Trojaner-Board - Virus macht probleme (facebook)

Combofix Logfile:
Code:
ComboFix 13-06-08.02 - Burak 11.06.2013  11:54:54.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2815.1705 [GMT 2:00]

ausgeführt von:: c:\users\Burak\Desktop\ComboFix.exe

AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\Common Files\Temp

c:\program files\Common Files\Temp\6.1\unins000.dat

c:\program files\Common Files\Temp\6.1\unins000.exe

c:\programdata\BrowoSE2isavve

c:\programdata\BrowoSE2isavve\513f823db3a95.tlb

c:\programdata\BrowoSE2isavve\settings.ini

c:\windows\system32\frapsvid.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-05-11 bis 2013-06-11  ))))))))))))))))))))))))))))))

.

.

2013-06-11 10:09 . 2013-06-11 10:09        --------        d-----w-        c:\users\Burak\AppData\Local\temp

2013-06-11 10:09 . 2013-06-11 10:09        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-06-11 10:09 . 2013-06-11 10:09        --------        d-----w-        c:\users\Gast\AppData\Local\temp

2013-06-10 21:25 . 2013-06-10 21:25        --------        d-----w-        c:\users\Emine\AppData\Roaming\BabSolution

2013-06-10 21:25 . 2013-06-10 21:25        --------        d-----w-        c:\users\Emine\AppData\Roaming\Babylon

2013-06-10 21:24 . 2013-06-10 21:25        --------        d-----w-        c:\users\Emine\AppData\Roaming\DVDVideoSoft

2013-06-10 21:24 . 2013-06-10 21:25        --------        d-----w-        c:\program files\DVDVideoSoft

2013-06-10 21:24 . 2013-06-10 21:25        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft

2013-06-10 21:24 . 2013-06-10 21:24        --------        d-----w-        c:\users\Emine\AppData\Roaming\OpenCandy

2013-06-10 20:13 . 2013-06-10 20:13        --------        d-----w-        c:\users\Bahar\AppData\Roaming\Apple Computer

2013-06-10 18:18 . 2013-06-10 18:18        --------        d-----w-        C:\TDSSKiller_Quarantine

2013-06-09 20:01 . 2013-06-09 20:01        --------        d-----w-        c:\users\Emine\AppData\Roaming\Apple Computer

2013-06-09 17:26 . 2013-06-09 17:26        --------        d-----w-        c:\users\Burak\AppData\Local\Apple

2013-06-09 13:22 . 2013-06-09 13:22        --------        d-----w-        c:\users\Burak\AppData\Roaming\Apple Computer

2013-06-09 12:23 . 2013-06-09 12:23        --------        d-----w-        c:\program files\Common Files\Apple

2013-06-09 12:23 . 2013-06-09 12:23        --------        d-----w-        c:\users\Bahar\AppData\Local\Apple

2013-06-09 12:23 . 2013-06-09 12:23        --------        d-----w-        c:\programdata\Apple

2013-06-08 11:10 . 2013-06-08 11:10        --------        d-----w-        c:\program files\NVIDIA nTune Performance Application

2013-06-08 11:06 . 2013-06-08 11:07        --------        d-----w-        c:\program files\aTuner

2013-06-07 11:50 . 2013-06-07 11:50        --------        d-----w-        c:\users\Burak\AppData\Roaming\WinFAQ

2013-06-07 11:50 . 2006-07-11 19:45        1767        ----a-w-        c:\windows\system32\RSWIcon.icl

2013-06-07 11:50 . 2013-06-07 11:54        --------        d-----w-        c:\program files\Registry System Wizard.NET

2013-06-06 10:17 . 2013-06-06 10:17        --------        d-----w-        c:\programdata\Caphyon

2013-06-06 10:17 . 2013-06-06 10:17        --------        d-----w-        c:\programdata\nHancer

2013-06-06 10:17 . 2013-06-06 10:17        --------        d-----w-        c:\program files\nHancer

2013-06-06 09:40 . 2013-06-06 09:40        --------        d-----w-        c:\users\Burak\AppData\Local\NVIDIA

2013-06-06 09:28 . 2013-05-12 21:37        9053984        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2013-06-06 09:28 . 2013-05-12 21:37        893728        ----a-w-        c:\windows\system32\nvdispgenco3232018.dll

2013-06-06 09:28 . 2013-05-12 21:37        6324360        ----a-w-        c:\windows\system32\nvopencl.dll

2013-06-06 09:28 . 2013-05-12 21:37        21096736        ----a-w-        c:\windows\system32\nvoglv32.dll

2013-06-06 09:28 . 2013-05-12 21:37        13403168        ----a-w-        c:\windows\system32\nvwgf2um.dll

2013-06-06 09:28 . 2013-05-12 21:37        1024288        ----a-w-        c:\windows\system32\nvdispco3232018.dll

2013-06-06 09:28 . 2013-05-12 21:37        7682960        ----a-w-        c:\windows\system32\nvcuda.dll

2013-06-06 09:28 . 2013-05-12 21:37        2754336        ----a-w-        c:\windows\system32\nvcuvid.dll

2013-06-06 09:28 . 2013-05-12 21:37        2002720        ----a-w-        c:\windows\system32\nvcuvenc.dll

2013-06-06 09:28 . 2013-05-12 21:37        17560352        ----a-w-        c:\windows\system32\nvcompiler.dll

2013-06-04 12:28 . 2013-06-04 12:28        --------        d-sh--w-        c:\programdata\DSS

2013-06-04 12:26 . 2010-10-11 09:57        2601752        ----a-w-        c:\windows\system32\pbsvc_moh.exe

2013-06-03 20:55 . 2013-06-11 09:45        --------        d-----w-        c:\windows\AdobeFlash

2013-05-18 20:49 . 2013-05-18 20:49        --------        d-----w-        c:\program files\Common Files\Skype

2013-05-17 20:39 . 2013-05-17 20:39        --------        d-----w-        c:\program files\AGEIA Technologies

2013-05-17 20:33 . 2013-03-15 05:46        892704        ----a-w-        c:\windows\system32\nvdispgenco3231422.dll

2013-05-17 20:33 . 2013-03-15 05:46        1012512        ----a-w-        c:\windows\system32\nvdispco3231422.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-10 04:57 . 2012-08-11 17:23        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-10 04:57 . 2012-08-11 17:23        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-06-09 13:40 . 2012-09-01 11:38        139096        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys

2013-06-09 13:39 . 2012-09-01 12:25        281312        ----a-w-        c:\windows\system32\PnkBstrB.xtr

2013-06-09 13:39 . 2012-09-01 11:38        281312        ----a-w-        c:\windows\system32\PnkBstrB.exe

2013-06-09 13:38 . 2012-09-01 11:38        281312        ----a-w-        c:\windows\system32\PnkBstrB.ex0

2013-06-04 13:05 . 2012-09-01 11:38        76888        ----a-w-        c:\windows\system32\PnkBstrA.exe

2013-06-04 12:26 . 2012-09-01 11:38        138056        ----a-w-        c:\users\Burak\AppData\Roaming\PnkBstrK.sys

2013-05-17 16:02 . 2009-08-18 10:30        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2013-05-17 16:02 . 2009-08-18 09:24        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-12 21:37 . 2012-10-10 20:14        2597344        ----a-w-        c:\windows\system32\nvapi.dll

2013-05-12 21:37 . 2012-02-09 20:43        12426216        ----a-w-        c:\windows\system32\nvd3dum.dll

2013-05-12 19:58 . 2008-05-07 02:45        4188960        ----a-w-        c:\windows\system32\nvcpl.dll

2013-05-12 19:58 . 2008-05-07 02:45        3045664        ----a-w-        c:\windows\system32\nvsvc.dll

2013-05-12 19:58 . 2012-11-02 12:34        640288        ----a-w-        c:\windows\system32\nvvsvc.exe

2013-05-12 19:58 . 2012-11-02 12:34        62752        ----a-w-        c:\windows\system32\nvshext.dll

2013-05-12 19:58 . 2012-11-02 12:34        2555168        ----a-w-        c:\windows\system32\nvsvcr.dll

2013-05-12 19:58 . 2008-05-07 02:45        223008        ----a-w-        c:\windows\system32\nvmctray.dll

2013-05-04 10:41 . 2013-05-04 10:41        2793768        ----a-w-        c:\windows\system32\pbsvc.exe

2013-04-04 03:35 . 2013-04-19 11:46        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]

"Akamai NetSession Interface"="c:\users\Burak\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Steam"="c:\program files\Steam\Steam.exe" [2013-04-19 1631144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"T-Home Dialerschutz-Software"="c:\program files\T-Home\Dialerschutz-Software\Defender.exe" [2010-03-29 1411720]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]

"SysEng"="wscript.exe" [2009-04-10 155648]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

.

c:\users\Burak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^Users^Bahar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Netzmanager.lnk]

path=c:\users\Bahar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk

backup=c:\windows\pss\Netzmanager.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Bahar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]

path=c:\users\Bahar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Burak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]

path=c:\users\Burak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

backup=c:\windows\pss\GamersFirst LIVE!.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Burak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk]

path=c:\users\Burak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk

backup=c:\windows\pss\Kuma_Tray.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Burak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Netzmanager.lnk]

path=c:\users\Burak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk

backup=c:\windows\pss\Netzmanager.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Burak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]

path=c:\users\Burak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51        919008        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]

2013-01-26 06:08        4480768        ----a-w-        c:\users\Burak\AppData\Local\Akamai\netsession_win.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_D49925B8C045DFDAD72E47870D8DEC75]

2013-05-29 05:27        825808        ----a-w-        c:\program files\Google\Chrome\Application\chrome.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-14 19:17        49152        ----a-w-        c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]

2013-02-13 18:38        844144        ----a-w-        c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]

2013-02-13 18:38        1509232        ----a-w-        c:\program files\Samsung\Kies\Kies.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

2013-02-13 18:38        310128        ----a-w-        c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12        3872080        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Mouse]

2012-03-19 08:57        1020416        ----a-w-        c:\program files\Remote Mouse\RemoteMouse.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]

2012-06-11 10:28        10996368        ------w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2013-04-19 13:19        18678376        ----a-r-        c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]

2013-03-18 15:47        448736        ----a-w-        c:\program files\Sony\Sony PC Companion\PCCompanion.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2013-04-19 21:10        1631144        ----a-w-        c:\program files\Steam\Steam.exe

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - DFInjDrv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08

Akamai        REG_MULTI_SZ           Akamai

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-10 05:44        1165776        ----a-w-        c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 04:57]

.

2013-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2409882602-2430681724-175420934-1001Core.job

- c:\users\Emine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-11 20:38]

.

2013-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2409882602-2430681724-175420934-1001UA.job

- c:\users\Emine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-11 20:38]

.

2013-05-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2409882602-2430681724-175420934-1002Core.job

- c:\users\Bahar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-03 22:12]

.

2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 17:23]

.

2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 17:23]

.

2013-05-03 c:\windows\Tasks\Microsoft_Hardware_Launch_LcBuddy_exe.job

- c:\program files\Microsoft LifeCam\LcBuddy.exe [2010-12-13 12:37]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/

mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = 144.76.7.221:8080

IE: Free YouTube to MP3 Converter - c:\users\Burak\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.2.1

DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 

FF - ProfilePath - c:\users\Burak\AppData\Roaming\Mozilla\Firefox\Profiles\ks6g066o.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?SSPV=FFSBCUID&ctid=CT2319825&SearchSource=13&CUI=UN75873342367684597

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=

FF - ExtSQL: !HIDDEN! 2012-12-20 13:43; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKCU-Run-Exetender_148 - c:\program files\FreeRide Games\GPlayer.exe

HKLM-Run-TaskMngr - (no file)

SafeBoot-80489657.sys

MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe

MSConfigStartUp-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe

MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe

MSConfigStartUp-Sweetpacks Communicator - c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe

AddRemove-All rights reserved_is1 - c:\program files\Common Files\Temp\6.1\unins000.exe

AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe

AddRemove-heroes in the sky - j:\heroes\heroes in the sky\uninstall.exe

AddRemove-Steam App 211 - j:\steam\Steam\steam.exe

AddRemove-Steam App 218 - j:\steam\Steam\steam.exe

AddRemove-{26F385CB-5226-4C7F-B38C-3126117AD48F}_is1 - c:\program files\MoonMt2 PvP Fun Server 2013\unins000.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2013-06-11 12:09

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,

   fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:0c,a3,7e,21,b0,cc,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,05,4c,75,a0,38,05,4c,a8,0b,a2,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,05,4c,75,a0,38,05,4c,a8,0b,a2,\

.

[HKEY_USERS\S-1-5-21-2409882602-2430681724-175420934-1000\Software\SecuROM\License information*]

"datasecu"=hex:81,03,ca,76,e8,bd,6c,94,01,fc,2c,09,5b,01,2a,33,48,47,b6,cb,9d,

   3f,db,1d,f2,46,45,63,86,34,e6,fa,ea,a2,9f,c0,e3,c5,42,ff,bb,4e,b6,4c,b9,11,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2013-06-11  12:12:29

ComboFix-quarantined-files.txt  2013-06-11 10:12

.

Vor Suchlauf: 31 Verzeichnis(se), 27.008.589.824 Bytes frei

Nach Suchlauf: 36 Verzeichnis(se), 26.544.549.888 Bytes frei

.

- - End Of File - - 098122FBCC72BEDD34D8DFF93253C7FD
--- --- ---
5C616939100B85E558DA92B899A0FC36
[/HTML]