JAAA, es sind wieder alle Dateien sichtbar. Auch im Startmenu :):)
Herzlichsten Dank! Der Combo Fix hat soweit geklappt. Hier das
Logfile. Code:
ComboFix 11-04-13.04 - Daniel 14.04.2011 15:49:58.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1031.18.3326.1845 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\cofi.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pdfforge Toolbar\pdFForgetoolbarie.dll
c:\program files\pdfforge Toolbar\SeARchsettings.dll
c:\programdata\Adobe Systems
c:\programdata\Adobe Systems\Product licenses\B302D000.dat
c:\users\Daniel\AppData\Roaming\Adobe\plugs
c:\users\Daniel\AppData\Roaming\Adobe\shed
c:\users\Daniel\AppData\Roaming\ezplay.sys
c:\users\Daniel\AppData\Roaming\FFSJ
c:\users\Daniel\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Daniel\AppData\Roaming\inst.exe
c:\users\Daniel\AppData\Roaming\pcouffin.sys
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\install.exe
c:\windows\system32\msvbvtbsr.dll
c:\windows\system32\ReadMe.txt
c:\windows\XSxS
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-14 bis 2011-04-14 ))))))))))))))))))))))))))))))
.
.
2011-04-22 16:36 . 2011-04-22 16:50 -------- d--h--w- c:\users\Daniel\AppData\Roaming\CD Art Display
2011-04-22 16:36 . 2009-09-05 18:28 69632 ---ha-w- c:\windows\cadSSaver.scr
2011-04-22 16:36 . 2003-01-27 12:27 94208 ---ha-w- c:\windows\system32\wmpuice.dll
2011-04-14 11:25 . 2011-04-14 11:25 -------- d-----w- c:\users\Daniel\AppData\Local\{3DFF2B66-D81C-4D3D-9C49-784BC6AECEF6}
2011-04-13 19:45 . 2011-04-14 11:17 879400 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-13 17:19 . 2011-04-13 17:19 -------- d-----w- c:\users\Daniel\AppData\Local\{3053ADE2-B98D-42F2-8217-D0F20798665F}
2011-04-13 15:10 . 2011-04-13 15:10 -------- d-----w- C:\_OTL
2011-04-12 21:43 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-12 19:14 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 19:14 . 2011-04-12 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 19:14 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 12:09 . 2011-04-10 12:09 -------- d--h--w- c:\users\Daniel\AppData\Local\FontCreator
2011-04-10 12:09 . 2011-04-10 12:22 -------- d--h--w- c:\users\Daniel\AppData\Roaming\FontCreator
2011-04-10 10:21 . 2011-04-10 18:22 -------- d--h--w- c:\users\Daniel\Desktop Backup
2011-04-10 10:14 . 2010-01-06 11:13 506368 ---ha-w- c:\windows\system32\sqlite3.dll
2011-04-10 10:12 . 2011-04-10 10:17 -------- d--h--w- c:\users\Daniel\AppData\Roaming\Rainmeter
2011-04-08 14:58 . 2011-04-08 14:58 -------- d--h--w- c:\users\Daniel\AppData\Local\{5013EB7B-6E48-46AA-B462-8CA07972FDF3}
2011-04-07 13:17 . 2011-04-07 13:18 -------- d--h--w- c:\users\Daniel\AppData\Local\{EFB03396-6F5F-47F4-AF4D-E93303F65884}
2011-04-06 17:53 . 2011-04-06 17:53 -------- d--h--w- c:\users\Daniel\AppData\Local\{8836FA2F-280B-49C0-AB59-2341A148E93F}
2011-04-05 18:39 . 2011-04-05 18:40 -------- d--h--w- c:\users\Daniel\AppData\Local\{845D655F-8206-4D7A-B232-61AEA3801158}
2011-04-04 16:04 . 2011-04-04 16:04 -------- d--h--w- c:\users\Daniel\AppData\Local\{8CA62E4A-5208-4D8C-AAA0-0079E966645C}
2011-04-03 09:43 . 2011-04-03 09:43 -------- d--h--w- c:\users\Daniel\AppData\Local\{9650D6D0-DBD7-4F53-AA9C-48DBCA72ADED}
2011-04-02 11:22 . 2011-04-02 11:22 -------- d--h--w- c:\users\Daniel\AppData\Local\{C0DE76CA-12A0-43A3-AECD-FDFF6D343B27}
2011-04-01 07:47 . 2011-04-01 07:48 -------- d--h--w- c:\users\Daniel\AppData\Local\{BCB40123-1D4B-4552-BCE7-842D1404FB3E}
2011-03-31 15:13 . 2011-03-31 15:13 -------- d--h--w- c:\users\Daniel\AppData\Local\{DE58054B-7FA0-46C4-993E-59F18D7F9D86}
2011-03-30 17:05 . 2011-03-30 17:05 -------- d--h--w- c:\users\Daniel\AppData\Local\{21768AF1-9AEC-4E1A-8A75-B52E16E04468}
2011-03-29 17:04 . 2011-03-29 17:05 -------- d--h--w- c:\users\Daniel\AppData\Local\{7D8DCAA7-6CAC-44B6-93A7-0FBD78A5CA87}
2011-03-28 17:53 . 2011-03-28 17:53 -------- d--h--w- c:\users\Daniel\AppData\Local\{B1379F96-D63B-422F-9E01-C1DEBE70B07C}
2011-03-27 13:19 . 2011-03-27 13:19 -------- d--h--w- c:\users\Daniel\AppData\Local\{FB190D08-B318-428A-B153-CEF0E7D35BB4}
2011-03-26 14:50 . 2011-03-26 14:51 -------- d--h--w- c:\users\Daniel\AppData\Local\{3DD98622-FC66-4C4E-AE04-F6FE0CE2B852}
2011-03-25 12:22 . 2011-03-25 12:22 -------- d--h--w- c:\users\Daniel\AppData\Local\{1E50BA37-7E3C-45A9-83A0-394CBAAAB437}
2011-03-24 21:36 . 2011-03-24 21:37 -------- d--h--w- c:\users\Daniel\AppData\Local\{F7E2855C-47DF-433F-8643-1B56F03C3157}
2011-03-24 09:36 . 2011-03-24 09:36 -------- d--h--w- c:\users\Daniel\AppData\Local\{6063EAB0-D0D9-4B98-94EE-CD922589AFE0}
2011-03-23 10:06 . 2011-03-23 10:06 -------- d--h--w- c:\users\Daniel\AppData\Local\{670DB61A-E2E7-4247-80B1-BD241BB79DBD}
2011-03-22 19:31 . 2011-03-22 19:31 -------- d--h--w- c:\users\Daniel\AppData\Local\{F3B35707-BC22-4B2B-8CC3-FE7B9A381939}
2011-03-21 19:28 . 2011-03-21 19:28 189248 ---ha-w- c:\windows\system32\PnkBstrB.exe
2011-03-21 19:28 . 2011-03-21 19:28 75136 ---ha-w- c:\windows\system32\PnkBstrA.exe
2011-03-21 19:28 . 2011-03-21 19:28 -------- d--h--w- c:\users\Daniel\AppData\Roaming\PunkBuster
2011-03-21 13:35 . 2011-03-21 13:36 -------- d--h--w- c:\users\Daniel\AppData\Local\{AA70CE0D-1E35-4599-8020-384072341BFA}
2011-03-18 11:36 . 2011-03-18 11:36 -------- d--h--w- c:\users\Daniel\AppData\Local\{31EDE5E4-DD44-4645-AA7B-32B2E225C346}
2011-03-16 18:50 . 2011-03-16 18:50 -------- d--h--w- c:\users\Daniel\AppData\Local\{E7930CA0-B070-420A-866C-2957ABE6E00F}
2011-03-15 16:46 . 2011-03-15 16:47 -------- d--h--w- c:\users\Daniel\AppData\Local\{B91DB9FD-0F57-4BA9-AD01-E11BAD74E68C}
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 17:17 . 2011-03-13 17:17 94208 ---ha-w- c:\windows\system32\drivers\ezplay.sys
2011-03-09 09:49 . 2010-06-24 10:33 18328 ---ha-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-07 09:57 . 2011-03-07 09:57 1222408 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-23 14:04 . 2010-07-30 15:12 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2010-05-15 17:58 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2010-05-15 17:59 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2010-05-15 17:59 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-05-15 17:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:55 . 2010-05-15 17:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 13:54 . 2010-05-15 17:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-21 14:32 . 2008-01-21 02:21 57400 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2011-02-08 12:36 . 2011-02-08 12:36 22656 ---ha-w- c:\windows\system32\drivers\droidcam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- d:\avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\rocketdock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="d:\daemon tools lite\daemon.exe" [2008-12-29 687560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-01-20 1702912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-22 7289376]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2009-06-15 202328]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 141312]
"avast5"="d:\avast5\avastUI.exe" [2011-02-23 3451496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"CloneCDTray"="d:\slysoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
Rainmeter.lnk - d:\rainmeter\Rainmeter.exe [2011-2-6 99840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CLS 2011.10.lnk - c:\windows\Installer\{40CE80E6-4E55-489B-A271-40724510F703}\NewShortcut11.70787B93_F30E_4877_AFB6_34DDA9EE532D.exe [2011-1-11 65536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43 640376 ----a-w- d:\acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 00:25 37232 ----a-w- d:\acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- d:\acrobat reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ---ha-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-09-02 04:52 205256 ----a-w- d:\alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allway Sync]
2009-10-22 13:27 79568 ----a-w- d:\allway sync\Bin\syncappw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 14:35 202024 ---ha-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:23 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoodSync]
2010-01-22 21:31 3823288 ----a-w- d:\goodsync\GoodSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 19:59 421160 ----a-w- d:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 13:55 323584 ---ha-w- c:\windows\PixArt\i-Look110\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ---ha-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor]
2011-01-20 09:26 1702912 ---ha-w- c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2009-05-06 11:58 306088 ----a-w- d:\gta 4\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-01-05 14:39 336896 ----a-w- d:\sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-02-22 11:42 26101032 ---ha-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-10 11:26 149280 ---ha-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- d:\tomtom home 2\HOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- d:\unlocker\UnlockerAssistant.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DVBVRecorder;DVBViewer Recording Service;d:\dvbviewer\DVBVservice.exe [2010-10-16 617600]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
R2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;d:\autodesk inventor\Moldflow\bin\mitsijm.exe [2010-01-23 462336]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys [x]
R3 GA622T;NETGEAR GA622T Gigabit UTP Adapter;c:\windows\system32\DRIVERS\GA622ND5.SYS [2001-12-05 34516]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-07-17 13224]
R3 PAC207;i-Look 110;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\sisoftware sandra lite 2011\RpcAgentSrv.exe [2009-08-17 93848]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-10 19968]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-23 150568]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-19 717296]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2009-09-23 150528]
S2 MSSQL$ECSQLEXPRESS;SQL Server (ECSQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 AbilisT;EyeTV DTT Deluxe (2009) Service;c:\windows\system32\DRIVERS\AbilisBdaTuner.sys [2009-12-08 122720]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-08-16 100368]
S3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2011-02-08 22656]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-17 27632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\el7i34hd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKCU-Run-Power Off Monitor - d:\power monitor off\PowerMonitorOff.exe
MSConfigStartUp-MsnMsgr - c:\progra~1\MSNMES~1\msnmsgr.exe
MSConfigStartUp-StickyNotes - d:\stickynotes\StickyNotes.exe
MSConfigStartUp-SyncroNaut Timer - d:\syncronaut\SYSTEM\Timer4.exe
AddRemove-WOLAPI - d:\alarmstufe rot 2\Internetkomponenten\UnstllAP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-14 15:55
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\## aswSnx private storage
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-651202421-3400200994-3118346361-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,49,ff,36,ce,0a,a7,ad,8d,c4,32,18,21,f3,c2,a4,b5,f7,a3,4c,cb,
fb,5d,36,4b,be,35,76,e9,e3,16,04,72,88,0e,2a,fe,b4,51,62,6a,bb,35,43,bb,b6,\
"rkeysecu"=hex:0c,71,d8,90,96,28,f2,c2,b9,d2,fe,c6,78,73,ba,ec
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-14 15:57:28
ComboFix-quarantined-files.txt 2011-04-14 13:57
.
Vor Suchlauf: 9.816.408.064 Bytes frei
Nach Suchlauf: 9.747.030.016 Bytes frei
.
- - End Of File - - 964BDD1E0074D8F6538245237A602463
Gibts noch weiteres zu tun? :) |
