Flacor.dat entdeckt

partyarti · 03.08.2010, 18:46

hallo,

hab combofix nun wie beschrieben ausgeführt hier das file:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-08-02.03 - Arthur 03.08.2010  19:20:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.2187 [GMT 2:00]
ausgeführt von:: c:\users\Arthur\Desktop\cofi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe4865.dll
c:\users\Arthur\AppData\Roaming\.#
c:\users\Arthur\AppData\Roaming\Desktopicon

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-03 bis 2010-08-03  ))))))))))))))))))))))))))))))
.

2010-08-02 12:59 . 2009-09-04 15:29	453456	----a-w-	c:\windows\system32\d3dx10_42.dll
2010-08-02 12:59 . 2009-09-04 15:29	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2010-08-02 12:43 . 2010-04-14 17:47	293376	----a-w-	c:\windows\system32\psisdecd.dll
2010-08-02 12:43 . 2010-04-14 17:46	428544	----a-w-	c:\windows\system32\EncDec.dll
2010-08-02 12:37 . 2010-02-12 10:48	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-08-02 12:26 . 2008-06-20 01:14	105016	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-08-02 12:26 . 2008-06-20 01:14	97800	----a-w-	c:\windows\system32\infocardapi.dll
2010-08-02 12:26 . 2008-06-20 01:14	781344	----a-w-	c:\windows\system32\PresentationNative_v0300.dll
2010-08-02 12:26 . 2008-06-20 01:14	43544	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-08-02 12:26 . 2008-06-20 01:14	11264	----a-w-	c:\windows\system32\icardres.dll
2010-08-02 12:26 . 2008-06-20 01:14	622080	----a-w-	c:\windows\system32\icardagt.exe
2010-08-02 12:26 . 2008-06-20 01:14	326160	----a-w-	c:\windows\system32\PresentationHost.exe
2010-08-02 12:22 . 2008-07-27 18:03	96760	----a-w-	c:\windows\system32\dfshim.dll
2010-08-02 12:22 . 2008-07-27 18:03	41984	----a-w-	c:\windows\system32\netfxperf.dll
2010-08-02 12:22 . 2008-07-27 18:03	282112	----a-w-	c:\windows\system32\mscoree.dll
2010-08-02 12:22 . 2008-07-27 18:03	158720	----a-w-	c:\windows\system32\mscorier.dll
2010-08-02 12:22 . 2008-07-27 18:03	83968	----a-w-	c:\windows\system32\mscories.dll
2010-08-02 12:21 . 2010-02-20 23:39	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-08-02 12:21 . 2010-02-20 23:37	31232	----a-w-	c:\windows\system32\httpapi.dll
2010-08-02 12:21 . 2010-02-20 21:18	411136	----a-w-	c:\windows\system32\drivers\http.sys
2010-08-02 12:19 . 2010-08-02 12:19	--------	d-----w-	C:\_OTL
2010-07-30 19:37 . 2009-09-10 17:30	213504	----a-w-	c:\windows\system32\msv1_0.dll
2010-07-30 19:36 . 2008-06-06 03:27	562176	----a-w-	c:\windows\system32\msdtcprx.dll
2010-07-30 19:35 . 2009-03-03 04:40	499200	----a-w-	c:\windows\system32\wbem\WmiPrvSD.dll
2010-07-30 19:34 . 2008-06-23 01:59	996352	----a-w-	c:\windows\system32\WMNetMgr.dll
2010-07-30 19:26 . 2010-05-21 12:14	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-07-30 19:22 . 2009-12-23 12:43	171520	----a-w-	c:\windows\system32\wintrust.dll
2010-07-30 19:21 . 2010-01-15 00:04	98304	----a-w-	c:\windows\system32\cabview.dll
2010-07-30 19:14 . 2008-05-26 09:54	81704	----a-w-	c:\windows\system32\drivers\WSVD.sys
2010-07-30 19:10 . 2009-08-07 02:24	44768	----a-w-	c:\windows\system32\wups2.dll
2010-07-30 19:10 . 2009-08-07 02:24	53472	----a-w-	c:\windows\system32\wuauclt.exe
2010-07-30 19:10 . 2009-08-07 02:23	1929952	----a-w-	c:\windows\system32\wuaueng.dll
2010-07-30 19:10 . 2009-08-07 01:45	2421760	----a-w-	c:\windows\system32\wucltux.dll
2010-07-30 19:02 . 2009-08-07 02:24	35552	----a-w-	c:\windows\system32\wups.dll
2010-07-30 19:02 . 2009-08-07 02:23	575704	----a-w-	c:\windows\system32\wuapi.dll
2010-07-30 19:02 . 2009-08-07 01:44	87552	----a-w-	c:\windows\system32\wudriver.dll
2010-07-30 18:56 . 2009-08-06 17:23	171608	----a-w-	c:\windows\system32\wuwebv.dll
2010-07-30 18:56 . 2009-08-06 16:44	33792	----a-w-	c:\windows\system32\wuapp.exe
2010-07-30 18:36 . 2010-07-30 18:36	109624	---ha-w-	c:\windows\system32\mlfcache.dat
2010-07-30 17:53 . 2010-07-30 17:53	63488	----a-w-	c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 17:53 . 2010-07-30 17:53	52224	----a-w-	c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 17:53 . 2010-07-30 17:53	117760	----a-w-	c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-30 17:53 . 2010-07-30 17:53	--------	d-----w-	c:\users\Arthur\AppData\Roaming\SUPERAntiSpyware.com
2010-07-30 17:53 . 2010-07-30 17:53	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2010-07-30 17:53 . 2010-07-30 17:53	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-07-30 17:51 . 2010-07-30 17:52	--------	d-----w-	c:\program files\CCleaner
2010-07-30 16:12 . 2010-07-30 16:12	--------	d-----w-	c:\users\Arthur\AppData\Roaming\Malwarebytes
2010-07-30 16:11 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 16:11 . 2010-07-30 16:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-30 16:11 . 2010-07-30 16:11	--------	d-----w-	c:\programdata\Malwarebytes
2010-07-30 16:11 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-30 16:05 . 2010-07-30 16:07	--------	d-----w-	c:\programdata\Norton
2010-07-30 16:05 . 2010-07-30 16:05	--------	d-----w-	c:\programdata\Symantec
2010-07-30 16:05 . 2010-07-30 16:05	--------	d-----w-	c:\programdata\NortonInstaller
2010-07-30 04:24 . 2010-07-30 04:24	84054	----a-w-	c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-30 04:22 . 2010-07-30 04:22	54153	----a-w-	c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-30 04:16 . 2010-07-30 04:16	144696	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-10 12:21 . 2010-07-10 12:21	--------	d-----w-	c:\programdata\Electronic Arts
2010-07-10 11:55 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\system32\D3DX9_39.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 17:24 . 2010-08-03 17:24	--------	d-----w-	c:\programdata\WindowsSearch
2010-08-03 17:24 . 2008-01-21 07:15	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-08-03 17:24 . 2008-01-21 07:15	122842	----a-w-	c:\windows\system32\perfc007.dat
2010-08-02 15:12 . 2008-10-07 19:31	55302	----a-w-	c:\programdata\nvModes.dat
2010-08-02 13:14 . 2009-05-07 16:01	78752	----a-w-	c:\users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-02 13:07 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-02 12:34 . 2008-07-30 02:19	--------	d-----w-	c:\program files\Microsoft Works
2010-07-31 05:40 . 2009-03-29 16:33	--------	d-----w-	c:\program files\Azureus
2010-07-31 05:35 . 2008-07-30 01:43	--------	d-----w-	c:\programdata\McAfee
2010-07-30 18:59 . 2008-10-25 13:00	8268	----a-w-	c:\users\Arthur\AppData\Local\d3d9caps.dat
2010-07-30 17:54 . 2008-10-04 15:58	--------	d-----w-	c:\program files\Firefox
2010-07-30 04:24 . 2010-06-10 09:02	--------	d-----w-	c:\programdata\DivX
2010-07-30 04:23 . 2009-10-08 08:44	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-07-30 04:22 . 2009-01-24 13:18	--------	d-----w-	c:\program files\DivX
2010-07-28 17:38 . 2009-05-10 09:37	1	----a-w-	c:\users\Arthur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-27 17:28 . 2009-03-29 16:43	--------	d-----w-	c:\users\Arthur\AppData\Roaming\Azureus
2010-06-23 17:10 . 2010-06-23 16:50	--------	d-----w-	c:\users\Arthur\AppData\Roaming\Audacity
2010-06-23 17:01 . 2010-06-23 17:01	--------	d-----w-	c:\program files\Lame for Audacity
2010-06-23 16:50 . 2010-06-23 16:50	--------	d-----w-	c:\program files\Audacity 1.3 Beta (Unicode)
2010-06-17 18:12 . 2010-06-11 13:18	--------	d-----w-	c:\program files\iTunes
2010-06-17 18:11 . 2010-06-17 18:11	--------	d-----w-	c:\program files\iPod
2010-06-17 18:11 . 2010-06-11 13:15	--------	d-----w-	c:\program files\Common Files\Apple
2010-06-17 18:07 . 2010-06-17 18:07	--------	d-----w-	c:\program files\Bonjour
2010-06-17 18:03 . 2010-06-17 18:03	72504	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-12 06:58 . 2010-06-11 13:19	--------	d-----w-	c:\users\Arthur\AppData\Roaming\Apple Computer
2010-06-11 13:19 . 2010-06-11 13:18	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-11 13:18 . 2010-06-11 13:17	--------	d-----w-	c:\programdata\Apple Computer
2010-06-11 13:18 . 2010-06-11 13:17	--------	d-----w-	c:\program files\QuickTime
2010-06-11 13:17 . 2010-06-11 13:17	--------	d-----w-	c:\program files\Apple Software Update
2010-06-11 13:17 . 2010-06-11 13:15	--------	d-----w-	c:\programdata\Apple
2010-06-10 09:08 . 2010-06-10 09:08	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-10 09:08 . 2009-10-08 08:44	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-06-10 09:08 . 2010-06-10 09:08	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-10 09:08 . 2010-06-10 09:08	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-10 09:07 . 2010-06-10 09:07	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-06-10 09:07 . 2009-10-20 14:06	--------	d-----w-	c:\users\Arthur\AppData\Roaming\DivX
2010-06-10 09:06 . 2010-06-10 09:06	57054	----a-w-	c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06	54166	----a-w-	c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06	57532	----a-w-	c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06	56458	----a-w-	c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06	54174	----a-w-	c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06	54128	----a-w-	c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06	54644	----a-w-	c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06	57409	----a-w-	c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-06-10 09:06 . 2010-06-10 09:06	54101	----a-w-	c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-10 09:05 . 2010-06-10 09:05	52963	----a-w-	c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-10 09:05 . 2010-06-10 09:05	54073	----a-w-	c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-06-10 09:05 . 2010-06-10 09:05	56969	----a-w-	c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-06-10 09:02 . 2010-06-10 09:08	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-06-10 09:02 . 2010-06-10 09:08	895256	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-26 16:16 . 2010-07-30 19:36	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-07-30 19:36	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45	2355224	----a-w-	c:\program files\Winload\tbWinl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
2008-08-14 13:57	2484224	----a-w-	c:\users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\users\Arthur\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224]

[HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 68856]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-09-01 3676160]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-01 30192]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"HostManager"="c:\program files\Common Files\AOL\1223197373\ee\AOLSoftware.exe" [2006-09-26 50736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-09-01 17:46	3197952	----a-w-	c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24	567560	----a-w-	c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-01 30192]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 vaxscsi;vaxscsi;c:\windows\System32\Drivers\vaxscsi.sys [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-05-26 81704]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-01-17 717296]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-09-01 42608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-11 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-09-01 3602432]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\u96e3y89.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX Richtlinien ----
c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-Winamp Toolbar for Firefox - c:\users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\u96e3y89.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe



**************************************************************************
Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3747233088-3331940985-2413091596-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,63,fe,43,2c,ab,80,86,ec,1f,ef,d8,62,8b,f7,be,4d,13,9c,db,4d,
   3a,3f,d2,62,94,b2,db,65,af,96,85,5b,72,3c,de,b0,25,fd,ab,d1,f9,bc,c7,a5,b6,\
"rkeysecu"=hex:ca,c1,c2,c0,b5,34,10,25,d7,1f,9c,d5,07,0e,95,d4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(1248)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-03  19:39:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-03 17:39

Vor Suchlauf: 13 Verzeichnis(se), 83.569.094.656 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 83.206.361.088 Bytes frei

- - End Of File - - F5516F84436EA8CCB0C86D08B1C211AF

--- --- ---

Flacor.dat entdeckt

Plagegeister aller Art und deren Bekämpfung: Flacor.dat entdeckt

Flacor.dat entdeckt

Ähnliche Themen: Flacor.dat entdeckt