| TitanNano | 02.01.2012 21:27 |
Code:
ComboFix 12-01-02.01 - Jovan 02.01.2012 21:05:05.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.2047.1096 [GMT 1:00]
ausgeführt von:: d:\benutzer\Jovan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\shsvcs.dll.vgorg
c:\windows\system32\themeui.dll.vgorg
c:\windows\system32\uxtheme.dll.vgorg
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-02 bis 2012-01-02 ))))))))))))))))))))))))))))))
.
.
2012-01-02 20:17 . 2012-01-02 20:17 -------- d-----w- c:\users\Jovan\AppData\Local\temp
2012-01-02 16:45 . 2012-01-02 16:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52BDA092-9A86-4AC2-9580-29A6C8ECA708}\offreg.dll
2012-01-01 12:34 . 2012-01-01 12:34 -------- d-----w- c:\users\Cyrill\AppData\Roaming\Imperium Romanum
2012-01-01 12:27 . 2012-01-01 12:27 -------- d-----w- c:\users\User\AppData\Roaming\Imperium Romanum
2011-12-30 16:45 . 2011-12-30 16:45 -------- d-----w- c:\program files\Skype
2011-12-30 16:45 . 2011-12-30 16:45 -------- d-----w- c:\programdata\Skype
2011-12-29 17:12 . 2011-12-29 17:12 -------- d-----w- c:\users\Jovan\AppData\Roaming\Malwarebytes
2011-12-29 17:12 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 19:44 . 2011-12-28 19:44 -------- d-----w- c:\program files\BillP Studios
2011-12-27 17:27 . 2011-12-27 17:27 -------- d-----w- c:\users\Cyrill\AppData\Local\Apple
2011-12-27 08:55 . 2012-01-01 15:38 -------- d-----w- c:\users\Cyrill\AppData\Roaming\Skype
2011-12-25 00:51 . 2011-12-25 00:51 -------- d-----w- c:\programdata\ATI
2011-12-25 00:51 . 2011-12-25 00:51 -------- d-----w- c:\program files\AMD APP
2011-12-22 19:15 . 2011-12-22 19:15 -------- d-----w- c:\users\Jovan\AppData\Local\Borland
2011-12-22 19:13 . 2011-12-30 23:23 -------- d-----w- c:\users\Jovan\.borland
2011-12-22 19:04 . 2011-12-22 19:12 -------- d-----w- c:\users\Jovan\AppData\Local\ApplicationHistory
2011-12-22 19:04 . 2011-12-22 19:04 -------- d-----w- c:\users\Jovan\AppData\Local\Microsoft Help
2011-12-22 19:01 . 2011-12-22 19:01 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2011-12-22 19:01 . 2011-12-22 19:13 -------- d-----w- c:\programdata\Microsoft Help
2011-12-22 18:51 . 2011-12-22 18:51 -------- d-----w- c:\windows\system32\URTTEMP
2011-12-21 17:58 . 2011-12-19 13:11 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-12-21 17:57 . 2011-12-19 13:11 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-12-19 13:12 . 2011-12-19 13:12 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 13:11 . 2011-12-19 13:11 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-19 13:11 . 2011-12-19 13:11 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-16 17:23 . 2011-12-16 17:23 -------- d-----w- c:\users\Cyrill\AppData\Local\Warner Bros. Interactive Entertainment
2011-12-16 15:11 . 2011-12-16 15:11 -------- d-----w- c:\users\Cyrill\AppData\Roaming\WB Games
2011-12-11 13:58 . 2007-01-04 11:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll
2011-12-10 22:37 . 2011-12-10 22:37 -------- d-----w- c:\users\Jovan\AppData\Local\Xara
2011-12-10 22:37 . 2011-12-10 22:37 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2011-12-10 22:30 . 2011-12-10 22:30 -------- d-----w- c:\program files\MAGIX
2011-12-10 16:58 . 2011-12-10 22:25 -------- d-----w- c:\users\Jovan\AppData\Roaming\TS3Client
2011-12-09 16:47 . 2011-12-09 17:42 -------- d-----w- c:\users\Cyrill\AppData\Local\gtk-2.0
2011-12-09 16:44 . 2011-12-09 17:56 -------- d-----w- c:\users\Cyrill\.gimp-2.7
2011-12-09 16:44 . 2011-12-09 16:44 -------- d-----w- c:\users\Cyrill\AppData\Local\gegl-0.1
2011-12-06 16:09 . 2011-12-18 18:43 -------- d-----w- c:\users\Jovan\AppData\Local\gtk-2.0
2011-12-06 16:02 . 2009-08-24 21:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-12-06 16:02 . 2011-12-30 22:30 -------- d-----w- c:\users\Jovan\.gimp-2.7
2011-12-06 16:02 . 2011-12-06 16:02 -------- d-----w- c:\users\Jovan\AppData\Local\gegl-0.1
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 18:23 . 2011-10-18 19:26 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-12 12:36 . 2011-05-30 15:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 03:44 . 2011-11-10 03:44 8913920 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 03:16 . 2010-05-05 02:19 774656 ----a-w- c:\windows\system32\aticfx32.dll
2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:11 . 2011-11-10 03:11 417792 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 03:11 . 2011-11-10 03:11 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 03:10 . 2011-11-10 03:10 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\system32\atipdlxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-11-10 03:09 . 2011-11-10 03:09 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-11-10 03:06 . 2011-11-10 03:06 6077952 ----a-w- c:\windows\system32\atidxx32.dll
2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\system32\atioglxx.dll
2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-11-10 02:33 . 2010-05-05 01:41 5852672 ----a-w- c:\windows\system32\atiumdag.dll
2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\system32\aticaldd.dll
2011-11-10 02:29 . 2010-05-05 01:19 4200960 ----a-w- c:\windows\system32\atiumdva.dll
2011-11-10 02:18 . 2011-04-05 15:27 51200 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 263680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11 . 2011-11-10 02:11 32256 ----a-w- c:\windows\system32\atiuxpag.dll
2011-11-10 02:11 . 2010-05-05 01:22 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-11-10 02:11 . 2010-05-05 01:21 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-09 21:39 . 2011-11-09 21:39 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-11-09 21:39 . 2011-11-09 21:39 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-11-09 21:38 . 2011-11-09 21:38 14375936 ----a-w- c:\windows\system32\amdocl.dll
2011-11-09 21:37 . 2011-11-09 21:37 44032 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-30 18:48 . 2011-04-05 15:30 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-10-25 20:21 . 2011-10-25 20:21 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-21 19:16 . 2011-10-21 19:16 1843200 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-10-21 19:15 . 2011-10-21 19:15 104448 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-10-18 18:53 . 2011-10-30 18:23 3546664 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-10-18 17:10 . 2011-10-30 18:23 83048 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-10-18 14:57 . 2011-10-30 18:23 58264 ----a-w- c:\windows\system32\TepeqAPO.dll
2011-10-18 12:47 . 2011-10-30 18:23 1329768 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-10-18 10:05 . 2011-10-30 18:23 2276968 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-10-17 17:40 . 2011-10-17 17:40 82960 ----a-w- c:\windows\system32\drivers\AtihdLH3.sys
2011-10-17 16:30 . 2011-10-30 18:23 4238440 ----a-w- c:\windows\system32\RtkAPO.dll
2011-10-14 12:43 . 2011-10-30 18:22 1873920 ----a-w- c:\windows\system32\RCoRes.dat
2011-10-11 13:00 . 2011-10-18 19:26 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-18 19:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-07 03:48 . 2011-11-18 14:33 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52BDA092-9A86-4AC2-9580-29A6C8ECA708}\mpengine.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jovan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jovan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jovan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jovan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\programme\RocketDock\RocketDock.exe" [2007-09-02 495616]
"BackgroundSwitcher"="e:\programme\John's Background Switcher\BackgroundSwitcher.exe" [2011-07-07 119104]
"MonitorSwitch"="e:\programme\MonitorSwitch\MonitorSwitch.exe" [2011-07-06 696320]
"ViGlance"="c:\program files\ViGlance\ViGlance.exe" [2011-10-21 446464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-11-09 17049736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"avgnt"="e:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"TrayServer"="e:\programme\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe" [2008-08-07 90112]
"iTunesHelper"="e:\programme\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"StartCCC"="e:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
"Malwarebytes' Anti-Malware"="e:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1708537768-1659004503-725345543-1009]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [2010-07-05 11776]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
R2 MySQL51;MySQL51;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL51 [x]
R3 DfSdkS;Defragmentation-Service;e:\programme\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112]
R3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\Drivers\KUSBusByTCP.sys [2009-12-18 88064]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 91440]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
S2 AMD FUEL Service;AMD FUEL Service;e:\programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 291840]
S2 AntiVirSchedulerService;Avira Planer;e:\programme\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-07-05 84992]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\programme\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
S2 MBAMService;MBAMService;e:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 TeamViewer6;TeamViewer 6;e:\programme\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-25 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 8913920]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 263680]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-10-17 82960]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-20 232512]
S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\KUSBusByTCPMasterBus.sys [2009-12-18 60672]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 116016]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 46961904
*Deregistered* - 46961904
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
dot3svc REG_MULTI_SZ dot3svc
eapsvcs REG_MULTI_SZ eaphost
WudfServiceGroup REG_MULTI_SZ WUDFSvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-TITAN21-Jovan.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-05-11 00:25]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc7ab8f1c7f6ed.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 18:47]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 18:47]
.
2011-08-29 c:\windows\Tasks\{20D6952E-68DE-4424-86A1-52A986B2CC2B}.job
- c:\progra~1\Skype\Phone\Skype.exe [2011-11-09 13:42]
.
2011-07-12 c:\windows\Tasks\{B668B532-98D5-494C-820D-87372AC7F773}.job
- c:\progra~1\Skype\Phone\Skype.exe [2011-11-09 13:42]
.
2011-06-11 c:\windows\Tasks\{CAF720F3-3F53-4E82-A427-E5CB36721989}.job
- c:\progra~1\Skype\Phone\Skype.exe [2011-11-09 13:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
LSP: e:\programme\VMware\VMware Player\vsocklib.dll
TCP: Interfaces\{D893A6ED-7C8B-4434-B976-A0975702250E}: NameServer = 192.168.178.1,192.168.16.101
FF - ProfilePath - c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\b2ukvcbi.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - chrome://
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
.
------- Dateityp-Verknüpfung -------
.
.scr=SageThumbsImage.scr
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-DU Meter - e:\programme\DU Meter\DUMeter.exe
HKLM-Run-WinPatrol - c:\programme\BillP Studios\WinPatrol\winpatrol.exe
AddRemove-69083DC58646DE46A09847A522A1CC487F918039 - c:\progra~1\DIFX\270581~1\dpinst32.exe
AddRemove-9722CA1E8F72F362E93CBEC75A707FDABFC8D880 - c:\progra~1\DIFX\270581~1\dpinst32.exe
AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu
AddRemove-Memento Mori_is1 - d:\games\Memento Mori\unins000.exe
AddRemove-Mozilla Firefox 4.0 (x86 de) - c:\program files\Mozilla Firefox 4.0\uninstall\helper.exe
AddRemove-No23 Recorder - c:\programdata\Caphyon\Advanced Installer\{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}\No23 Recorder.exe
AddRemove-No23Live - c:\programdata\Caphyon\Advanced Installer\{6A1482E0-7119-4A66-BBF1-FFD95A6BA16C}\No23Live.exe
AddRemove-NVIDIA Drivers - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-UnZip-5.51_is1 - e:\programme\MinGW\uninstall\unins001.exe
AddRemove-ViSploreBeta1 - c:\progra~1\ViSplore\KillMe.exe
AddRemove-Wget-1.11.4-1_is1 - e:\programme\MinGW\uninstall\unins000.exe
AddRemove-xSIMS_NRaas_MasterController - d:\benutzer\Jovan\Electronic Arts\Die Sims 3\Mods\xSIMS_UnInstaller_for_NRaas_MasterController.exe
AddRemove-Mozilla Firefox 4.0.1 (x86 de) - c:\program files\Mozilla Firefox 4.0\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-02 21:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MySQL51]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL51"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-1659004503-725345543-1009\Software\SecuROM\License information*]
"datasecu"=hex:4e,02,fb,03,b7,83,48,b4,91,d8,67,01,d4,95,79,c5,a4,e4,cd,3f,d7,
86,b0,42,3a,ee,91,df,86,4e,2d,24,39,84,70,f2,22,f9,d7,78,91,c4,cd,69,5c,cf,\
"rkeysecu"=hex:c4,b1,33,40,0f,ad,de,9b,22,45,e3,64,83,36,1d,d8
.
Zeit der Fertigstellung: 2012-01-02 21:22:21
ComboFix-quarantined-files.txt 2012-01-02 20:22
.
Vor Suchlauf: 6 Verzeichnis(se), 18.496.614.400 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 23.893.360.640 Bytes frei
.
- - End Of File - - FB17FB127CCB843722251C200C987C93
|
aswMBR.exe und speichere die Datei auf deinem Desktop.