Systembefall BDS/Papras.56320, TR/Agent.135168.BL, JAVA/OpenConnect.AI

ComboFix 11-02-06.02 - frank 07.02.2011  14:23:41.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1559 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\frank\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\frank\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {B02B524A-0C22-45DD-A6D1-70C7010CE58E}

FILE ::
"c:\jdsfjsdijf.exe\jdsfjsdijf.exe"
.

(((((((((((((((((((((((   Dateien erstellt von 2011-01-07 bis 2011-02-07  ))))))))))))))))))))))))))))))
.

2011-02-07 11:59 . 2011-02-07 11:59	--------	d-----w-	c:\dokumente und einstellungen\frank\Anwendungsdaten\Avira
2011-02-07 11:57 . 2011-02-07 11:51	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-07 11:57 . 2011-02-07 11:51	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2011-02-07 11:57 . 2011-02-07 11:51	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-02-07 11:57 . 2011-02-07 11:51	79432	----a-w-	c:\windows\system32\drivers\avfwim.sys
2011-02-07 11:57 . 2011-02-07 11:51	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2011-02-07 11:57 . 2011-02-07 11:51	102856	----a-w-	c:\windows\system32\drivers\avfwot.sys
2011-02-07 11:57 . 2011-02-07 11:57	--------	d-----w-	c:\programme\Avira
2011-02-07 10:47 . 2011-02-07 10:47	--------	d-----w-	c:\programme\CCleaner
2011-02-07 07:50 . 2011-02-07 07:50	--------	d-----w-	C:\_OTL
2011-02-04 17:05 . 2011-02-04 17:05	--------	d-----w-	c:\dokumente und einstellungen\frank\Anwendungsdaten\Malwarebytes
2011-02-04 17:05 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-04 17:05 . 2011-02-04 17:05	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-02-04 17:04 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-02-04 16:39 . 2011-02-04 16:39	--------	d-----w-	c:\dokumente und einstellungen\frank\Anwendungsdaten\Photo! Web Album
2011-02-03 12:23 . 2011-02-03 11:11	602624	----a-w-	C:\OTL.exe
2011-02-03 10:23 . 2011-02-03 10:23	--------	d-----w-	c:\dokumente und einstellungen\Frank USER
2011-02-03 10:00 . 2011-02-03 10:00	--------	d--h--w-	c:\windows\system32\GroupPolicy
2011-01-27 09:35 . 2011-01-27 09:35	51200	---ha-w-	c:\windows\system32\asr_si64.dll
2011-01-26 10:09 . 2011-01-26 10:09	--------	d-----w-	c:\programme\DVDVideoSoft

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 20:24 . 2009-08-07 18:28	43520	----a-w-	c:\windows\system32\CmdLineExt03.dll
2010-11-18 18:12 . 2005-10-17 20:23	86016	----a-w-	c:\windows\system32\isign32.dll
2010-11-09 14:51 . 2004-08-04 12:00	249856	----a-w-	c:\windows\system32\odbc32.dll
2008-04-22 18:40 . 2008-04-22 18:40	2808832	----a-w-	c:\programme\Gemeinsame DateienDDBACSetup.msi
2004-02-09 03:48 . 2005-07-04 15:35	899072	----a-w-	c:\programme\audiograbber.exe
2002-01-03 20:50 . 2005-07-04 15:35	155648	----a-w-	c:\programme\WMA8Connect.dll
2006-05-03 09:06	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((   SnapShot@2011-02-07_11.13.25   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-07 12:19 . 2011-02-07 12:19	16384              c:\windows\Temp\Perflib_Perfdata_348.dat
+ 2011-02-07 11:57 . 2011-02-07 11:51	28520              c:\windows\system32\drivers\ssmdrv.sys
+ 2005-10-17 20:27 . 2011-02-07 12:03	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2005-10-17 20:27 . 2010-07-28 14:19	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2005-10-17 20:27 . 2010-07-28 14:19	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2005-10-17 20:27 . 2011-02-07 12:03	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2005-10-17 20:27 . 2010-07-28 14:19	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-02-07 12:21 . 2011-02-07 12:03	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-05-26 06:47 . 2011-02-04 18:37	3817984              c:\windows\Installer\56c86.msi
+ 2010-05-26 06:47 . 2011-02-07 12:30	3817984              c:\windows\Installer\56c86.msi
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-08-08 16384]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 28160]
"HP Network Registry Agent"="c:\windows\system32\hpnra.exe" [2000-10-26 49152]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-02-07 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Default User\Startmen�\Programme\Autostart\
DSL-Manager.lnk - c:\programme\DSL-Manager\DslMgr.exe [2009-5-17 1085440]

c:\dokumente und einstellungen\frank\Startmen�\Programme\Autostart\
Spamihilator.lnk - c:\programme\Spamihilator\spamihilator.exe [2010-4-30 1512448]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
Belkin Wireless Utility.lnk - c:\programme\Belkin\F5D7001v2000\Belkinwcui.exe [2007-11-20 1572864]

c:\dokumente und einstellungen\Default User\Startmen�\Programme\Autostart\
DSL-Manager.lnk - c:\programme\DSL-Manager\DslMgr.exe [2009-5-17 1085440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Philips SA011 Gere-Manager.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Philips SA011 Gere-Manager.lnk
backup=c:\windows\pss\Philips SA011 Gere-Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^frank^Startmenü^Programme^Autostart^Spamihilator.lnk]
path=c:\dokumente und einstellungen\frank\Startmenü\Programme\Autostart\Spamihilator.lnk
backup=c:\windows\pss\Spamihilator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 13:57	948672	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57	35760	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2005-08-08 03:54	73728	----a-w-	c:\windows\system32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39	1164584	----a-w-	c:\programme\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlrblckr.exe]
2006-09-27 11:25	57460	----a-w-	c:\programme\Gigaset DECT\gigaset-m34-usb\dlrblckr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2004-10-19 23:01	86016	----a-w-	c:\programme\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2006-04-06 09:51	49152	------w-	c:\programme\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Proxy Server]
2007-06-25 15:57	918	----a-w-	c:\programme\Hewlett-Packard\ProxyService\ProxyService.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-02-16 07:34	20480	----a-w-	c:\programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40	155648	----a-w-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49	14940040	----a-r-	c:\programme\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07	2260480	------w-	c:\programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-08-01 18:17	185896	----a-w-	c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"iPod Service"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"UPS"=3 (0x3)
"OOCleverCacheAgent"=2 (0x2)
"gupdate1c997898b0c86dc"=2 (0x2)
"gusvc"=3 (0x3)
"O&O Defrag"=3 (0x3)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"UxTuneUp"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Bonjour Service"=2 (0x2)
"CCALib8"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"=c:\programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SerExt"=SerExt.exe /unplug 
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe"
"Acronis*True*Image Monitor"="c:\programme\Acronis\TrueImage\TrueImageMonitor.exe"
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"IDTSysTrayApp"=sttray.exe
"Spamihilator"="c:\programme\Spamihilator\spamihilator.exe"
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"nwiz"=nwiz.exe /install
"CTxfiHlp"=CTXFIHLP.EXE
"OOCCCTRL.EXE"="c:\programme\OO Software\CleverCache\OOCCCTRL.EXE" /tasktray
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"d:\\Games\\Counter Strike Source\\srcds.exe"=
"c:\\Programme\\Microsoft Business Solutions-Navision\\Client\\AtDebug.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\SmartStore\\SmartStore.biz 5\\SMBiz5.exe"=
"c:\\Programme\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\hpbspsvr.exe"=
"c:\\Programme\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Programme\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Programme\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"d:\\Games\\Counter Strike Source\\hl2.exe"=
"d:\\Games\\Battlefield 1942\\BF1942.exe"=
"c:\\Programme\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"d:\\Games\\Age of Empires 2\\empires2_ORI.exe"=
"d:\\Games\\Command and Conquer - Red Alert\\GAME.EXE"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Spamihilator\\spamihilator.exe"=
"c:\\Programme\\Spamihilator\\cdcc.exe"=
"c:\\Programme\\Spamihilator\\dccproc.exe"=
"d:\\Games\\Freespace2\\FS2.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"d:\\Games\\Age of Empires 2\\empires2.EXE"=
"c:\\Programme\\MailStore Home\\MailStoreLocal.exe"=
"d:\\Games\\Age of Empires 2\\age2_x1.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [07.02.2011 12:57 339624]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [07.02.2011 12:57 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [07.02.2011 12:57 403624]
R2 CAPI;CAPI 2.0 Service;c:\windows\system32\drivers\capi.sys [06.09.2007 12:28 28740]
R2 NDISCAPI;NDIS CAPI Service;c:\windows\system32\drivers\ndiscapi.sys [06.09.2007 12:28 41037]
R2 SPTimer;SharePoint Zeitgeber-Dienst;c:\programme\Gemeinsame Dateien\Microsoft Shared\web server extensions\50\bin\OWSTIMER.EXE [16.02.2001 00:42 345504]
R3 DectEnum;DectEnum;c:\windows\system32\drivers\DectEnum.sys [01.03.2005 10:36 8448]
R3 HRCMPA;ISDN Wan driver (Ver. 1.20.0032);c:\windows\system32\drivers\hrcmpa.sys [08.09.2004 15:22 263751]
R3 TSMPacket;DSL-Manager Service;c:\windows\system32\drivers\tsmpkt.sys [17.05.2009 13:50 13824]
S2 PC_FRANKDECKER;Microsoft Business Solutions-Navision Database Server PC_FRANKDECKER;c:\programme\Microsoft Business Solutions-Navision\Database Server\SERVER.exe [29.08.2005 12:22 772920]
S3 9030F945;9030F945;c:\windows\system32\9030F945.exe --> c:\windows\system32\9030F945.exe [?]
S3 Atkcfg;Cordless Device Configuration;c:\windows\system32\drivers\atkcfg.sys [01.03.2005 12:49 46592]
S3 bDMusicb;bDMusicb;\??\c:\dokume~1\frank\LOKALE~1\Temp\bDMusicb.sys --> c:\dokume~1\frank\LOKALE~1\Temp\bDMusicb.sys [?]
S3 CamDrv.Pixela;JVC Web Camera;c:\windows\system32\drivers\camdrv.sys [04.07.2007 10:10 9125]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\drivers\DslTestSp5.sys [17.05.2009 14:22 26816]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [28.07.2009 11:20 36608]
S3 Gig5gu;Cordless Internet Access;c:\windows\system32\drivers\gig5gu.sys [01.03.2005 12:51 55680]
S3 Gigsrf;Cordless Device Line Access;c:\windows\system32\drivers\gigsrf.sys [01.03.2005 12:50 94592]
S3 Gigtnc;Cordless PC Control;c:\windows\system32\drivers\gigtnc.sys [01.03.2005 12:49 45440]
S3 HotSpotFSvc;Hotspot Manager;"c:\programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe" --> c:\programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe [?]
S3 IUAPIWDM;ISDN USB Interface (Ver. 1.20.0032);c:\windows\system32\drivers\IUAPIWDM.sys [08.09.2004 15:22 50759]
S3 KMWDKUSB;KM-WDK USB;c:\windows\system32\drivers\KMWDKUSB.sys [18.10.2005 15:56 41667]
S3 Normandy;Normandy SR2; [x]
S3 phil2vid;Philips VGA-Kamera (USB);c:\windows\system32\drivers\philcam2.sys [29.01.2010 12:47 173696]
S3 siellif;siellif;c:\windows\system32\drivers\siellif.sys [08.11.2006 11:54 113408]
S3 Sieupapp;Cordless Device Update;c:\windows\system32\drivers\sieupapp.sys [01.03.2005 12:46 32128]
S3 Sieupdfu;Cordless Device in update mode;c:\windows\system32\drivers\sieupdfu.sys [01.03.2005 12:47 32000]
S3 TDslMgrService;DSL-Manager;c:\programme\DSL-Manager\DslMgrSvc.exe [17.05.2009 13:50 294912]
S3 vmdmd;Softmodem/Fax Port Driver;c:\windows\system32\DRIVERS\vmdmd.sys --> c:\windows\system32\DRIVERS\vmdmd.sys [?]
S3 xControlCOM;xControlCOM;c:\programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe [01.03.2005 09:45 327680]
S4 gupdate1c997898b0c86dc;Google Update Service (gupdate1c997898b0c86dc);"c:\programme\Google\Update\GoogleUpdate.exe" /svc --> c:\programme\Google\Update\GoogleUpdate.exe [?]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-05-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer
uInternet Settings,ProxyOverride = localhost;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B}
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044}
FF - ProfilePath - c:\dokumente und einstellungen\frank\Anwendungsdaten\Mozilla\Firefox\Profiles\5251vv0e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - 
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-07 14:31
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]
"70403E1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="8FBB43996A723FE73D97F3808AE13793C972D786B14AA70BEBF328761B4BBC84373594511DC0D14760FE90533718C88E904F3FBAAB0DFA3DC4306BE9A89E3B6344E5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A2D97226D213B555A2D97226D213B5555617C29FBA1E2C8D754C4FD5CF3B25F8C54CDE2B29F97C56B47685CDF23C64033E74C43936548B75F1DA313E5C0B1661EE912FCBBAEF94B100153F92B3852252BFFD5477DFAC7EC6D16141CED3EEC592237B32F06812AF73C9AB399C1CFB64EA61C2E3A003E5DD8F8B9DEB62C1E5593F6C146D2D1D3A5C13C93131509A7743A62D458A102EF76AB0993EC1EBF4A1596FD45787A40A7889DB3D0F09A76086B8B72F7D84B6B28C48607AE875ED818A33FBEC36CE12239110ED6423C6B1E0E6A2A379542E15A67EFC2932B35F80BDB9B594C716B4C0A07A273C843F14905790C3C1232B0DC4646276E7C4AB7B51C47D173C7DD0CC93FEE0ED9066AA40FABE28C1C0C3D445EF897C014FBFCFEA9E75D9ED4A2A32517FFCA46304551EBAB95A8D289F7B96A4567A45D26430166F3FF40437676C7B9D8C9FD76E88A3481B2CAE4FE434E82D17CADAEB028028E4F11927E6D31467E1B45AAF42D7E0244B9BC50432CAA5B447B23515518952BF19FEA9BA2008A3450FB918395F4D2431BC988A67300F7386862C10D88BC9DA918245819B84FB3AAE20768B8BDFE13FA6A695152C74CCEB8C04DE6B97E20671BAE499C47F98BAD55624560F3B2687F2E487B69564DE833579494A6A86D5653DDF78F32A5C18B7C36D226C0F21C91BD0D151484C6C061347015610C2A016F23FA569EE7FECF046262C926C8C581757C0D4E83691DD31C4EFDD1E78C2A4879E46B8D7CB2632451D74CEE2AF9DC08C5F015BAA134D9D5C41CFCD86ED471345BBF9C5D6ED0F6CEB5A791572B3EA7F5E389FD461947E4EB9965A93EA7E44B49D82D3816FDDC526EF7D54C11997B1FC74C97FB75315B859ACB8D8711C5E4111908C20219D4665A68FEA779C9C21C3E369E3D9FA3212A1EC4DFC69B4DAE3D9F6D3D903DFD0F71D01BD6CA8F2BCB885260D363A1CAA2D72F9691E7B295F0BBB79504FF07C6E66B2061FAC0492296DF176E2577F9B5A2D7AB4003AD421D470AB6EA53233B84DA97D4D10BD784F866D14CD23BF5F7E53FA1C97C7548C7159D881EEA3AFE8DBB8FEEAB19F12C7026F108E67384D5F4D1A254D5EA6D190F3802A26DA505583B0F1437AD30E040A846F4B96C443C05C142A5E970B3BFD220852701BD2659847062D7CBF1554CD2838083F74A916408664727A1A63D407550DC7D873BD50CFD0AD9153649D1B12E2802FA9089D395661D15274086F78FE93695138D445B1350B00BB11A4D742"
"OODEFRAG08.00.00.01WORKSTATION"="28C594627E2E8EEF24A67C7B6A50E85A44BDA4BC70F60DF387609AD40A2B740BD1851B2D8C3B5FE5A70BB68A49C5A1ECBE153FBD86E6B3DC55F708DCBE62221461307A963B673FDF8E6F708DF366326D06B4684B45F2CAB6917A8636F432AB1081EB642B87E1C4386DB33012E1E89787BED51C13C179521D0E9926D0FE44B82ACF011E3A9FBCDBCACED98F67C0E522E6FD52EA07C63D20AC0D270B5E63A4C294DA5C02D968EBC3F8B107BE2471DD77404F29F65ED066DF0AC69D6CD7DBC319012A0F7CDFF8C811FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A2D97226D213B555A2D97226D213B55506D5B761EA1A59E613A9F6E2CE4F528ADA76646710038A90BD06600A211A3E03C1BC4BFA8840A692DC487F0C3478B742C69BD991D98CF77DE1B45516DFB6DCE434433A58E02BC07FE7904F1AB7EBE62E6538AD451DED8975FCBB93D7DA0D00961759D3A7034E6FF6FDBD51F1C5F710D9347802BACBF4F9E95B52137D23870C8C2AE30C30C2D0E091F0010F8E1621C9A533799CC19A21E71E4F24F34B8FC3C912AEB87CC6370C23BE927FBBFA9E9D0DC4674DE7BB0327D4ACADCE7A97BA9362446CA5DED8BA8EAC41BBD3ACD99B59B73ED97AF09F41EEA70150660B4E82FAE615ADE893686C9BD42F4709D8600E730AEE167A6BF6D7962B5C16F1B2ED88B5C94941391F8731A9577516A05FD6BA41AA86AD3CAAE00BEC8DD35FEB9F0B3430E1FB7A3CA960ADE1D5508B907F1CA7482209B49FAA0F6478E0509143A3CBAE0B6C1C2E8E7DADCF2454D30E409D9FA1C45FCCC47D87C7B1EF9C8C175CB7EB669D87E738410D4043833BE68A0FC468BAA6317FF89E85648240999B5E8CF43B8CEFB6F7F6D76AFBFEC4D6446FCBA08E4511CF9FF2BF87D5AD8996E2579F9B9C9840E1B5CD49CC5AB7E4577AB1BC02C0595B528158949A9BCA22B71977D38D07447FD3DD220392666810516BC89A5EBD5412B74DCFC26A4E381102CA3BDDD1058D543C03DFE4B9C0D2293DCEAF92CDDDD47360FC87644A961692DEDA1D6393373717AE8AF5C1E69EF647773065458D0840F29263AE87AEB3CA979E7C218022D1C6D6222FD4E1E0C61EB5C0ECEEC7FEBABEB9F6217BADB1F5FEC5F2B84BC26F198652737D74039516D171BC38542327073B229A3025CD92C61F75F0ECA52F14EA0502DF57CFD394FDE2AE759920D4AD11673B705BE9CFB39D5DB015C93EBAC8B5140F8BF3E5F88F0163D1D4EA624D6093364ACCC10914988A2EBABC5427D16DFBC954FE5BB70A60382AF6AD5B2FF1B05CE0C36959C76CEB2FCA07AA63F45206D50066A36CCD9282CFD36D32ED1D1C32CA635763E76F1EFB4230BE05A64210376ED48A4B5731921587BEB4FCF8C7"
"OODLED02.00.00.02WSSV"="3C9169EEAE4659C932E0067666EFBFF7D17F2C988843BC3792D99714E97C68627CF6404C08AFD921CB1E795B517639BDDC7AEE30389B9793ED65DCC5A36B9E05B22A2F6423858DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A2D97226D213B555A2D97226D213B5553ABD635F70FE624A6062D86AC28E8EF39C45127F8854F1C11B290CD6064CBE183B3AD68630EE8BBE0FA05F98F065ACD366DE4FEFF91117A0E484FE7A25655AB431AC6E39EB13A44EACD15612E47CD81CC06AC775D6003A4434D95AD1DD919AC79C34E7D81D9F28A7D1CB5E95FE50BFE57D139C4D0B0556D2B3CAE036C3B76C251F06487C20A016E9B8F8DB96062F12C0919732E764D1EFE7338997B54E91C316836955EE34F4F22C4453F7BDA2BD84AD98C8B1E814F08A9025DD4A12D72B9754B4BB9B2E7ECDC5F5796F9CE3E174CEA34F0F092BB2BE30D19F2307402069E09342EB68ED07B49AC400F17C1C359E2F0C98E269B839EB6FA25E479E694C7F207461FE50123B0280892712892771DBE5447A53C653867DD96CC0CF276CE0F75690670DA9B76A658C29DC9EFCFD511FB69E1D82DB6FDC4B83114852FB5ACB318B73D143902DC9E1547DB879D34B73B2E9624F27A4B5E28488E01D7ABB77DA5C491DC0E064F271CDF3D2F017CCEFD52FCEC7838A6281A2A604230907C73F42FE1F8278B946C1DCD30CE9E4016B7D5F8632FDCF0C9BE58A0999147CCC44DD99F39E0BDE379F03EDF240F894D3F9BCD9FA6BA76C1D18A4EDD16D6389B11F35DAE7DF1281551AD5E87E3728A342832A72A65359B9C4E3B70281AA31E531045B67DCFCE890A4A58CF41D9D14DC105873BBF2C51DB69CD24BE0657E176E5B6519812914D25FC8752D9F4922CD2C178CFCA8A123728C52F8BF0B24999F215379EB5075C807E4FA0073D8D179DB2344775D15C4CF4A82AAAE2A6036B14921CFBB056041C0B3BE8580CBF4585AB5F51A37E13C44358A07F812D229E80387359B684B20DC27772CCA765B2C5501C9FDACAA88415D408E2DA984B58FDB47C0C7960357E26EAAE590BDA5769B13ADF737A5F585291E60A22AB92A842004C35068B5D0F761707D0874E7142943B02295C342813F5B6C8B89D7BBEBA2CFAABB064B7CDCAB352F56D803E38D3187A028EAE754F853A87D39F8B3D67829736C79A3440AF4AADE4E704A0D64A001B1A889B60EC04D10405F679B604440E3463ACAE0CF0CAADE42C18A3E852BA1BFEB6497A8400032F9386F168F2352F7D4E5D802E80EC4D4E2A4D4660E059127C7494324E5B1209FC6896449666664992FD460735A3F8C0D0B34A44B0547040CA63C870988B5C2D16391430AA5B8EFE05CF93E79494DCE315CFD2383632C02EFA09E48A09C47"
"OODEFRAG10.00.00.01WORKSTATION"="7E9BA43834A0FB77BED2D74582190FC4DA44504293262BB2287AB549DA1D24C7197FC9FDC057D7B4B8E744EEFBFEBAB9746603805275AF983D7E10EE10C431A06E39EBDA6821C7440FF23167927CD3BCDC3207E8C0A828C22899DAA7E30AEDD380D8F6A5C2D85F0BB2BCE38658F5D38590CA92F511CB915795E761ADC6C0FB184B13EC7B9BBA87F089B5AF6A18B086CB84F570E4294DBE02A527057F5A22D2A839C163BC71697A63EE6E00F24E588C4E1E1F80B82281FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D5D575E7D6A3B9808A6A0AC4980AC7933DDFCC0E660B7195ACA60A458C41F5E6B73E0178A77FE61654C9CC063A2BBC565E52E71A1F9F113AA780B6F7666E96BFB37020F310C8E0B168137A4779580A4B151C63E1257B4FC9688622EC544A063BA8E8B6DBD23F879762CD7400A2B0643C6D14B38225B768B21963B0287335B9A5593457DECA99A3BFC8FD6A9ED06860C02F045E6DE7C7727310D6F7EA49F799559BB79801D9E1211004210701E5B839EA40B4043FB44366D10ADDCA826871F0DBB4B772A5218C1F23E2EE21635F3414FD34E4DBCCC50F82EED8D657C3C80AF6F52DA1022B63CD10C5713B20D762E47241A3E01B2CCD3C8ED5A15EE6AB9AF555ED9D91D8492C8ACB8CD83E640C57AE1DA6334F37D9A957364CD00E05214D1002F7189F562590E820D8CE5EB8BABDDA0DF01DAC2E6F66F097FA3612C0E68B5616B1C7FFABE1CEF46CE5FF531C15472D859AAB28EABC64E5FDF179B40E6F33E6E50C1A60F1194E5ADF9F5422AA61365A19EF60F7CFE96378E58CDE8149D1A63E1CF2D3A97C69EFD34BBE4ABCDF2DAF6D7396518338612BD75F2CBD520E3622F3B0E8D4E003F39D69A76256B99D3C5FD1C6A554961DC8B0EB36CFC42E2607642B9667748B74E87A563C0930B0CEA906251A68EF1B60FF9E5AF33AEE35DAE264F67E6626130BB53B1D4E56EE9A84D9A229F92B836E69F761792ED14C416DE651E8B4FA728DFC40859FA64DBBAF704E94DF48B628F2D053F874874C33F96F24889341588FC4218358A24ED6303048AA78B7E21FA4644A7B5B202D3B7046B618B0035E22896D55B0FCAE4E9F21FDDD321143496D97DEC686126B64B4E9AA6968E8624160DFE1D25ED3293F2D83D98C445364BE338A76C16E9051D50C95A5EF052335A3F24141F81CB6DCA56CB604CB4ABD04033338B8B799D84350BD0EE2DC300B1F6A43B07E5F04A3C6A18615F15728AD954E4CC4616CAEEEFBD586DD9AE5460415B4007DD80E72D72156D98E3113F41DB8B0D68475D38F4243CC88E7006DF6434AE3F1EF1024D5BF9B1C151EEE3CD4EF32D725152B5E467147AA1075AD8941E73D9027B7100FD614D6DB3CED0B6"

[HKEY_LOCAL_MACHINE\software\Philips]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\KMWDKUSB\KyoceraFS-1020D\6&16670c5b&0&KMWDKUSB]
@Denied: (C D) (Everyone)
"DeviceDesc"="Kyocera Mita FS-1020D KX"
"LocationInformation"="KMUSB001"
"Capabilities"=dword:000000c0
"ConfigFlags"=dword:00000000
"HardwareID"=multi:"KMWDKUSB\\KyoceraFS-1020D43AD\00\00"
"CompatibleIDs"=multi:"KyoceraFS-1020D43AD\00\00"
"ClassGUID"="{4D36E979-E325-11CE-BFC1-08002BE10318}"
"Class"="Printer"
"Driver"="{4D36E979-E325-11CE-BFC1-08002BE10318}\\0002"
"Mfg"="Kyocera"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(2004)
c:\programme\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(3732)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2011-02-07  14:33:57
ComboFix-quarantined-files.txt  2011-02-07 13:33
ComboFix2.txt  2011-02-07 11:28

Vor Suchlauf: 18 Verzeichnis(se), 216.973.971.456 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 216.955.457.536 Bytes frei

- - End Of File - - 62192F9E2AE015628C6F1CD9332AD950