okay, habs nochmal als Admin nach dem Neustart gemacht. Hat soweit alles geklappt. Aber Antivir meldet immer noch den Trojaner.
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 10-08-11.04 - yyyyyyy 12.08.2010 9:28.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1981 [GMT 2:00]
ausgeführt von:: c:\users\........\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\........\Downloads\cfscript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\System32\png777fh.dll"
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-12 bis 2010-08-12 ))))))))))))))))))))))))))))))
.
2010-08-12 07:35 . 2010-08-12 07:37 -------- d-----w- c:\users\yyyyyyy\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\TEMP.diavolo\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\TEMP.diavolo.001\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\TEMP.diavolo.000\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\........\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-11 11:34 . 2010-08-11 11:34 -------- d-----w- c:\users\........\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-08-11 08:59 . 2010-08-11 08:59 -------- d-----w- c:\users\........\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-11 08:59 . 2010-08-11 08:59 -------- d-----w- c:\users\........\AppData\Roaming\Adobe Mini Bridge CS5
2010-08-09 14:31 . 2010-08-09 14:31 -------- d-----w- c:\users\yyyyyyy\AppData\Roaming\Malwarebytes
2010-08-07 11:04 . 2010-08-07 11:04 -------- d-----w- c:\programdata\F-Secure
2010-08-06 16:03 . 2010-08-06 16:03 -------- d-----w- c:\users\yyyyyyy\AppData\Roaming\Avira
2010-08-06 15:46 . 2010-08-06 15:46 -------- d-----w- c:\program files\Trend Micro
2010-08-06 15:44 . 2010-08-06 15:44 -------- d-----w- c:\users\........\AppData\Roaming\Malwarebytes
2010-08-06 14:13 . 2010-08-06 14:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-06 11:50 . 2010-08-06 11:50 -------- d-----w- c:\users\........\Neuer Ordner
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 07:38 . 2010-03-14 07:19 52789 ----a-w- c:\programdata\nvModes.dat
2010-08-12 07:36 . 2010-02-16 16:26 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-11 13:08 . 2006-11-02 15:33 633360 ----a-w- c:\windows\system32\perfh007.dat
2010-08-11 13:08 . 2006-11-02 15:33 127170 ----a-w- c:\windows\system32\perfc007.dat
2010-08-11 11:35 . 2009-11-04 12:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-09 16:29 . 2010-04-26 06:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 11:51 . 2007-09-28 12:04 -------- d-----w- c:\program files\Java
2010-08-09 07:12 . 2010-05-07 09:14 -------- d-----w- c:\program files\CCleaner
2010-08-06 16:02 . 2007-09-14 17:25 159296 ----a-w- c:\users\yyyyyyy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-06 15:54 . 2010-06-24 10:26 -------- d-----w- c:\program files\pdfforge Toolbar
2010-08-06 14:20 . 2007-09-16 08:56 159296 ----a-w- c:\users\........\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-06 13:53 . 2007-05-30 12:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-03 16:20 . 2007-12-27 08:57 -------- d-----w- c:\users\........\AppData\Roaming\LPC
2010-08-02 07:16 . 2008-12-22 11:45 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-17 03:00 . 2010-05-21 06:35 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 14:48 . 2007-12-21 14:00 -------- d-----w- c:\program files\Opera
2010-06-24 10:53 . 2010-01-21 08:20 -------- d-----w- c:\program files\PDFCreator
2010-06-24 10:26 . 2010-06-24 10:26 -------- d-----w- c:\program files\Application Updater
2010-06-16 09:12 . 2010-06-16 09:10 -------- d-----w- c:\program files\ElsterFormular
2010-06-16 09:11 . 2010-06-16 09:11 -------- d-----w- c:\programdata\elsterformular
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-26 17:06 . 2010-06-09 16:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 16:26 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 08:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 08:37 . 2010-05-21 08:37 716800 ----a-w- c:\windows\system32\lxter20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 69632 ----a-w- c:\windows\system32\PXTTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 557056 ----a-w- c:\windows\system32\zvkonline80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 4661248 ----a-w- c:\windows\system32\LxXtreme70VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 27648 ----a-w- c:\windows\system32\LXTPSW20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 1347584 ----a-w- c:\windows\system32\LXTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 110592 ----a-w- c:\windows\system32\LxUISettings20Native.dll
2010-05-21 08:37 . 2010-05-21 08:37 323584 ----a-w- c:\windows\system32\LxImport80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 299008 ----a-w- c:\windows\system32\LXBtr80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 225280 ----a-w- c:\windows\system32\LxBasics80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 192512 ----a-w- c:\windows\system32\LXDasi80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 135168 ----a-w- c:\windows\system32\LxMail30VC8.dll
2010-05-16 14:28 . 2008-08-06 11:09 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2010-05-16 13:18 . 2010-05-16 13:18 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2010-05-16 13:17 . 2003-03-18 19:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01FotoBank]
@="{489d8d66-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d66-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02FotoBank]
@="{489d8d67-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d67-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03FotoBank]
@="{489d8d68-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d68-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04FotoBank]
@="{489d8d6A-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6A-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05FotoBank]
@="{489d8d6B-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6B-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\06FotoBank]
@="{489d8d6C-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6C-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\07FotoBank]
@="{489d8d6D-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6D-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\08FotoBank]
@="{489d8d6E-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6E-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-25 68856]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"HybridTM_A"="c:\program files\HybridTM_IR(A)\RC620_A.exe" [2006-05-30 118784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"freenetMail Dateimanager Taskleistensymbol"="c:\program files\freenetMail Dateimanager\DBDDsktDrvTrayApp.exe" [2005-08-16 142336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
c:\users\yyyyyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-11 110592]
c:\users\........\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Gigabank.lnk - c:\program files\FAST Gigabank\Gigabank.exe [2008-6-4 1666648]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-11 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fc,c5,54,84,b9,ed,ca,01
R3 ECS_Loader_220;Digital TV Receiver Firmware Loader 5.10.31.0;c:\windows\system32\Drivers\ECS_Loader_220.sys [2005-10-31 15616]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2007-06-04 467456]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2007-06-04 15488]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - hide3tp9
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
2010-05-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-25 18:39]
2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:45]
2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:45]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732255811-3183488341-2812780789-1001Core.job
- c:\users\........\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 15:50]
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732255811-3183488341-2812780789-1001UA.job
- c:\users\........\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 15:50]
2010-08-11 c:\windows\Tasks\User_Feed_Synchronization-{31D36847-25B7-4967-9ACD-59A7E1914681}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
2010-08-12 c:\windows\Tasks\User_Feed_Synchronization-{C23C680E-AFD6-499B-8D62-7D4BDAABD7B3}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\yyyyyyy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\yyyyyyy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-12 09:38
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(256)
c:\program files\FAST Gigabank\FotoBanker.dll
c:\program files\FAST Gigabank\Ltkrn15u.dll
c:\program files\FAST Gigabank\Ltfil15u.dll
c:\program files\FAST Gigabank\Ltdis15u.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-12 09:49:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-08-12 07:49
ComboFix2.txt 2010-08-09 19:16
Vor Suchlauf: 23 Verzeichnis(se), 80.245.137.408 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 80.119.603.200 Bytes frei
- - End Of File - - DAED5C72EEB19975ABF8B2C4E1A611B7
12.08.2010, 09:02
![png777fh.dll' enthielt TR/Spy.585728.35[trojan] - Standard](images/icons/icon1.gif){kind=icon}
![png777fh.dll' enthielt TR/Spy.585728.35[trojan]](iconimages/plagegeister-aller-art-deren-bekaempfung/png777fh-dll-enthielt-tr-spy-585728-35-trojan_ltr.gif)
Hybrid-Darstellung
