xxx\AppData\Roaming\Move Networks\uninstall.exe
2010-05-20 23:41 . 2010-05-20 23:41	--------	d-----w-	c:\users\xxx\AppData\Roaming\Move Networks
2010-05-20 23:41 . 2010-02-11 19:31	5640640	----a-w-	c:\users\xxx\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2010-05-19 18:58 . 2010-05-19 18:58	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-19 18:58 . 2010-05-19 18:58	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-19 18:58 . 2010-05-19 18:58	49152	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-19 18:58 . 2010-05-19 18:58	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-19 18:58 . 2010-05-19 18:58	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-19 18:58 . 2010-05-19 18:58	40960	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-19 18:58 . 2010-05-19 18:58	341600	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-19 18:58 . 2010-05-19 18:58	308808	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-19 18:58 . 2010-05-19 18:58	14848	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-19 18:58 . 2010-05-19 18:57	--------	d-----w-	c:\program files\Common Files\Real
2010-05-19 18:58 . 2010-05-19 18:57	--------	d-----w-	c:\program files\Real
2010-05-19 18:58 . 2010-05-19 18:58	--------	d-----w-	c:\program files\Common Files\xing shared
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35	197920	----a-w-	c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-05-11 21:20 . 2010-05-11 21:20	84040	----a-w-	c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-05-11 21:20 . 2010-05-11 21:20	57409	----a-w-	c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-11 21:20 . 2010-05-11 21:20	52963	----a-w-	c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-11 21:20 . 2010-05-11 21:20	54073	----a-w-	c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-10 21:00 . 2010-05-10 21:00	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbDABA.tmp.exe
2010-05-04 19:15 . 2010-06-11 19:45	834048	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-11 19:45	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-11 19:45	2037248	----a-w-	c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 18:20	2048	----a-w-	c:\windows\system32\tzres.dll
2009-11-28 16:44 . 2009-07-08 05:41	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-04 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-28 30192]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"Skytel"="Skytel.exe" [2008-08-04 1833504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-19 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-8-3 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):b9,30,34,28,65,52,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca0003ad71aad0;Google Update Service (gupdate1ca0003ad71aad0);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-28 30192]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-07-29 418816]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 19:38]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 19:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://potsdam-lounge.foren-city.de/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0209&m=easynote_mh36
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\vkfsob7o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://potsdam-lounge.foren-city.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\xxx\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-15 21:40
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2010-07-15  21:43:01
ComboFix-quarantined-files.txt  2010-07-15 19:42

Vor Suchlauf: 7 Verzeichnis(se), 219.608.571.904 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 219.523.203.072 Bytes frei

- - End Of File - - F37D90EBAF48224BF5F78AD2941EC4EE