Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 10-08-09.03 - Kev 10.08.2010 14:44:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1233 [GMT 2:00]
ausgeführt von:: c:\users\Kev\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\system.txt
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-10 bis 2010-08-10 ))))))))))))))))))))))))))))))
.
2010-08-10 12:33 . 2010-08-10 12:33 -------- d-----w- c:\program files\CCleaner
2010-08-10 12:29 . 2010-08-10 12:29 -------- d-----w- c:\users\Kev\AppData\Roaming\Yahoo!
2010-08-10 12:29 . 2010-08-10 12:29 -------- d-----w- c:\program files\Yahoo!
2010-08-10 11:48 . 2010-08-10 11:48 -------- d-----w- C:\_OTL
2010-08-09 19:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-09 19:12 . 2010-08-09 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 19:12 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-09 04:40 . 2010-08-09 04:40 -------- d-----w- C:\Neuer Ordner
2010-08-08 17:53 . 2010-08-09 03:55 -------- d-----w- c:\program files\Common Files\Steam
2010-08-08 17:52 . 2010-08-10 12:19 -------- d-----w- c:\program files\Steam
2010-07-31 19:51 . 2010-07-31 19:51 -------- d-----w- c:\programdata\WindowsSearch
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 11:57 . 2006-11-02 15:33 628504 ----a-w- c:\windows\system32\perfh007.dat
2010-08-10 11:57 . 2006-11-02 15:33 126054 ----a-w- c:\windows\system32\perfc007.dat
2010-08-10 11:45 . 2007-04-27 06:13 -------- d-----w- c:\users\Kev\AppData\Roaming\Skype
2010-08-10 06:06 . 2010-01-10 17:02 -------- d-----w- c:\users\Kev\AppData\Roaming\skypePM
2010-08-09 03:58 . 2007-08-03 16:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-07 23:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-31 19:39 . 2009-01-16 19:16 -------- d-----w- c:\users\Kev\AppData\Roaming\Samsung
2010-07-30 23:26 . 2010-04-26 01:02 -------- d-----w- c:\program files\vghd
2010-07-14 00:08 . 2010-04-17 13:31 -------- d-----w- c:\program files\Conduit
2010-07-05 20:32 . 2009-08-16 23:54 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-06-26 01:03 . 2010-06-26 01:03 -------- d-----w- c:\program files\Microsoft.NET
2010-06-17 22:14 . 2007-04-25 16:54 1356 ----a-w- c:\users\Kev\AppData\Local\d3d9caps.dat
2010-06-17 21:40 . 2007-04-25 15:27 71256 ----a-w- c:\users\Kev\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-14 11:49 . 2010-06-14 11:49 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-06-13 21:18 . 2010-06-13 21:18 -------- d-----w- c:\program files\Gameforge4D
2010-05-26 17:06 . 2010-06-11 15:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 15:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 07:48 . 2010-05-20 14:11 145 --s-a-w- c:\users\Kev\AppData\Local\3390726344.dat
2010-05-21 12:14 . 2009-10-03 00:29 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 14:11 . 2010-05-20 14:11 4 ----a-w- c:\users\Kev\AppData\Roaming\ofubwi.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2008-03-05 92160]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-08 1238352]
"New Application"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-18 136600]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Setup-Assistent.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2109440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):df,63,38,85,10,55,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-12-28 289280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;avast! Self Protection; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2010-03-15 108768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys [2007-09-27 21888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-08-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-06 09:08]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:26]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:26]
2010-08-10 c:\windows\Tasks\User_Feed_Synchronization-{83FBEBE3-B758-4CBA-9E8B-9742F07D78DF}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
2010-08-09 c:\windows\Tasks\User_Feed_Synchronization-{DB38E93A-38EC-4070-B765-E95CCC581324}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://de.yahoo.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\wpclsp.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-10 14:56:31
ComboFix-quarantined-files.txt 2010-08-10 12:56
Vor Suchlauf: 25 Verzeichnis(se), 49.981.886.464 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 49.920.520.192 Bytes frei
- - End Of File - - A3F7713051C8FA1C9516E59C134D91F2
--- --- ---
10.08.2010, 14:08
Baum-Darstellung