(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SSS7=c:\programme\Steganos Security Suite 7\SSS7.exe [2005-05-02 274432]
TweakRAM=c:\programme\TweakRAM\TweakRAM.exe [2008-05-01 1188352]
swg=c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-30 68856]
ctfmon.exe=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AntivirusRegistration=c:\programme\CA\Etrust Antivirus\Register.exe [2005-01-31 458752]
OmniPass=c:\programme\Softex\OmniPass\scureapp.exe [2005-09-26 1847296]
UnlockerAssistant=c:\programme\Unlocker\UnlockerAssistant.exe [2008-03-01 15872]
RemoteControl=c:\programme\Home Cinema\PowerDVD\PDVDServ.exe [2004-11-02 32768]
QuickTime Task=c:\programme\QuickTime\qttask.exe [2008-09-06 413696]
cctray=c:\programme\CA\CA Internet Security Suite\casc.exe [2009-08-12 374000]
CAVRID=c:\programme\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2009-08-12 271600]
Ad-Watch=c:\programme\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]
SunJavaUpdateSched=c:\programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=c:\windows\system32\CTFMON.EXE [2008-04-14 15360]
DWQueuedReporting=c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe [2007-03-13 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
SSS7=c:\programme\Steganos Security Suite 7\SSS7.exe [2005-05-02 274432]
tscuninstall=c:\windows\system32\tscupgrd.exe [2004-08-04 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
NoDesktopUpdate= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 13:46 79368 ----a-w- c:\windows\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\l:\0autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=Service
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
DisableMonitoring=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
c:\\WINDOWS\\system32\\sessmgr.exe=
c:\\Programme\\Skype\\Phone\\Skype.exe=
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [5.1.2009 11:36 107512]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13.5.2009 13:06 64160]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [18.11.2008 12:14 72696]
R2 a2AntiDialer;a-squared Anti-Dialer Service;c:\programme\a-squared Anti-Dialer\a2service.exe [30.6.2007 13:27 419448]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\programme\CA\CA Internet Security Suite\ccschedulersvc.exe [21.4.2009 09:58 128240]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [8.1.2009 14:00 1029456]
R2 SLEE_81_DRIVER;Steganos Live Encryption Engine 8.1 [Driver];c:\windows\system32\drivers\slee81.sys [2.5.2005 11:02 69632]
R2 UmxAgent;HIPS Event Manager;c:\programme\CA\SharedComponents\HIPSEngine\UmxAgent.exe [12.12.2008 12:37 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\programme\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10.12.2008 12:58 797176]
R2 UmxPol;HIPS Policy Manager;c:\programme\CA\SharedComponents\HIPSEngine\UmxPol.exe [19.12.2008 13:59 297464]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [5.2.2008 14:07 799744]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [21.1.2008 19:01 37568]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [22.4.2008 13:02 1272000]
R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI v2.0;c:\windows\system32\drivers\fpcibase.sys [21.1.2008 19:01 444416]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [12.12.2008 12:37 205304]
S2 winsmss ;Windows Session Manager Services ;c:\windows\system32\\winsmss.exe --> c:\windows\system32\\winsmss.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\iedkcs32.dll,BrandIEActiveSetup SIGNUP
.
Inhalt des geplante Tasks Ordners
2009-08-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-08 14:15]
2009-08-13 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-30 17:40]
2009-08-13 c:\windows\Tasks\User_Feed_Synchronization-{E9CCAB06-EAF4-42D6-85A1-6043059931A0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-Adaware Bootup - c:\programme\Lavasoft Ad-Aware\Ad-aware.exe
Notify-OPXPGina - (no file)
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: aweber.com\www
Trusted Zone: download.com\www
Trusted Zone: google.de\www
FF - ProfilePath - c:\dokumente und einstellungen\yuppy\Anwendungsdaten\Mozilla\Firefox\Profiles\qxp97aog.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox
FF - component: c:\dokumente und einstellungen\yuppy\Anwendungsdaten\Mozilla\Firefox\Profiles\qxp97aog.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\dokumente und einstellungen\yuppy\Anwendungsdaten\Mozilla\Firefox\Profiles\qxp97aog.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\dokumente und einstellungen\yuppy\Anwendungsdaten\Mozilla\Firefox\Profiles\qxp97aog.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\dokumente und einstellungen\yuppy\Anwendungsdaten\Mozilla\Firefox\Profiles\qxp97aog.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\dokumente und einstellungen\yuppy\Anwendungsdaten\Mozilla\Firefox\Profiles\qxp97aog.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\dokumente und einstellungen\yuppy\Anwendungsdaten\Mozilla\Firefox\Profiles\qxp97aog.default\extensions\[email protected]\components\coolirisstub.dll
FF - component: c:\dokumente und einstellungen\yuppy\Anwendungsdaten\Mozilla\Firefox\Profiles\qxp97aog.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\dokumente und einstellungen\yuppy\Anwendungsdaten\Mozilla\Firefox\Profiles\qxp97aog.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\dokumente und einstellungen\yuppy\Anwendungsdaten\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref(media.enforce_same_site_origin, false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(media.cache_size, 51200);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(media.ogg.enabled, true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(media.wave.enabled, true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(media.autoplay.enabled, true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(browser.urlbar.autocomplete.enabled, true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(capability.policy.mailnews.*.wholeText, noAccess);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(dom.storage.default_quota, 5120);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(content.sink.event_probe_rate, 3);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(network.http.prompt-temp-redirect, true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(layout.css.dpi, -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(layout.css.devPixelsPerPx, -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(gestures.enable_single_finger_input, true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(dom.max_chrome_script_run_time, 0);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(network.tcp.sendbuffer, 131072);
c:\programme\Mozilla Firefox\greprefs\all.js - pref(geo.enabled, true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref(security.remember_cert_checkbox_default_setting, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(browser.search.param.yahoo-fr, moz35);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(browser.search.param.yahoo-fr-cjkt, moz35);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(extensions.blocklist.level, 2);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(browser.urlbar.restrict.typed, ~);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(browser.urlbar.default.behavior, 0);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.clearOnShutdown.history, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.clearOnShutdown.formdata, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.clearOnShutdown.passwords, false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.clearOnShutdown.downloads, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.clearOnShutdown.cookies, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.clearOnShutdown.cache, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.clearOnShutdown.sessions, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.clearOnShutdown.offlineApps, false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.clearOnShutdown.siteSettings, false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.cpd.history, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.cpd.formdata, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.cpd.passwords, false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.cpd.downloads, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.cpd.cookies, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.cpd.cache, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.cpd.sessions, true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.cpd.offlineApps, false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.cpd.siteSettings, false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(privacy.sanitize.migrateFx3Prefs, false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(browser.ssl_override_behavior, 2);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(security.alternate_certificate_error_page, certerror);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(browser.privatebrowsing.autostart, false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(browser.privatebrowsing.dont_prompt_on_enter, false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref(geo.wifi.uri, [url]https://www.google.com/loc/json[/url]);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2009-08-13 21:50
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - >->winlogon.exe'(688)
c:\programme\Softex\OmniPass\ginastub.dll
c:\programme\Softex\OmniPass\ssplogon.dll
c:\programme\Softex\OmniPass\cryptodll.dll
c:\programme\Softex\OmniPass\storeng.dll
c:\programme\Softex\OmniPass\autheng.dll
c:\programme\Softex\OmniPass\userdata.dll
c:\programme\Softex\OmniPass\hdddrv.dll
c:\programme\Softex\OmniPass\ldapdrv.dll
c:\programme\Softex\OmniPass\cachedrv.dll
c:\programme\Softex\OmniPass\sftxtgp.dll
c:\programme\Softex\OmniPass\mstrpwd.dll
c:\programme\Softex\OmniPass\authntec.dll
c:\windows\system32\atsc63.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\windows\system32\msls31.dll
- - - - - - - >->explorer.exe'(1224)
c:\programme\Softex\OmniPass\SCUREDLL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programme\a-squared Free\a2service.exe
c:\programme\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\windows\system32\slee81.exe
c:\programme\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programme\Google\Google Updater\GoogleUpdater.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\programme\CA\CA Internet Security Suite\ccprovsp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-08-13 22:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-08-13 20:01
Vor Suchlauf: 20 Verzeichnis(se), 54.377.185.280 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 54.258.384.896 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=Microsoft Windows Recovery Console /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=Microsoft Windows XP Home Edition /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOW2=Microsoft Windows XP Home Edition /noexecute=optin /fastdetect
355 --- E O F --- 2009-03-31 13:39