Trojaner-Board - Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr

bitteschön

Combofix Logfile:
Code:
ComboFix 11-04-26.05 - Agent Zero 27.04.2011  19:32:32.1.1 - x86

Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.1015.293 [GMT 2:00]

ausgeführt von:: c:\users\Agent Zero\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Dealio Toolbar

c:\program files\Dealio Toolbar\FF\chrome.manifest

c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js

c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul

c:\program files\Dealio Toolbar\FF\chrome\content\login.js

c:\program files\Dealio Toolbar\FF\chrome\content\login.xul

c:\program files\Dealio Toolbar\FF\chrome\content\parser.js

c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js

c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js

c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul

c:\program files\Dealio Toolbar\FF\chrome\content\utils.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul

c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js

c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd

c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd

c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties

c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css

c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css

c:\program files\Dealio Toolbar\FF\install.rdf

c:\program files\Dealio Toolbar\IE\4.3\config.ini

c:\program files\Dealio Toolbar\IE\4.3\deALiotoolbarie.dll

c:\program files\Dealio Toolbar\Res\amazon.gif

c:\program files\Dealio Toolbar\Res\apple.gif

c:\program files\Dealio Toolbar\Res\barnes.gif

c:\program files\Dealio Toolbar\Res\bestbuy.gif

c:\program files\Dealio Toolbar\Res\dealio_logo.gif

c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif

c:\program files\Dealio Toolbar\Res\ebay.gif

c:\program files\Dealio Toolbar\Res\icon_settings.gif

c:\program files\Dealio Toolbar\Res\macys.gif

c:\program files\Dealio Toolbar\Res\newegg.gif

c:\program files\Dealio Toolbar\Res\overstock.gif

c:\program files\Dealio Toolbar\Res\search-button-hover.gif

c:\program files\Dealio Toolbar\Res\search-button.gif

c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif

c:\program files\Dealio Toolbar\Res\search-chevron.gif

c:\program files\Dealio Toolbar\Res\search_amazon.gif

c:\program files\Dealio Toolbar\Res\search_dealio.gif

c:\program files\Dealio Toolbar\Res\search_ebay.gif

c:\program files\Dealio Toolbar\Res\search_yahoo.gif

c:\program files\Dealio Toolbar\Res\target.gif

c:\program files\Dealio Toolbar\Res\walmart.gif

c:\program files\Dealio Toolbar\Res\widgets.xml

c:\program files\Dealio Toolbar\WidgiHelper.exe

c:\program files\Mozilla Firefox\extensions\dealio@mybrowserbar.com

D:\Autorun.inf

.

Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert 

Kopie von - Kitty had a snack :p wurde wiederhergestellt 

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-27 bis 2011-04-27  ))))))))))))))))))))))))))))))

.

.

2011-04-27 17:45 . 2011-04-27 17:45        --------        d-----w-        c:\users\Agent Zero\AppData\Local\temp

2011-04-27 16:46 . 2011-04-27 16:46        --------        d-----w-        c:\users\Agent Zero\AppData\Local\DDMSettings

2011-04-27 16:41 . 2011-04-27 16:42        --------        d-----w-        c:\program files\Common Files\DivX Shared

2011-04-26 18:52 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll

2011-04-26 18:52 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll

2011-04-26 18:52 . 2011-03-12 21:55        876032        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-04-26 18:39 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{985B67E8-B707-4C67-B62E-A6A35051F794}\mpengine.dll

2011-04-25 18:42 . 2007-09-17 13:53        21632        ----a-w-        c:\windows\system32\drivers\pccsmcfd.sys

2011-04-25 18:40 . 2009-03-20 08:01        12160        ----a-w-        c:\windows\system32\drivers\ss_bcmnt.sys

2011-04-25 18:40 . 2009-03-20 08:01        12160        ----a-w-        c:\windows\system32\drivers\ss_bcm.sys

2011-04-25 18:40 . 2009-03-20 08:01        90112        ----a-w-        c:\windows\system32\drivers\ss_bbus.sys

2011-04-25 18:40 . 2009-03-20 08:01        14976        ----a-w-        c:\windows\system32\drivers\ss_bmdfl.sys

2011-04-25 18:40 . 2009-03-20 08:01        121856        ----a-w-        c:\windows\system32\drivers\ss_bmdm.sys

2011-04-25 18:40 . 2009-03-20 08:01        12160        ----a-w-        c:\windows\system32\drivers\ss_bwhnt.sys

2011-04-25 18:40 . 2009-03-20 08:01        12160        ----a-w-        c:\windows\system32\drivers\ss_bwh.sys

2011-04-25 18:35 . 2011-04-25 19:22        --------        d-----w-        c:\program files\PC Connectivity Solution

2011-04-25 18:34 . 2011-04-25 19:23        --------        d-----w-        c:\program files\Samsung

2011-04-22 19:03 . 2011-04-24 08:45        --------        d-----w-        C:\_OTL

2011-04-22 18:25 . 2011-04-22 18:25        --------        d-----w-        c:\program files\7-Zip

2011-04-22 15:23 . 2011-04-22 15:23        --------        d-----w-        c:\users\Agent Zero\AppData\Roaming\Malwarebytes

2011-04-22 15:23 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-22 15:23 . 2011-04-22 15:23        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-22 15:23 . 2011-04-22 15:23        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-04-22 13:35 . 2011-04-22 13:35        --------        d-----w-        c:\users\Agent Zero\AppData\Roaming\Avira

2011-04-13 12:11 . 2011-02-16 14:02        292864        ----a-w-        c:\windows\system32\atmfd.dll

2011-04-13 12:09 . 2011-02-17 06:23        420864        ----a-w-        c:\windows\system32\vbscript.dll

2011-04-13 12:09 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-25 18:54 . 2007-10-25 16:26        5632        ----a-w-        c:\windows\system32\drivers\StarOpen.sys

2011-03-04 15:11 . 2011-03-17 22:04        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-03-04 13:36 . 2011-03-17 22:04        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-03-03 15:40 . 2011-04-26 18:52        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll

2011-03-03 15:40 . 2011-04-26 18:52        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll

2011-03-03 15:40 . 2011-04-26 18:52        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2011-03-03 15:40 . 2011-04-26 18:52        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll

2011-03-02 02:15 . 2011-03-02 02:15        98392        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys

2011-02-22 14:13 . 2011-03-23 14:41        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-02-22 13:33 . 2011-03-23 14:41        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2011-02-22 13:33 . 2011-03-23 14:41        797696        ----a-w-        c:\windows\system32\FntCache.dll

2011-02-02 16:11 . 2009-10-02 17:39        222080        ------w-        c:\windows\system32\MpSigStub.exe

.

.

------- Sigcheck -------

.

[7] 2006-11-02 . AC3DD1708B22761EBD7CBE14DCC3B5D7 . 6144 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

.

c:\windows\System32\drivers\beep.sys ... Fehlt !!

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-08-26 09:32        279944        ----a-w-        c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56361A71-4E9F-401D-9E12-8AEAA3D7A672}]

2010-08-19 17:16        434288        ----a-w-        c:\program files\MakeItLive\makeitlive_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

"{56361A71-4E9F-401D-9E12-8AEAA3D7A672}"= "c:\program files\MakeItLive\makeitlive_toolbar.dll" [2010-08-19 434288]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CLASSES_ROOT\clsid\{56361a71-4e9f-401d-9e12-8aeaa3d7a672}]

[HKEY_CLASSES_ROOT\MakeItLive.PugiObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{788202E4-BC14-42BD-BC26-644E440BFCD4}]

[HKEY_CLASSES_ROOT\MakeItLive.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

"{56361A71-4E9F-401D-9E12-8AEAA3D7A672}"= "c:\program files\MakeItLive\makeitlive_toolbar.dll" [2010-08-19 434288]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CLASSES_ROOT\clsid\{56361a71-4e9f-401d-9e12-8aeaa3d7a672}]

[HKEY_CLASSES_ROOT\MakeItLive.PugiObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{788202E4-BC14-42BD-BC26-644E440BFCD4}]

[HKEY_CLASSES_ROOT\MakeItLive.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 129560]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]

"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2005-10-18 1560576]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2007-06-08 08:04        49152        ----a-r-        c:\windows\System32\DeviceNP.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk

backup=c:\windows\pss\DVD Check.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=c:\windows\pss\Exif Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

2011-01-28 16:36        526336        ----a-w-        c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]

2010-04-08 07:14        104408        ----a-w-        c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]

2008-01-29 15:38        583048        ----a-w-        c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2008-01-18 10:31        1033512        ----a-w-        c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]

2010-04-27 16:06        138072        ----a-w-        c:\program files\Join Air\UIExec.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]

R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]

R3 FLCDLOCK;HP ProtectTools Gerätesperre/Überwachung;c:\windows\system32\flcdlock.exe [2007-06-08 172131]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]

R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2005-10-18 264704]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-05 9216]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 ui11rdr;ui11rdr;c:\windows\system32\DRIVERS\ui11rdr.sys [2008-07-28 272384]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]

S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-05-08 540448]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-03-18 92008]

S2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [2010-04-27 247152]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

bthsvcs        REG_MULTI_SZ           BthServ

rsmsvcs        REG_MULTI_SZ           ntmssvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 12:23        452136        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996018015-1197503730-368022858-1006Core.job

- c:\users\geena\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-25 14:11]

.

2011-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996018015-1197503730-368022858-1006UA.job

- c:\users\geena\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-25 14:11]

.

2011-04-27 c:\windows\Tasks\User_Feed_Synchronization-{4558F31D-3F71-4684-AD34-C18780750A27}.job

- c:\windows\system32\msfeedssync.exe [2011-04-13 04:43]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 5.0\resources\de-de\local\search.html

IE: Free YouTube Download - c:\users\Agent Zero\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\Agent Zero\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Handler: makeitlivechrome - {51472043-0170-45F9-BCCF-19FCFC676D18} - c:\program files\MakeItLive\makeitlive_toolbar.dll

FF - ProfilePath - c:\users\Agent Zero\AppData\Roaming\Mozilla\Firefox\Profiles\0pmc3l2j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

MSConfigStartUp-osidfjklsdw - c:\osidfjklsdw\osidfjklsdw.exe

AddRemove-1&1 Upload-Manager - g:\program files\1&1\1&1 Upload-Manager\uninst.exe

AddRemove-7-Zip - g:\7-zip\Uninstall.exe

AddRemove-AOL Toolbar - c:\program files\AOL\AOL Toolbar 5.0\uninstall.exe

AddRemove-Free DVD Video Burner_is1 - g:\free dvd video burner\unins000.exe

AddRemove-Free FLV Converter_is1 - g:\free flv converter\unins000.exe

AddRemove-Free Studio_is1 - g:\free studio\unins000.exe

AddRemove-Free YouTube to MP3 Converter_is1 - h:\free youtube to mp3 converter\unins000.exe

AddRemove-VLC media player - h:\vlc\uninstall.exe

AddRemove-vShare - c:\program files\vShare\UNINSTALL.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-04-27 19:45

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2011-04-27  19:52:19

ComboFix-quarantined-files.txt  2011-04-27 17:52

.

Vor Suchlauf: 17 Verzeichnis(se), 48.904.183.808 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 48.926.334.976 Bytes frei

.

- - End Of File - - 0B953D2F0E461472C412B9966446A6A2
--- --- ---