ComboFix 11-06-26.01 - Silvia 27.06.2011 7:37.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.2233 [GMT 2:00] ausgeführt von:: c:\users\Silvia\Desktop\Combo-Fix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Recycle.Bin c:\users\Silvia\AppData\Roaming\Local c:\users\Silvia\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr c:\users\Silvia\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr c:\users\Silvia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx c:\users\Silvia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx c:\users\Silvia\Desktop\Windows Restore.lnk c:\windows\system32\muzapp.exe c:\windows\system32\system32 c:\windows\system32\system32\3DAudio.ax c:\windows\system32\system32\cis-2.4.dll c:\windows\system32\system32\issacapi_bs-2.3.dll c:\windows\system32\system32\issacapi_pe-2.3.dll c:\windows\system32\system32\issacapi_se-2.3.dll c:\windows\system32\system32\MACXMLProto.dll c:\windows\system32\system32\MaDRM.dll c:\windows\system32\system32\MaJGUILib.dll c:\windows\system32\system32\MAMACExtract.dll c:\windows\system32\system32\MASetupCleaner.exe c:\windows\system32\system32\MaXMLProto.dll c:\windows\system32\system32\MK_Lyric.dll c:\windows\system32\system32\MSCLib.dll c:\windows\system32\system32\MSFLib.dll c:\windows\system32\system32\MSLUR71.dll c:\windows\system32\system32\msvcp60.dll c:\windows\system32\system32\MTTELECHIP.dll c:\windows\system32\system32\MTXSYNCICON.dll c:\windows\system32\system32\muzaf1.dll c:\windows\system32\system32\muzapp.dll c:\windows\system32\system32\muzapp.exe c:\windows\system32\system32\muzdecode.ax c:\windows\system32\system32\muzeffect.ax c:\windows\system32\system32\muzmp4sp.ax c:\windows\system32\system32\muzmpgsp.ax c:\windows\system32\system32\muzoggsp.ax c:\windows\system32\system32\muzwmts.dll c:\windows\system32\system32\psapi.dll . Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert Kopie von - Kitty had a snack :p wurde wiederhergestellt . ((((((((((((((((((((((( Dateien erstellt von 2011-05-27 bis 2011-06-27 )))))))))))))))))))))))))))))) . . 2011-06-27 05:47 . 2011-06-27 05:48 -------- d-----w- c:\users\Silvia\AppData\Local\temp 2011-06-27 05:47 . 2011-06-27 05:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-27 05:24 . 2011-06-27 05:28 -------- d-----w- C:\32788R22FWJFW 2011-06-25 19:35 . 2011-06-25 19:39 -------- d-----w- c:\program files\Windows Live 2011-06-25 19:33 . 2011-06-25 19:33 -------- d-----w- c:\users\Silvia\AppData\Local\Windows Live 2011-06-25 19:33 . 2011-06-25 19:33 -------- d-----w- c:\program files\Common Files\Windows Live 2011-06-25 19:32 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll 2011-06-25 19:25 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2011-06-25 19:22 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-06-25 19:22 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-06-25 19:21 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-06-25 19:21 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-06-25 19:19 . 2011-06-25 19:19 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-25 19:19 . 2011-06-25 19:19 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-25 14:30 . 2011-06-25 14:30 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-25 14:26 . 2011-06-25 20:09 -------- d-----w- c:\programdata\Lavasoft 2011-06-20 16:58 . 2011-06-20 16:58 388096 ----a-r- c:\users\Silvia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-20 16:58 . 2011-06-20 16:58 -------- d-----w- c:\program files\HiJack 2011-06-20 16:39 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-06-20 16:39 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-06-20 16:39 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-06-20 16:39 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2011-06-20 16:39 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2011-06-20 16:39 . 2011-06-20 18:31 -------- d-----w- c:\program files\Trojan Remover 2011-06-20 16:39 . 2011-06-20 16:39 -------- d-----w- c:\users\Silvia\AppData\Roaming\Simply Super Software 2011-06-20 16:39 . 2011-06-20 16:39 -------- d-----w- c:\programdata\Simply Super Software 2011-06-18 18:24 . 2011-06-18 18:24 -------- d-----w- c:\program files\Common Files\Adobe 2011-06-18 05:53 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-18 05:53 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-18 05:53 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-16 04:28 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-16 04:28 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-16 04:28 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-16 04:28 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-16 04:28 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-16 04:28 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-16 04:28 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-16 04:28 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-16 04:28 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-05 13:59 . 2011-06-20 15:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-27 05:32 . 2008-12-17 04:15 45056 ----a-w- c:\windows\system32\acovcnt.exe 2011-06-25 19:35 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-11 19:00 . 2011-05-09 18:07 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-05-01 06:20 . 2011-05-01 06:20 161792 ----a-w- c:\windows\system32\msls31.dll 2011-05-01 06:20 . 2011-05-01 06:20 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-05-01 06:20 . 2011-05-01 06:20 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-05-01 06:20 . 2011-05-01 06:20 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-05-01 06:20 . 2011-05-01 06:20 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-05-01 06:20 . 2011-05-01 06:20 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-05-01 06:20 . 2011-05-01 06:20 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-05-01 06:20 . 2011-05-01 06:20 367104 ----a-w- c:\windows\system32\html.iec 2011-05-01 06:20 . 2011-05-01 06:20 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-05-01 06:20 . 2011-05-01 06:20 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-05-01 06:20 . 2011-05-01 06:20 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-05-01 06:20 . 2011-05-01 06:20 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-05-01 06:20 . 2011-05-01 06:20 152064 ----a-w- c:\windows\system32\wextract.exe 2011-05-01 06:20 . 2011-05-01 06:20 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-05-01 06:20 . 2011-05-01 06:20 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-05-01 06:20 . 2011-05-01 06:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-05-01 06:20 . 2011-05-01 06:20 11776 ----a-w- c:\windows\system32\mshta.exe 2011-05-01 06:20 . 2011-05-01 06:20 101888 ----a-w- c:\windows\system32\admparse.dll 2011-05-01 06:20 . 2011-05-01 06:20 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-05-01 06:18 . 2011-05-01 06:18 98816 ----a-w- c:\windows\system32\mfps.dll 2011-05-01 06:18 . 2011-05-01 06:18 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2011-05-01 06:18 . 2011-05-01 06:18 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll 2011-05-01 06:18 . 2011-05-01 06:18 302592 ----a-w- c:\windows\system32\mfmp4src.dll 2011-05-01 06:18 . 2011-05-01 06:18 2873344 ----a-w- c:\windows\system32\mf.dll 2011-05-01 06:18 . 2011-05-01 06:18 261632 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-05-01 06:18 . 2011-05-01 06:18 586240 ----a-w- c:\windows\system32\stobject.dll 2011-05-01 06:18 . 2011-05-01 06:18 209920 ----a-w- c:\windows\system32\mfplat.dll 2011-05-01 06:18 . 2011-05-01 06:18 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-05-01 06:18 . 2011-05-01 06:18 478720 ----a-w- c:\windows\system32\dxgi.dll 2011-05-01 06:18 . 2011-05-01 06:18 37376 ----a-w- c:\windows\system32\cdd.dll 2011-05-01 06:18 . 2011-05-01 06:18 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-05-01 06:18 . 2011-05-01 06:18 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-05-01 06:18 . 2011-05-01 06:18 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2011-05-01 06:18 . 2011-05-01 06:18 258048 ----a-w- c:\windows\system32\winspool.drv 2011-04-11 07:04 . 2011-05-06 17:11 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5B04B9F-5BAC-4173-893E-2A77D76D207C}\mpengine.dll 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-31 03:00 . 2011-05-10 18:21 516216 ----a-w- c:\windows\system32\drivers\N360\0501000.01D\srtsp.sys 2011-03-31 03:00 . 2011-05-10 18:21 50168 ----a-w- c:\windows\system32\drivers\N360\0501000.01D\srtspx.sys 2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll 2011-06-25 19:19 . 2011-04-18 15:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-05-11 934800] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-05-11 3373968] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-05-11 19856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-12-17 47672] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-12-17 33136] "Skytel"="Skytel.exe" [2008-08-12 1833504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-07-05 1167296] . c:\users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c98b6a83a44d38;Google Update Service (gupdate1c98b6a83a44d38);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-12-19 4352] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x] R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-12-19 265088] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104] R3 PLISp50;PLISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PLISp50.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680] R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-12-21 98560] R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-12-21 14848] R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-12-21 123648] R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-12-21 100352] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-04-16 40368] S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-21 691696] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [2011-05-19 810616] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110624.050\IDSvix86.sys [2011-06-03 367736] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2010-11-16 136312] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS [2011-03-22 331384] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608] S2 Lotus Notes Diagnostics;Lotus Notes-Diagnose;c:\program files\IBM\Lotus\Notes\nsd.exe [2010-08-05 3417480] S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-11-16 48128] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}] 2009-03-04 14:32 8192 ---ha-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Inhalt des "geplante Tasks" Ordners . 2011-06-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 17:02] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 10:29] . 2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 10:29] . 2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3773735896-3670919373-2026448953-1000Core.job - c:\users\Silvia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 17:55] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3773735896-3670919373-2026448953-1000UA.job - c:\users\Silvia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 17:55] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = fritz.box;*.local IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\pydl34vh.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: network.proxy.type - 2 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-Mozilla Firefox (3.0.10) - i:\system\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\uninstall\helper.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-27 07:48 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . . C:\ADSM_PData_0150 . Scan erfolgreich abgeschlossen versteckte Dateien: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2011-06-27 08:01:24 ComboFix-quarantined-files.txt 2011-06-27 06:01 . Vor Suchlauf: 6 Verzeichnis(se), 36.194.086.912 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 36.803.801.088 Bytes frei . - - End Of File - - 6E2B009C74A4589DA7FD814D2107E901