| dragonnorm | 15.08.2010 22:14 |
Habe den CCleaner und cofi.exe durchlaufen lassen. Habe dabei Antivir ausgeschaltet und alle Fenster geschlossen. Firewall habe ich angelassen. Windows Defender ist aus(aber sowieso immer wegen Antivir, weil ne Meldung kam à la "Die blockieren sich gegenseitig")
[QUOTE]
Combofix Logfile: Code:
ComboFix 10-08-15.01 - Norman 15.08.2010 22:48:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.2159 [GMT 2:00]
ausgeführt von:: c:\users\Norman\Desktop\cofi.exe.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-15 bis 2010-08-15 ))))))))))))))))))))))))))))))
.
2010-08-15 20:57 . 2010-08-15 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-15 20:35 . 2010-08-15 20:35 -------- d-----w- c:\program files\CCleaner
2010-08-12 21:13 . 2010-07-26 20:30 705208 ----a-w- c:\users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\eq8cnehf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-12 21:13 . 2010-07-26 20:30 978664 ----a-w- c:\users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\eq8cnehf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-08-11 18:28 . 2010-08-11 18:28 -------- d-----w- c:\users\Norman\AppData\Roaming\Avira
2010-08-11 18:08 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-11 18:08 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-11 18:08 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-11 18:08 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-11 18:08 . 2010-08-11 18:08 -------- d-----w- c:\programdata\Avira
2010-08-11 18:08 . 2010-08-11 18:08 -------- d-----w- c:\program files\Avira
2010-08-11 17:32 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 17:15 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 17:12 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 17:07 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 17:01 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 17:01 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:17 . 2010-08-11 15:17 -------- d-----w- c:\users\Norman\AppData\Roaming\Malwarebytes
2010-08-11 15:17 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 15:17 . 2010-08-11 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-11 15:17 . 2010-08-11 15:17 -------- d-----w- c:\programdata\Malwarebytes
2010-08-11 15:17 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 13:28 . 2010-08-11 13:31 -------- d-----w- c:\users\Norman\AppData\Roaming\QuickScan
2010-08-11 12:26 . 2010-08-11 12:26 0 --sha-r- c:\users\Norman\AppData\Roaming\WkCD2.dll
2010-08-11 05:56 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 05:56 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 05:56 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 05:49 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-09 10:02 . 2010-08-09 10:02 -------- d-----w- c:\users\Norman\AppData\Roaming\Media Player Classic
2010-07-28 16:29 . 2010-07-28 16:29 680 ----a-w- c:\users\Norman\AppData\Local\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 19:57 . 2008-09-01 07:57 644136 ----a-w- c:\windows\system32\perfh007.dat
2010-08-15 19:57 . 2008-09-01 07:57 136322 ----a-w- c:\windows\system32\perfc007.dat
2010-08-15 18:33 . 2008-09-02 03:43 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-15 08:24 . 2008-11-12 13:05 -------- d-----w- c:\users\Norman\AppData\Roaming\ICQ
2010-08-15 07:37 . 2010-01-20 15:03 1 ----a-w- c:\users\Norman\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-11 18:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-11 18:04 . 2010-03-03 09:27 -------- d-----w- c:\programdata\avg9
2010-08-11 12:25 . 2010-08-11 12:25 -------- d-----w- c:\program files\DateiCommander
2010-08-11 12:25 . 2010-08-11 12:25 -------- d-----w- c:\users\Norman\AppData\Roaming\Dateicommander
2010-08-11 12:25 . 2010-08-11 12:25 -------- d-----w- c:\programdata\Dateicommander
2010-07-30 20:25 . 2009-06-26 14:31 -------- d-----w- c:\program files\ICQ6.5
2010-07-28 16:16 . 2008-12-31 21:46 -------- d-----w- c:\program files\YouTube Downloader
2010-07-21 10:00 . 2009-07-16 07:49 -------- d-----w- c:\users\Norman\AppData\Roaming\Kivoyx
2010-07-21 08:47 . 2010-02-22 09:11 -------- d-----w- c:\users\Norman\AppData\Roaming\Ebrue
2010-07-14 04:46 . 2010-05-23 08:44 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-14 04:46 . 2010-05-23 08:42 -------- d-----w- c:\programdata\DivX
2010-07-14 04:46 . 2010-07-14 04:46 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-14 04:46 . 2010-07-14 04:46 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-14 04:46 . 2010-01-15 13:37 -------- d-----w- c:\program files\DivX
2010-07-14 04:45 . 2010-07-14 04:45 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-14 04:44 . 2010-05-23 08:44 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-14 04:44 . 2010-05-23 08:44 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-11 18:28 . 2010-07-11 18:28 10134 ----a-r- c:\users\Norman\AppData\Roaming\Microsoft\Installer\{F8413786-48E7-FA4F-474A-CF573131140D}\ARPPRODUCTICON.exe
2010-07-04 07:43 . 2008-11-12 13:03 -------- d-----w- c:\users\Norman\AppData\Roaming\Winamp
2010-06-27 07:50 . 2008-09-01 12:20 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 06:05 . 2010-08-11 17:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 17:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 17:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 17:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-18 08:38 . 2010-06-18 08:38 -------- d-----w- c:\program files\Ryu&Soft
2010-06-04 12:49 . 2010-06-04 12:49 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-04 12:48 . 2010-06-04 12:48 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-04 12:44 . 2010-06-04 12:44 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-04 12:44 . 2010-06-04 12:44 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-04 12:41 . 2010-06-04 12:41 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-26 17:06 . 2010-06-10 21:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 21:17 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 08:43 . 2010-05-23 08:43 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-05-23 08:43 . 2010-05-23 08:43 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-23 08:43 . 2010-05-23 08:43 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-23 08:43 . 2010-05-23 08:43 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-05-23 08:43 . 2010-05-23 08:43 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-23 08:43 . 2010-05-23 08:43 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-05-23 08:43 . 2010-05-23 08:43 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-23 08:43 . 2010-05-23 08:43 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-23 08:43 . 2010-05-23 08:43 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-23 08:43 . 2010-05-23 08:43 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
c:\users\Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 12:01 71216 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):89,6c,32,4b,ff,52,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ADDMEM;ADDMEM;c:\users\Norman\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-09-01 13312]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2008-08-28 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2010-08-15 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
2010-08-15 c:\windows\Tasks\User_Feed_Synchronization-{6891D34D-C0D2-4B5B-BAF8-209BC113CF9C}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\eq8cnehf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
FF - component: c:\users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\eq8cnehf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\eq8cnehf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-15 22:57
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-15 23:01:20
ComboFix-quarantined-files.txt 2010-08-15 21:01
Vor Suchlauf: 7 Verzeichnis(se), 84.763.668.480 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 84.718.075.904 Bytes frei
- - End Of File - - 8652F74513AB679A49652EACEE29658D
--- --- --- |
