CCleaner gemacht, hier combofix log: Code:
ComboFix 09-06-26.02 - Privat 27.06.2009 17:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1180 [GMT 2:00]
ausgeführt von:: c:\users\Privat\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\users\Privat\AppData\Roaming\.#
D:\Autorun.inf
.
((((((((((((((((((((((( Dateien erstellt von 2009-05-27 bis 2009-06-27 ))))))))))))))))))))))))))))))
.
2009-06-27 15:46 . 2009-06-27 15:46 -------- d-----w- c:\users\Privat\AppData\Local\temp
2009-06-26 10:43 . 2009-06-26 10:43 -------- d-----w- C:\con
2009-06-25 16:41 . 2009-06-25 16:41 -------- d-----w- c:\users\Privat\Hotkeynew
2009-06-25 16:39 . 2009-06-25 16:39 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-06-18 11:27 . 2009-06-18 11:28 -------- d-----w- c:\program files\Hamachi
2009-06-18 11:27 . 2009-06-18 11:27 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-14 13:54 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 13:54 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 15:36 . 2009-06-12 15:37 -------- d-----w- c:\program files\trend micro
2009-06-12 15:36 . 2009-06-12 15:37 -------- d-----w- C:\rsit
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-10 23:00 . 2009-06-10 23:00 -------- d-----w- c:\program files\Microsoft XNA
2009-06-10 20:53 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 20:53 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 17:50 . 2009-06-10 17:50 1080648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-10 15:09 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 14:50 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 14:36 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-05 17:18 . 2009-06-05 17:18 -------- d-----w- c:\program files\iPod
2009-06-05 17:18 . 2009-06-05 17:18 -------- d-----w- c:\program files\iTunes
2009-06-05 17:15 . 2009-06-05 17:16 -------- d-----w- c:\program files\QuickTime
2009-06-05 17:08 . 2009-06-05 17:08 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 12:15 . 2009-06-05 12:15 -------- d-----w- c:\users\Privat\AppData\Roaming\SaintXi
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 15:30 . 2008-12-25 10:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-27 15:23 . 2008-12-25 11:21 -------- d-----w- c:\users\Privat\AppData\Roaming\Skype
2009-06-27 14:44 . 2006-11-02 15:33 620368 ----a-w- c:\windows\system32\perfh007.dat
2009-06-27 14:44 . 2006-11-02 15:33 123886 ----a-w- c:\windows\system32\perfc007.dat
2009-06-27 14:40 . 2008-12-25 11:23 -------- d-----w- c:\users\Privat\AppData\Roaming\skypePM
2009-06-27 09:52 . 2009-01-13 18:20 1 ----a-w- c:\users\Privat\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-26 19:40 . 2008-12-25 15:16 -------- d-----w- c:\users\Privat\AppData\Roaming\Hamachi
2009-06-26 17:28 . 2009-04-07 18:17 -------- d-----w- c:\program files\Warcraft III
2009-06-26 15:50 . 2009-03-12 14:32 -------- d-----w- c:\users\Privat\AppData\Roaming\tor
2009-06-26 15:50 . 2009-03-12 14:32 -------- d-----w- c:\users\Privat\AppData\Roaming\Vidalia
2009-06-25 16:29 . 2008-12-27 22:01 -------- d-----w- c:\program files\Steam
2009-06-22 16:21 . 2008-12-25 11:15 -------- d-----w- c:\users\Privat\AppData\Roaming\Xfire
2009-06-19 18:44 . 2008-12-25 11:15 -------- d-----w- c:\programdata\Xfire
2009-06-16 19:57 . 2008-12-27 22:01 -------- d-----w- c:\program files\Common Files\Steam
2009-06-16 14:11 . 2008-12-25 11:15 -------- d-----w- c:\program files\Xfire
2009-06-11 08:26 . 2008-02-19 11:05 -------- d-----w- c:\programdata\Microsoft Help
2009-06-10 15:47 . 2008-02-19 11:07 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 13:55 . 2008-12-27 20:32 680 ----a-w- c:\users\Privat\AppData\Local\d3d9caps.dat
2009-06-05 17:18 . 2008-12-27 16:11 -------- d-----w- c:\program files\Common Files\Apple
2009-05-20 16:10 . 2009-02-14 22:29 -------- d-----w- c:\users\Privat\AppData\Roaming\FileZilla
2009-05-20 16:03 . 2009-02-14 22:29 -------- d-----w- c:\program files\FileZilla FTP Client
2009-05-14 17:25 . 2009-05-14 17:25 1585608 ----a-w- c:\programdata\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2009-05-13 14:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 19:21 . 2009-05-12 19:20 -------- d-----w- c:\users\Privat\AppData\Roaming\Crayon Physics Deluxe
2009-05-12 13:58 . 2009-05-12 13:58 -------- d-----w- c:\program files\Panda Security
2009-05-11 11:38 . 2009-01-13 20:05 -------- d-----w- c:\program files\Java
2009-05-10 10:48 . 2009-05-10 10:48 -------- d-----w- c:\users\Privat\AppData\Roaming\Malwarebytes
2009-05-10 10:48 . 2009-05-10 10:48 -------- d-----w- c:\programdata\Malwarebytes
2009-05-09 19:37 . 2009-05-09 19:29 164880 ---ha-w- c:\users\Privat\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2009-05-09 09:49 . 2009-05-09 09:49 552 ----a-w- c:\users\Privat\AppData\Local\d3d8caps.dat
2009-05-06 11:38 . 2009-05-06 11:38 -------- d-----w- c:\programdata\PopCap Games
2009-05-06 11:38 . 2009-05-06 11:38 -------- d-----w- c:\programdata\Steam
2009-05-02 12:21 . 2008-12-25 11:20 -------- d-----r- c:\program files\Skype
2009-05-02 12:21 . 2008-12-25 11:20 -------- d-----w- c:\programdata\Skype
2009-05-02 12:21 . 2009-05-02 12:21 -------- d-----w- c:\program files\Common Files\Skype
2009-05-01 19:25 . 2009-02-04 19:46 -------- d-----w- c:\program files\OpenAL
2009-04-29 12:08 . 2009-04-29 12:07 -------- d-----w- c:\users\Privat\AppData\Roaming\Braid
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-20 16:30 . 2009-04-20 16:30 159744 ----a-w- c:\windows\LgxSetup.exe
2009-04-20 16:25 . 2008-12-24 23:55 74352 ----a-w- c:\users\Privat\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-16 18:17 . 2009-04-16 18:17 409600 ----a-w- c:\users\Privat\AppData\Roaming\Warsow\basewsw\tempmodules6\cgame_x86.dll
2009-04-16 18:17 . 2009-04-16 18:17 540672 ----a-w- c:\users\Privat\AppData\Roaming\Warsow\basewsw\tempmodules6\game_x86.dll
2009-04-16 18:17 . 2009-04-16 18:17 245760 ----a-w- c:\users\Privat\AppData\Roaming\Warsow\basewsw\tempmodules6\ui_x86.dll
2009-04-15 19:25 . 2009-04-15 19:25 540672 ----a-w- c:\users\Privat\AppData\Roaming\Warsow\basewsw\tempmodules7968\game_x86.dll
2009-04-11 10:54 . 2009-04-11 10:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-09 14:09 . 2009-04-09 14:09 113216 ----a-w- c:\programdata\Microsoft\VCExpress\9.0\1031\ResourceCache.dll
2009-04-09 14:08 . 2009-04-09 14:08 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1031\ResourceCache.dll
2009-04-07 18:28 . 2009-04-07 18:22 54945 ----a-w- c:\windows\War3Unin.dat
2009-04-07 18:27 . 2009-04-07 18:22 2829 ----a-w- c:\windows\War3Unin.pif
2009-04-07 18:27 . 2009-04-07 18:22 139264 ----a-w- c:\windows\War3Unin.exe
2009-04-07 17:21 . 2009-04-07 17:22 729088 ----a-w- c:\windows\iun6002.exe
2009-04-06 13:32 . 2009-05-10 10:48 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-05-10 10:48 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
"recinfo722"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2008-05-02 307200]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-12 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
c:\users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bitcomet Ultra Accelerator.lnk.disabled [2009-3-9 1062]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Privoxy.lnk.disabled [2009-3-12 981]
TMMonitor.lnk.disabled [2009-1-12 1827]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FAST Defrag"=c:\progra~1\FDF\FAST2.EXE -tray
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"boincmgr"="c:\program files\BOINC\boincmgr.exe" /a /s
"boinctray"="c:\program files\BOINC\boinctray.exe"
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{531E13A8-1619-4936-A981-94365E583413}"= UDP:c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe:FSCLBaseUpdaterService.exe
"{41847852-86EE-4E49-BDB9-A0B7F37F2C9F}"= TCP:c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe:FSCLBaseUpdaterService.exe
"{E95BB65F-A095-4BCE-948E-A5AD026569E2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0AA1576A-116E-4106-8566-85DD51D6F7EF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E85A8A4-C521-4948-B532-F638EE88A420}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{02C29596-B0CD-4305-A17E-7E989E0A7FEE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C760AC18-C9E1-45CC-90C9-38E2852A5D26}"= UDP:c:\program files\MSI\ArcSoft\TotalMedia\TotalMedia.exe:ArcSoft TotalMedia 3
"{C90B5A22-FE92-4C1E-BA5C-7806586384B1}"= TCP:c:\program files\MSI\ArcSoft\TotalMedia\TotalMedia.exe:ArcSoft TotalMedia 3
"{8D3386C8-3B53-46AA-9BF7-811B23B32937}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{A0F955EA-FE8D-4819-A9D8-40DECA0E4CC6}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{106DB37E-7493-4CDC-9E9F-0BD9615F6961}"= UDP:c:\program files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{1436EA1C-116C-4D7D-8F49-F9F5D5DAF084}"= TCP:c:\program files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{791D17A9-EEFB-40B2-B80D-55BABB2CE273}"= UDP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{62310C35-625F-49B8-8120-647982BA469F}"= TCP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{F5A45981-CA84-4CA7-8A6D-C76A3EB05A0F}"= UDP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"{0DC26A8E-E015-49FA-9715-56DDD9AEC463}"= TCP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"{9DCE8D62-8E10-4DC7-90DB-0D6201F1B08A}"= UDP:5353:Adobe CSI CS4
"{98D5A07F-107E-4CA5-A69F-2C5C703D4674}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{79A61FFC-1B37-42ED-AF0A-036B52A7BB8D}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{41C75929-739E-4C9A-831F-CCFF7C800A7D}"= UDP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{7E1E0D9E-0296-417F-B3F9-FE4B2CA4D31F}"= TCP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{7F2A3805-AB55-44C8-BD25-8B8F9BE7B374}"= UDP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{94032232-751D-4BC6-A061-F67AF2A385AC}"= TCP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{D43A4D74-5031-4647-BEAF-53D1CC3CBD36}"= UDP:d:\programme\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{B00191AE-E6C9-47D0-B1A1-BD4180DAAB03}"= TCP:d:\programme\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{CE8A08C9-ACFD-4769-85D5-58E7916567BA}"= UDP:c:\program files\Wippien\Wippien.exe:Wippien
"{ECA38A4A-FF6A-4F12-9C40-F29809C971DF}"= TCP:c:\program files\Wippien\Wippien.exe:Wippien
"{734FC633-2E8D-4EAD-8453-B190050B0099}"= UDP:c:\program files\Steam\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe:Tom Clancy's H.A.W.X - Demo
"{DFC7004A-40CF-4C60-9C93-599D154BDA1E}"= TCP:c:\program files\Steam\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe:Tom Clancy's H.A.W.X - Demo
"{D5B53A0C-02C5-4DB3-A1CC-52EA32453762}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DDA62C1D-AFCC-4314-A5DB-B8D781F79DCE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{712EE670-B727-4FA2-8752-9BC860CD029C}"= UDP:c:\program files\Steam\steamapps\common\battleforge\Bootstrapper.exe:Battleforge Demo
"{43065E7E-6D53-4539-B64F-A16032607A6C}"= TCP:c:\program files\Steam\steamapps\common\battleforge\Bootstrapper.exe:Battleforge Demo
"{57AD6DFE-86DD-43F0-A620-1B5F556E710A}"= UDP:c:\program files\Steam\steamapps\common\light of altair demo\Altair.exe:Light of Altair Demo
"{6B3BED1A-4AA6-4633-BE2D-99E41E46399E}"= TCP:c:\program files\Steam\steamapps\common\light of altair demo\Altair.exe:Light of Altair Demo
"{36E78C33-4EC8-4382-A0F7-F0A2DE9270C0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7CB5CD77-67A0-48C7-A7EB-5B366375F21A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\drivers\BtHidBus.sys [08.01.2009 00:39 20744]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [12.05.2009 15:58 28544]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090311.001\IDSvix86.sys [18.03.2009 14:37 270384]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [07.01.2009 20:52 143467]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [20.02.2009 15:22 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 19:08 533360]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25.12.2008 12:59 1153368]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07.12.2008 13:44 30088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [03.03.2009 21:30 101936]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [19.02.2008 12:44 46592]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\System32\drivers\IvtBtBus.sys [02.07.2008 15:58 26248]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [03.10.2008 15:14 37936]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [16.04.2009 22:19 17792]
S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;c:\windows\System32\drivers\CamSpaceBus.sys [24.08.2008 13:55 14848]
S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;c:\windows\System32\drivers\CamSpaceJoy.sys [24.08.2008 13:55 30464]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06.11.2007 22:22 34064]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\System32\drivers\tap0901t.sys [20.03.2009 23:04 25600]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\System32\drivers\wip0204.sys [20.03.2009 23:33 23480]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners
2009-06-26 c:\windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Privat.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Alle &Videos mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Per Mitteilung versenden(&M) ... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: Über Bluetooth senden - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\program files\Common Files\WebSpeech.4.0\LgxIEBar.dll
FF - ProfilePath - c:\users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\z5a7hic0.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\z5a7hic0.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 17:46
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
c:\users\Privat\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2882094196-3185919979-1614762989-1000\Software\SecuROM\License information*]
"datasecu"=hex:38,50,a0,24,b2,47,70,6f,70,33,69,42,60,78,1b,27,2c,58,ad,5d,8b,
a1,bd,2b,2a,c1,c0,b0,bf,fe,e5,f3,aa,3e,86,04,33,04,3d,b5,c4,bc,f8,e8,04,10,\
"rkeysecu"=hex:0a,2e,dd,ad,16,03,b3,6c,52,1b,41,80,1b,f3,5e,75
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2009-06-27 17:51
ComboFix-quarantined-files.txt 2009-06-27 15:50
Vor Suchlauf: 8.899.129.344 Bytes frei
Nach Suchlauf: 8.985.382.912 Bytes frei
267 --- E O F --- 2009-06-26 09:49 |