| Kékfrankos | 29.09.2010 10:58 |
Hallo,
so, hier das lang ersehnte ComboFix. Da stand auch ziemlich zum Schluss, das diverse Datein gelöscht werden. Normal?
Combofix Logfile: Code:
ComboFix 10-09-28.03 - Melanie 29.09.2010 11:37:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3000.1944 [GMT 2:00]
ausgeführt von:: c:\users\Melanie\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\MW
c:\program files\MW\TGATool2\TGATool2A.exe
c:\program files\MW\TGATool2\unins000.dat
c:\program files\MW\TGATool2\unins000.exe
c:\program files\YouTube Downloader Toolbar\IE\1.0\yoUTubedownloadertoolbarie.dll
c:\program files\YouTube Downloader Toolbar\SeARchsettings.dll
c:\users\Melanie\AppData\Roaming\.#
c:\users\Melanie\AppData\Roaming\Yqmii\avygr.exe
c:\windows\system32\AVSredirect.dll
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-28 bis 2010-09-29 ))))))))))))))))))))))))))))))
.
2010-09-29 09:50 . 2010-09-29 09:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-29 09:14 . 2010-09-29 09:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-09-29 05:22 . 2009-09-27 07:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-09-29 05:22 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-09-29 05:22 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-09-29 05:22 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-09-29 05:22 . 2010-09-29 05:22 -------- d-----w- c:\program files\AviSynth 2.5
2010-09-29 05:22 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-09-29 05:22 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-09-29 05:22 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-09-29 05:21 . 2010-09-29 05:21 -------- d-----w- c:\program files\eRightSoft
2010-09-29 05:09 . 2010-09-29 05:09 236032 ----a-w- c:\windows\Xjekea.exe
2010-09-29 05:08 . 2010-09-29 09:49 -------- d-----w- c:\users\Melanie\AppData\Roaming\Yqmii
2010-09-29 05:08 . 2010-09-29 08:39 -------- d-----w- c:\users\Melanie\AppData\Roaming\Axfeoh
2010-09-28 07:21 . 2010-09-28 07:22 -------- d-----w- c:\program files\Application Updater
2010-09-28 07:21 . 2010-09-29 09:49 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2010-09-28 07:20 . 2010-09-28 07:20 -------- d-----w- c:\program files\YouTube Downloader
2010-09-28 06:12 . 2005-09-20 19:25 53760 ----a-w- c:\windows\system\ppacklib.dll
2010-09-28 06:12 . 2004-08-07 08:14 8192 ----a-w- c:\windows\system32\tbxdlg.dll
2010-09-28 06:12 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-09-28 06:12 . 2000-10-01 22:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2010-09-28 06:12 . 1999-05-20 14:07 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2010-09-28 06:12 . 1998-07-05 22:00 33792 ----a-w- c:\windows\system32\CMDLGDE.DLL
2010-09-28 06:12 . 2010-09-28 06:12 -------- d-----w- c:\program files\FIS2005
2010-09-26 23:28 . 2010-09-26 23:28 -------- d-----w- c:\programdata\WindowsSearch
2010-09-15 02:38 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 02:38 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 02:38 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 02:38 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 10:45 . 2010-03-18 20:27 24440 ----a-w- c:\windows\system32\udcpm.dll
2010-09-14 10:41 . 2010-09-14 10:46 -------- d-----w- c:\users\Melanie\AppData\Roaming\UDC Profiles
2010-09-14 10:40 . 2010-09-14 10:46 -------- d-----w- c:\program files\Universal Document Converter
2010-09-09 14:18 . 2010-09-09 14:18 -------- d-----w- c:\users\Melanie\AppData\Roaming\ASCOMP Software
2010-09-09 14:17 . 2009-07-20 01:52 1242552 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-09-09 14:17 . 2010-09-09 14:17 -------- d-----w- c:\program files\ASCOMP Software
2010-09-08 08:50 . 2010-09-08 08:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-07 16:37 . 2010-09-07 16:37 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-09-07 09:24 . 2010-09-07 09:24 -------- d-----w- C:\_OTL
2010-09-07 08:37 . 2010-09-07 08:37 -------- d-----w- c:\programdata\PC Tools
2010-09-06 19:19 . 2010-09-06 19:19 -------- d-----w- c:\users\Melanie\AppData\Roaming\Malwarebytes
2010-09-06 19:18 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 19:18 . 2010-09-06 19:18 -------- d-----w- c:\programdata\Malwarebytes
2010-09-06 19:18 . 2010-09-06 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 19:18 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 18:53 . 2010-09-06 18:53 -------- d-----w- C:\EGIS_Drive
2010-09-06 18:44 . 2010-09-06 18:44 -------- d-s---w- c:\users\Melanie\BackProtection
2010-09-06 18:43 . 2010-09-24 21:27 -------- d-----w- c:\program files\BackProtection 8
2010-09-06 18:43 . 2010-04-15 06:03 99866 ----a-w- c:\windows\system32\VB5DE.dll
2010-09-06 18:43 . 2010-04-15 06:03 72704 ----a-w- c:\windows\ST5UNST.EXE
2010-09-06 18:43 . 2010-04-15 06:03 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll
2010-09-06 17:25 . 2010-09-06 17:25 -------- d-----w- c:\program files\Common Files\PCSuite
2010-09-06 17:25 . 2010-09-06 17:25 -------- d-----w- c:\program files\Common Files\Nokia
2010-09-06 17:21 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-06 17:18 . 2010-09-06 17:18 -------- d-----w- c:\program files\PC Connectivity Solution
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 12:10 . 2010-09-28 12:10 365968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD0030C1-B550-41EA-8700-25EB3FA8A43B}\mpasdlta.vdm
2010-09-25 03:36 . 2008-10-07 20:23 229264 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm
2010-09-18 17:25 . 2008-05-08 03:32 623280 ----a-w- c:\windows\system32\perfh007.dat
2010-09-18 17:25 . 2008-05-08 03:32 125378 ----a-w- c:\windows\system32\perfc007.dat
2010-09-18 00:17 . 2010-09-28 12:10 12300688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD0030C1-B550-41EA-8700-25EB3FA8A43B}\mpasbase.vdm
2010-09-18 00:17 . 2008-10-07 20:23 12300688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasbase.vdm
2010-09-16 19:36 . 2008-12-09 21:35 -------- d-----w- c:\users\Melanie\AppData\Roaming\dvdcss
2010-09-16 06:14 . 2008-05-07 17:46 -------- d-----w- c:\programdata\Microsoft Help
2010-09-16 06:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 02:29 . 2010-08-11 08:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-14 10:43 . 2010-01-23 12:50 5972 ----a-w- c:\users\Melanie\AppData\Local\d3d9caps.dat
2010-09-07 16:39 . 2010-01-16 12:27 -------- d-----w- c:\program files\DVDVideoSoft
2010-09-07 08:39 . 2010-09-07 08:37 80767800 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-07 08:29 . 2008-10-04 14:31 87144 ----a-w- c:\users\Melanie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-07 06:06 . 2010-07-25 20:01 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-09-06 19:08 . 2009-10-22 17:10 -------- d-----w- c:\users\Melanie\AppData\Roaming\Nokia
2010-09-06 19:04 . 2008-12-09 19:22 -------- d-----w- c:\users\Melanie\AppData\Roaming\vlc
2010-09-06 19:04 . 2009-10-22 17:07 -------- d-----w- c:\program files\Nokia
2010-09-06 19:04 . 2009-04-30 15:00 -------- d-----w- c:\program files\IrfanView
2010-09-06 17:08 . 2010-09-06 17:08 95232 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-09-06 17:08 . 2010-09-06 17:08 61440 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-09-06 17:08 . 2010-09-06 17:08 8192 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-09-06 17:08 . 2010-09-06 17:08 10240 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-09-06 17:07 . 2009-10-22 17:06 -------- d-----w- c:\programdata\Installations
2010-09-06 16:50 . 2010-09-06 17:08 36426336 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ger_web.exe
2010-08-27 20:13 . 2010-08-11 08:19 -------- d-----w- c:\program files\Windows Live
2010-08-26 19:33 . 2010-08-26 19:33 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-25 09:10 . 2009-10-22 17:08 -------- d-----w- c:\users\Melanie\AppData\Roaming\PC Suite
2010-08-23 20:25 . 2009-05-14 21:05 -------- d-----w- c:\users\Melanie\AppData\Roaming\Skype
2010-08-23 17:28 . 2009-05-14 21:26 -------- d-----w- c:\users\Melanie\AppData\Roaming\skypePM
2010-08-23 11:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-08-22 15:50 . 2010-08-22 15:50 -------- d-----w- c:\programdata\PMB Files
2010-08-22 15:49 . 2010-08-22 15:49 -------- d-----w- c:\program files\Pando Networks
2010-08-17 14:17 . 2010-01-23 12:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-17 14:17 . 2010-09-14 15:46 53632 ----a-w- c:\users\Melanie\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-17 04:00 . 2008-05-07 17:48 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 18:24 . 2010-08-12 18:24 -------- d-----w- c:\program files\Need4 Video Converter 7
2010-08-12 18:24 . 2010-08-12 18:24 -------- d-----w- c:\program files\Need4 Software Launcher
2010-08-11 08:21 . 2010-08-11 08:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-11 08:20 . 2010-08-11 08:20 -------- d-----w- c:\program files\Microsoft
2010-08-11 08:19 . 2010-08-11 08:19 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-08-11 08:09 . 2010-08-11 08:09 -------- d-----w- c:\program files\Common Files\Windows Live
2010-08-03 12:40 . 2010-08-03 12:40 0 ----a-w- c:\windows\nsreg.dat
2006-05-03 09:06 . 2010-09-29 05:22 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2010-09-29 05:22 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2010-09-29 05:22 216064 --sh--r- c:\windows\System32\nbDX.dll
2008-09-10 16:46 . 2008-09-10 16:44 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-26 2736736]
"{548f6736-8fe4-4680-82f2-170d6c07e1d2}"= "c:\program files\TranslatorBar_1.2\tbTran.dll" [2010-06-03 2736736]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\TranslatorBar_1.2\tbTran.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-07-26 05:38 2736736 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 10:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-26 2736736]
"{548f6736-8fe4-4680-82f2-170d6c07e1d2}"= "c:\program files\TranslatorBar_1.2\tbTran.dll" [2010-06-03 2736736]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-26 2736736]
"{548F6736-8FE4-4680-82F2-170D6C07E1D2}"= "c:\program files\TranslatorBar_1.2\tbTran.dll" [2010-06-03 2736736]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-08 6139904]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-04 24064]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-04-26 111928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SearchSettings"="c:\program files\YouTube Downloader Toolbar\SearchSettings.exe" [2010-02-19 974848]
c:\users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BackProtection Hintergrunddienst.lnk - c:\program files\BackProtection 8\bp.exe [2010-9-6 208896]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-9-10 1216512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9fbf99e8cea12;Google Update Service (gupdate1c9fbf99e8cea12);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-04 24064]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-03 722416]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-05-07 110304]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-03 16:15]
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 16:16]
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 16:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de
mStart Page = hxxp://home.sweetim.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKCU-Run-{AFC285AB-7961-9E3C-E455-7F9CA8BBD657} - c:\users\Melanie\AppData\Roaming\Yqmii\avygr.exe
HKCU-Run-Metropolis - c:\windows\system32\sshnas21.dll
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
AddRemove-BC_Pass-RIC_0014 - c:\users\Melanie\Desktop\BC_Pass-RIC_0014\uninstall.exe
AddRemove-H-Start Bc fekvõhelyes kocsi - c:\users\Melanie\Desktop\Uninstal.exe
AddRemove-H-Start WLAB hálókocsi - c:\users\Melanie\Desktop\Uninstal.exe
AddRemove-MÁV-Start Bd Telepítõ program - c:\users\Melanie\Desktop\Uninstal.exe
AddRemove-{C56DDDB3-661C-4B5B-A8FF-93CEF3BE86F5}_is1 - c:\train simulator\unins000.exe
AddRemove-CTL E189-911 - c:\users\Melanie\Desktop\Uninstal.exe
AddRemove-MyProduct - c:\users\Melanie\Desktop\Uninstal.exe
AddRemove-PKP EN57-1407 - c:\users\Melanie\Desktop\Uninstal.exe
AddRemove-PKP EN57-647 - c:\users\Melanie\Desktop\Uninstal.exe
AddRemove-PKP PR Bhp 18-25 033 - c:\users\Melanie\Desktop\Uninstal.exe
AddRemove-Tiszántúl 2 - c:\program files\Microsoft Games\Train Simulator eigene\ROUTES\Uninstal.exe
AddRemove-TrainSim.pl PMK_TRAINS v2.1 - c:\users\Melanie\Desktop\uninstall_pmk_trains.exe
AddRemove-UnityWebPlayer - c:\users\Melanie\AppData\Local\Unity\WebPlayer\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-29 11:50
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-78928637-2002754984-348181283-1000\Software\SecuROM\License information*]
"datasecu"=hex:e5,b8,62,70,8d,76,2d,94,c4,ce,fb,ee,74,1f,3a,c9,6f,9b,84,6b,78,
19,e5,b3,54,02,70,b3,a6,86,e8,b0,08,e8,3f,29,4a,1c,1e,d6,f4,1e,d3,33,0c,a0,\
"rkeysecu"=hex:e7,6b,7d,59,bb,27,da,c5,2a,fb,3a,5a,8e,ac,d5,c0
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-29 11:56:35
ComboFix-quarantined-files.txt 2010-09-29 09:56
Vor Suchlauf: 5.387.857.920 Bytes frei
Nach Suchlauf: 5.554.089.984 Bytes frei
- - End Of File - - B3E4766BC0CE109130D682FABE4107B4
--- --- ---
Viele Grüße |
