Code:
Combofix Logfile:
Code:
ComboFix 12-11-16.02 - Hartmann 17.11.2012 13:22:52.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.3583.3053 [GMT 1:00]
ausgeführt von:: c:\bereinigung\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Hartmann\4.0
c:\dokumente und einstellungen\Hartmann\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\offitems.log
c:\windows\system32\Cache
c:\windows\system32\Cache\1912d5777f7005f9.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\9e4001dd763baee1.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ac295ebe5b3dc558.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b2d6905753425c3e.fb
c:\windows\system32\Cache\bf7c49d667226cb1.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e71037d9cf87ca54.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\wiafbdrv.dll.new
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-17 bis 2012-11-17 ))))))))))))))))))))))))))))))
.
.
2012-11-10 11:52 . 2012-11-10 11:52 -------- d-----w- c:\programme\Kaspersky Lab
2012-10-29 16:58 . 2012-10-29 16:58 -------- d-----w- c:\programme\Gemeinsame Dateien\Roxio Shared
2012-10-29 16:57 . 2012-10-29 16:57 57344 ----a-w- c:\windows\uneng.exe
2012-10-29 16:57 . 2012-10-29 16:57 49152 ----a-w- c:\windows\system32\cdrtc.dll
2012-10-29 16:57 . 2012-10-29 16:57 45056 ----a-w- c:\windows\system32\cdral.dll
2012-10-21 21:25 . 2012-10-21 21:25 18380552 ----a-w- c:\programme\WEB.DE_Firefox_Setup.exe
2012-10-20 22:10 . 2012-10-20 22:10 -------- d-----w- c:\programme\Roxio
2012-10-20 20:17 . 2012-10-20 20:17 -------- d-----w- c:\dokumente und einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Sun
2012-10-20 20:01 . 2012-10-20 20:01 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2012-10-20 20:01 . 2012-10-20 20:01 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-20 20:01 . 2012-10-20 20:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-18 18:26 . 2012-10-18 18:26 -------- d-----w- c:\programme\ESET
2012-10-18 18:03 . 2012-10-18 18:03 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 12:25 . 2012-04-10 00:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-13 12:25 . 2012-01-07 13:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 19:56 . 2008-06-11 16:50 1866496 ----a-w- c:\windows\system32\win32k.sys
2012-10-20 20:01 . 2011-04-02 12:36 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-20 20:01 . 2010-05-12 14:29 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:05 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2008-06-11 16:50 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2008-06-11 16:50 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-30 20:12 . 2012-03-30 20:12 7558447 ----a-w- c:\programme\aemf20.exe
2012-10-27 22:26 . 2012-10-27 22:25 261600 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-20 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-20 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-20 142872]
"RTHDCPL"="RTHDCPL.EXE" [2011-06-24 20053608]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 29696]
"Ocs_SM"="c:\dokumente und einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe" [2012-03-29 106496]
"Gtwatch"="c:\windows\Gtwatch.exe" [2001-09-21 32768]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Norton Ghost 15.0"="c:\programme\Norton Ghost\Agent\VProTray.exe" [2010-03-03 2598760]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Watch.lnk - c:\windows\twain_32\A12U16KD\WATCH.exe [2012-4-3 356352]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Watch.lnk]
backup=c:\windows\pss\Watch.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1und1Dispatcher]
2011-11-17 08:08 223600 ----a-w- c:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2007-06-26 18:27 312320 ----a-w- c:\programme\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gtwatch]
2001-09-21 12:50 32768 ----a-w- c:\windows\Gtwatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2011-08-10 14:39 1313640 ----a-w- c:\programme\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2008-01-14 15:28 16384 -c--a-w- c:\programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2004-04-26 06:06 29696 -c--a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-03-31 16:21 114688 -c--a-w- c:\programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 95632 -c--a-w- c:\programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor1]
2009-11-25 19:42 54672 -c--a-w- c:\programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 -c--a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task1]
2007-06-29 04:24 286720 -c--a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task2]
2007-06-29 04:24 286720 -c--a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2012-05-31 13:00 445624 ----a-w- c:\programme\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-04-15 15:03 39408 ----a-w- c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg1]
2011-04-15 15:03 39408 ----a-w- c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"HF_G_Jul"="c:\programme\AVG Secure Search\HF_G_Jul.exe" /DoAction
"ROC_ROC_JULY_P1"="c:\programme\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\IPACS\\easyFly\\easyfly.exe"=
"c:\\Programme\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programme\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\German\\setup.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Programme\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Ubisoft\\Silent Hunter 5\\sh5.exe"=
"c:\\Programme\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04.03.2011 13:23 11352]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [12.02.2010 06:10 57840]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.03.2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 20:27 19472]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [29.03.2012 20:35 65136]
R3 SymSnapService;SymSnapService;c:\programme\Norton Ghost\Shared\Drivers\SymSnapService.exe [11.02.2010 01:34 1964528]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [02.09.2006 16:18 515803]
S2 SearchAnonymizer;SearchAnonymizer;c:\dokumente und einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe [29.03.2012 23:24 40960]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 12:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.03.2012 20:39 1691480]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [14.10.2011 11:47 45288]
S3 FTD2XX;FTD2XX.SYS USB Loopback driver;c:\windows\system32\Drivers\FTD2XX.sys --> c:\windows\system32\Drivers\FTD2XX.sys [?]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [12.02.2010 06:09 1574408]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [08.07.2012 21:53 12400]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [14.10.2010 16:18 618112]
S3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\drivers\PMUSB.sys [04.01.2009 14:25 17408]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [19.06.2012 15:39 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [19.06.2012 15:39 11104]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [29.09.2010 02:23 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [29.09.2010 02:23 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [29.09.2010 02:23 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [29.09.2010 02:23 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [29.09.2010 02:23 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [29.09.2010 02:23 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [29.09.2010 02:23 115752]
S3 Sony PC Companion;Sony PC Companion;c:\programme\Sony\Sony PC Companion\PCCService.exe [29.03.2012 15:34 155320]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [04.08.2004 13:00 5120]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\programme\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.07.2008 01:27 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.07.2008 01:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.07.2008 01:27 369688]
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:26]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-23 01:27]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-23 01:27]
.
2012-11-17 c:\windows\Tasks\User_Feed_Synchronization-{44BE5EBB-6A99-4DE1-B962-E148184E8A04}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://wirtschaft.t-online.de/
uInternet Settings,ProxyOverride = localhost
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\programme\WEB.DE Toolbar\IE\uitb.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\dokumente und einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - ExtSQL: 2012-10-21 22:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\dokumente und einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-21 23:22; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\dokumente und einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 06:14; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: extentions.y2layers.installId - 990f290f-7db5-4997-8094-5464220ca119
FF - user.js: extentions.y2layers.defaultEnableAppsList - TwitTube,Buzzdock,toprelatedtopics,dropdowndeals,ezlooker,bestvideodownloader
FF - user.js: security.csp.enable - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 209027f10000000000005404a6d4fa58
FF - user.js: extensions.BabylonToolbar_i.hardId - 209027f10000000000005404a6d4fa58
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15430
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:36
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 209027f10000000000005404a6d4fa58
FF - user.js: extensions.Softonic.instlDay - 15510
FF - user.js: extensions.Softonic.vrsn - 1.5.24.3
FF - user.js: extensions.Softonic.vrsni - 1.5.24.3
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.24.316:30
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00015
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-CommonToolkitTray - c:\programme\Fighters\Tray\FightersTray.exe
MSConfigStartUp-Iminent - c:\programme\Iminent\Iminent.exe
MSConfigStartUp-IminentMessenger - c:\programme\Iminent\Iminent.Messengers.exe
MSConfigStartUp-SWPROguard - c:\programme\Fighters\SPYWAREfighter\swprotray.exe
MSConfigStartUp-TrueImageMonitor - (no file)
MSConfigStartUp-vProt - c:\programme\AVG Secure Search\vprot.exe
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe Photoshop Elements 1.0 - c:\windows\ISUN0407.EXE
AddRemove-easyFly - c:\windows\IsUn0407.exe
AddRemove-NetObjects Fusion Essentials - c:\windows\IsUn0407.exe
AddRemove-PhotoRecord - c:\windows\IsUn0407.exe
AddRemove-Take ONE 4 - c:\windows\IsUn0407.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-17 13:32
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-776561741-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1292428093-776561741-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{81A5E050-A058-9B7D-3121-B4D07E0CD962}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oapgnojopinngplplhckbpkmfgekhb"=hex:63,61,70,61,62,6d,00,7c
"oalfnkeajmodfepbafbbageoffnpoj"=hex:69,61,61,62,6c,6c,64,6c,61,6f,65,64,69,6c,
6c,6a,6f,6b,00,00
"nabglajpckfghfgglkkgiljfnalp"=hex:69,61,70,61,61,6d,61,61,6d,65,61,6b,6c,6f,
6b,61,6e,6b,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1504)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-11-17 13:34:52
ComboFix-quarantined-files.txt 2012-11-17 12:34
.
Vor Suchlauf: 69 Verzeichnis(se), 313.802.301.440 Bytes frei
Nach Suchlauf: 73 Verzeichnis(se), 315.015.827.456 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=AlwaysOff
.
- - End Of File - - 0D95B9EAAC7FD5CDE589B8329ED91758
--- --- ---
|
