png777fh.dll' enthielt TR/Spy.585728.35[trojan]

Julius35 · 09.08.2010, 20:31

Der Combofix-Log:

Code:

ATTFilter

ComboFix 10-08-08.03 - yyyyyy 09.08.2010  20:53:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1150 [GMT 2:00]
ausgeführt von:: c:\users\........\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\........\AcroPro90_efg.exe.part
c:\users\yyyyyy\AppData\Roaming\AD ON Multimedia
c:\users\yyyyyy\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\config.ini
F:\install.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-09 bis 2010-08-09  ))))))))))))))))))))))))))))))
.

2010-08-09 19:09 . 2010-08-09 19:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-09 19:09 . 2010-08-09 19:11	--------	d-----w-	c:\users\yyyyyy\AppData\Local\temp
2010-08-09 14:31 . 2010-08-09 14:31	--------	d-----w-	c:\users\yyyyyy\AppData\Roaming\Malwarebytes
2010-08-07 11:04 . 2010-08-07 11:04	--------	d-----w-	c:\programdata\F-Secure
2010-08-06 16:03 . 2010-08-06 16:03	--------	d-----w-	c:\users\yyyyyy\AppData\Roaming\Avira
2010-08-06 15:46 . 2010-08-06 15:46	--------	d-----w-	c:\program files\Trend Micro
2010-08-06 15:44 . 2010-08-06 15:44	--------	d-----w-	c:\users\........\AppData\Roaming\Malwarebytes
2010-08-06 14:13 . 2010-08-06 14:13	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2010-08-06 11:50 . 2010-08-06 11:50	--------	d-----w-	c:\users\........\Neuer Ordner
2010-08-02 07:02 . 2010-07-23 15:22	43008	----a-w-	c:\users\........\AppData\Roaming\Mozilla\Firefox\Profiles\xoobc2n6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-02 07:02 . 2010-07-23 15:22	1496064	----a-w-	c:\users\........\AppData\Roaming\Mozilla\Firefox\Profiles\xoobc2n6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-02 07:02 . 2010-07-23 15:22	338944	----a-w-	c:\users\........\AppData\Roaming\Mozilla\Firefox\Profiles\xoobc2n6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-02 07:02 . 2010-07-23 15:22	346112	----a-w-	c:\users\........\AppData\Roaming\Mozilla\Firefox\Profiles\xoobc2n6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 19:09 . 2010-02-16 16:26	--------	d-----w-	c:\program files\Common Files\Akamai
2010-08-09 16:29 . 2010-04-26 06:35	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-09 12:09 . 2010-03-14 07:19	52917	----a-w-	c:\programdata\nvModes.dat
2010-08-09 11:51 . 2007-09-28 12:04	--------	d-----w-	c:\program files\Java
2010-08-09 07:12 . 2010-05-07 09:14	--------	d-----w-	c:\program files\CCleaner
2010-08-07 11:19 . 2006-11-02 15:33	633360	----a-w-	c:\windows\system32\perfh007.dat
2010-08-07 11:19 . 2006-11-02 15:33	127170	----a-w-	c:\windows\system32\perfc007.dat
2010-08-06 16:02 . 2007-09-14 17:25	159296	----a-w-	c:\users\yyyyyy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-06 15:54 . 2010-06-24 10:26	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-08-06 14:20 . 2007-09-16 08:56	159296	----a-w-	c:\users\........\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-06 13:53 . 2007-05-30 12:13	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-03 16:20 . 2007-12-27 08:57	--------	d-----w-	c:\users\........\AppData\Roaming\LPC
2010-08-02 10:38 . 2008-12-22 11:53	1	----a-w-	c:\users\........\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-02 07:16 . 2008-12-22 11:45	--------	d-----w-	c:\program files\OpenOffice.org 3
2010-07-17 03:00 . 2010-05-21 06:35	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-01 14:48 . 2007-12-21 14:00	--------	d-----w-	c:\program files\Opera
2010-06-24 10:53 . 2010-01-21 08:20	--------	d-----w-	c:\program files\PDFCreator
2010-06-24 10:26 . 2010-06-24 10:26	--------	d-----w-	c:\program files\Application Updater
2010-06-16 09:12 . 2010-06-16 09:10	--------	d-----w-	c:\program files\ElsterFormular
2010-06-16 09:11 . 2010-06-16 09:11	--------	d-----w-	c:\programdata\elsterformular
2010-06-15 18:25 . 2010-06-15 18:25	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-11 16:04 . 2010-06-11 16:04	49152	----a-r-	c:\users\yyyyyy\AppData\Roaming\Microsoft\Installer\{8AEBFD30-B94F-4A49-8106-03039708BDD4}\ARPPRODUCTICON.exe
2010-06-11 16:03 . 2010-06-11 16:03	--------	d-----w-	c:\users\yyyyyy\AppData\Roaming\Duden
2010-06-11 14:44 . 2010-06-11 14:44	--------	d-----w-	c:\users\........\AppData\Roaming\Duden
2010-06-11 14:43 . 2010-06-11 14:43	--------	d-----w-	c:\program files\Duden
2010-06-11 14:42 . 2010-06-11 14:42	--------	d-----w-	c:\programdata\BIFAB
2010-06-11 14:42 . 2010-06-11 14:40	--------	d-----w-	c:\program files\Office-Bibliothek
2010-06-07 13:56 . 2009-05-08 17:07	1	----a-w-	c:\users\yyyyyy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-03 02:41 . 2010-06-03 02:41	3600384	----a-w-	c:\windows\system32\GPhotos.scr
2010-05-30 16:37 . 2009-10-05 09:45	1432240	----a-w-	c:\programdata\hps\3018\setup_Mueller_Fotowelt.exe
2010-05-26 17:06 . 2010-06-09 16:26	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 16:26	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-23 15:50 . 2010-06-02 13:53	73216	----a-w-	c:\users\........\AppData\Roaming\Mozilla\Firefox\Profiles\xoobc2n6.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-21 12:14 . 2009-10-03 08:33	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-21 09:22 . 2010-05-21 09:22	7168	----a-w-	c:\programdata\Lexware\Taxman spezial\2010\versionSteuerHtml.dll
2010-05-21 09:22 . 2010-05-21 09:22	7168	----a-w-	c:\programdata\Lexware\Taxman spezial\2010\versionTaxAppData.dll
2010-05-21 09:22 . 2010-05-21 09:22	7168	----a-w-	c:\programdata\Lexware\Taxman spezial\2010\Daten\versionTaxDB.dll
2010-05-21 08:37 . 2010-05-21 08:37	716800	----a-w-	c:\windows\system32\lxter20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	69632	----a-w-	c:\windows\system32\PXTTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	557056	----a-w-	c:\windows\system32\zvkonline80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	4661248	----a-w-	c:\windows\system32\LxXtreme70VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	27648	----a-w-	c:\windows\system32\LXTPSW20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	1347584	----a-w-	c:\windows\system32\LXTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	110592	----a-w-	c:\windows\system32\LxUISettings20Native.dll
2010-05-21 08:37 . 2010-05-21 08:37	323584	----a-w-	c:\windows\system32\LxImport80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	299008	----a-w-	c:\windows\system32\LXBtr80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	225280	----a-w-	c:\windows\system32\LxBasics80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	192512	----a-w-	c:\windows\system32\LXDasi80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	135168	----a-w-	c:\windows\system32\LxMail30VC8.dll
2010-05-16 14:28 . 2008-08-06 11:09	20	---h--w-	c:\programdata\PKP_DLdw.DAT
2010-05-16 13:24 . 2010-05-16 13:24	49152	----a-r-	c:\users\yyyyyy\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2010-05-16 13:23 . 2010-05-16 13:23	335872	----a-r-	c:\users\yyyyyy\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2010-05-16 13:22 . 2008-08-06 11:11	57344	----a-r-	c:\users\yyyyyy\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-05-16 13:18 . 2010-05-16 13:18	20	---h--w-	c:\programdata\PKP_DLdu.DAT
2010-05-16 13:17 . 2003-03-18 19:05	106496	----a-w-	c:\windows\system32\ATL71.DLL
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01FotoBank]
@="{489d8d66-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d66-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40	1461848	----a-w-	c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02FotoBank]
@="{489d8d67-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d67-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40	1461848	----a-w-	c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03FotoBank]
@="{489d8d68-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d68-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40	1461848	----a-w-	c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04FotoBank]
@="{489d8d6A-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6A-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40	1461848	----a-w-	c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05FotoBank]
@="{489d8d6B-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6B-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40	1461848	----a-w-	c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\06FotoBank]
@="{489d8d6C-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6C-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40	1461848	----a-w-	c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\07FotoBank]
@="{489d8d6D-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6D-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40	1461848	----a-w-	c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\08FotoBank]
@="{489d8d6E-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6E-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40	1461848	----a-w-	c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-25 68856]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"HybridTM_A"="c:\program files\HybridTM_IR(A)\RC620_A.exe" [2006-05-30 118784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"freenetMail Dateimanager Taskleistensymbol"="c:\program files\freenetMail Dateimanager\DBDDsktDrvTrayApp.exe" [2005-08-16 142336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

c:\users\yyyyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-11 110592]

c:\users\........\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Gigabank.lnk - c:\program files\FAST Gigabank\Gigabank.exe [2008-6-4 1666648]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-11 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fc,c5,54,84,b9,ed,ca,01

R3 ECS_Loader_220;Digital TV Receiver Firmware Loader 5.10.31.0;c:\windows\system32\Drivers\ECS_Loader_220.sys [2005-10-31 15616]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2007-06-04 467456]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2007-06-04 15488]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - hide3tp9

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
bthsvcs	REG_MULTI_SZ   	BthServ
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners

2010-05-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-25 18:39]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:45]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:45]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732255811-3183488341-2812780789-1001Core.job
- c:\users\........\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 15:50]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732255811-3183488341-2812780789-1001UA.job
- c:\users\........\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 15:50]

2010-08-09 c:\windows\Tasks\User_Feed_Synchronization-{31D36847-25B7-4967-9ACD-59A7E1914681}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]

2010-08-09 c:\windows\Tasks\User_Feed_Synchronization-{C23C680E-AFD6-499B-8D62-7D4BDAABD7B3}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\yyyyyy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\yyyyyy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\yyyyyy\AppData\Roaming\Mozilla\Firefox\Profiles\puxr1l9h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-09 21:10
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2010-08-09  21:15:57
ComboFix-quarantined-files.txt  2010-08-09 19:15

Vor Suchlauf: 20 Verzeichnis(se), 75.210.657.792 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 83.167.748.096 Bytes frei

- - End Of File - - 68D16AB2808DE8667789350AE3F064F6

png777fh.dll' enthielt TR/Spy.585728.35[trojan]

Plagegeister aller Art und deren Bekämpfung: png777fh.dll' enthielt TR/Spy.585728.35[trojan]

png777fh.dll' enthielt TR/Spy.585728.35[trojan]

Ähnliche Themen: png777fh.dll' enthielt TR/Spy.585728.35[trojan]