Code:
ComboFix 09-02-27.02 - Florizwei 2009-02-28 17:06:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2046.1314 [GMT 1:00]
ausgeführt von:: c:\users\Florizwei\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2009-01-28 bis 2009-02-28 ))))))))))))))))))))))))))))))
.
2009-02-28 16:40 . 2009-02-28 16:40 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 15:42 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-02-28 00:58 . 2009-02-28 01:22 250 --a------ c:\windows\gmer.ini
2009-02-27 21:46 . 2009-02-27 21:46 <DIR> d-------- c:\users\Florizwei\AppData\Roaming\Malwarebytes
2009-02-27 21:46 . 2009-02-27 21:46 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-27 21:46 . 2009-02-27 21:46 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-27 21:46 . 2009-02-27 21:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-27 21:46 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-27 21:46 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-27 21:43 . 2009-02-27 21:43 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-02-27 21:43 . 2009-02-27 21:43 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-02-27 21:41 . 2009-02-27 21:41 <DIR> d-------- c:\users\Florizwei\AppData\Roaming\SUPERAntiSpyware.com
2009-02-27 21:41 . 2009-02-27 21:41 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-27 21:38 . 2009-02-27 21:40 <DIR> d-a------ c:\users\All Users\TEMP
2009-02-27 21:38 . 2009-02-27 21:40 <DIR> d-a------ c:\programdata\TEMP
2009-02-27 20:57 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-27 20:57 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-27 20:57 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-27 20:57 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-27 20:57 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-27 20:22 . 2009-02-27 20:22 <DIR> d-------- c:\program files\CCleaner
2009-02-27 02:42 . 2009-02-27 02:42 <DIR> d-------- c:\windows\System32\Kaspersky Lab
2009-02-26 18:05 . 2009-02-28 16:11 <DIR> d-------- c:\users\Florizwei\AppData\Roaming\Xfire
2009-02-26 18:05 . 2009-02-26 18:08 <DIR> d-------- c:\users\All Users\Xfire
2009-02-26 18:05 . 2009-02-26 18:08 <DIR> d-------- c:\programdata\Xfire
2009-02-26 18:05 . 2009-02-26 18:05 <DIR> d-------- c:\program files\Xfire
2009-02-26 14:25 . 2009-02-26 14:25 <DIR> d-------- c:\program files\G4box
2009-02-20 23:11 . 2009-02-20 23:11 <DIR> d-------- c:\program files\Common Files\AVM
2009-02-20 23:11 . 2006-12-14 12:42 69,120 -ra------ c:\windows\System32\avmadd32.dll
2009-02-20 23:11 . 2006-05-29 01:00 16,384 -ra------ c:\windows\System32\avmprmon.dll
2009-02-18 19:43 . 2009-02-18 21:18 <DIR> d-------- c:\program files\PKR
2009-02-17 19:42 . 2009-02-17 19:42 <DIR> d-------- c:\program files\Softnyx
2009-02-17 19:37 . 2009-02-17 19:37 <DIR> d-------- c:\users\All Users\FLEXnet
2009-02-17 19:37 . 2009-02-17 19:37 <DIR> d-------- c:\programdata\FLEXnet
2009-02-16 15:53 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-16 15:53 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 15:53 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 15:53 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 15:53 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 23:46 . 2009-02-13 23:46 <DIR> d-------- c:\program files\Sierra
2009-02-11 19:32 . 2009-02-14 02:44 <DIR> d-------- c:\program files\Wolfenstein - Enemy Territory
2009-02-11 18:46 . 2009-02-28 17:02 <DIR> d-------- c:\users\Florizwei\AppData\Roaming\Free Download Manager
2009-02-11 18:46 . 2009-02-11 18:46 <DIR> d-------- c:\users\All Users\FreeDownloadManager.ORG
2009-02-11 18:46 . 2009-02-11 18:46 <DIR> d-------- c:\programdata\FreeDownloadManager.ORG
2009-02-11 18:46 . 2009-02-11 18:47 <DIR> d-------- c:\program files\Free Download Manager
2009-02-11 18:45 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 18:45 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-11 01:14 . 2009-02-11 01:14 42,320 --a------ c:\windows\System32\xfcodec.dll
2009-02-06 19:32 . 2009-02-06 19:32 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-02-06 19:32 . 2009-02-06 19:32 <DIR> d-------- c:\programdata\WindowsSearch
2009-02-05 21:20 . 2009-02-05 21:20 <DIR> d-------- c:\windows\System32\Futuremark
2009-02-05 21:20 . 2008-04-22 08:53 27,672 -ra------ c:\windows\System32\drivers\Entech.sys
2009-02-03 13:33 . 2009-02-03 13:33 533 --a------ c:\windows\eReg.dat
2009-01-29 15:57 . 2009-02-03 13:33 <DIR> d-------- c:\program files\Maxis
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 16:01 --------- d-----w c:\users\Florizwei\AppData\Roaming\Skype
2009-02-28 15:11 --------- d-----w c:\users\Florizwei\AppData\Roaming\skypePM
2009-02-28 10:43 144,963 ----a-w c:\users\Florizwei\AppData\Roaming\nvModes.dat
2009-02-27 20:41 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-25 00:02 --------- d-----w c:\program files\Common Files\Adobe
2009-02-20 22:11 --------- d-----w c:\program files\FRITZ!DSL
2009-02-20 22:11 --------- d-----w c:\program files\FRITZ!BoxPrint
2009-02-20 22:11 --------- d-----w c:\program files\FRITZ!Box
2009-02-20 13:05 --------- d-----w c:\users\Florizwei\AppData\Roaming\FRITZ!
2009-02-14 01:53 201,440 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-14 01:53 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-13 23:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 17:03 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-12 13:39 --------- d-----w c:\program files\EA GAMES
2009-02-12 11:44 --------- d-----w c:\program files\Windows Mail
2009-01-31 18:39 --------- d-----w c:\users\Florizwei\AppData\Roaming\FileZilla
2009-01-26 12:15 --------- d-----w c:\programdata\CheckPoint
2009-01-26 12:10 --------- d-----w c:\programdata\McAfee
2009-01-24 16:51 --------- d-----w c:\program files\Adobe Media Player
2009-01-24 16:47 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-01-24 16:05 --------- d-----w c:\users\Florizwei\AppData\Roaming\Download Manager
2009-01-24 02:05 --------- d-----w c:\programdata\Microsoft Help
2009-01-23 17:23 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-21 22:31 --------- d-----w c:\program files\Microsoft.NET
2009-01-21 22:28 --------- d-----w c:\program files\Microsoft Small Business
2009-01-21 17:44 --------- d-----w c:\program files\Microsoft Works
2009-01-18 14:37 --------- d-----w c:\program files\FileZilla FTP Client
2009-01-11 12:53 --------- d-----w c:\programdata\Skype
2009-01-11 12:53 --------- d-----w c:\program files\Common Files\Skype
2009-01-11 12:53 --------- d-----r c:\program files\Skype
2009-01-09 06:13 --------- d-----w c:\users\Gast\AppData\Roaming\FRITZ!
2009-01-02 19:52 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-01-02 19:51 --------- d-----w c:\program files\DVDVideoSoft
2009-01-01 18:16 --------- d-----w c:\users\Florizwei\AppData\Roaming\gtk-2.0
2009-01-01 16:48 --------- d-----w c:\program files\Total Video Converter
2008-12-29 16:06 --------- d-----w c:\program files\Reganam
2008-12-29 04:30 --------- d-----w c:\programdata\Symantec
2008-12-29 04:23 86,016 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-29 02:10 --------- d-----w c:\program files\AviSynth 2.5
2008-12-14 16:35 32 ----a-w c:\users\All Users\ezsid.dat
2008-12-14 16:35 32 ----a-w c:\programdata\ezsid.dat
2008-12-14 15:52 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-02 15:30 174 --sha-w c:\program files\desktop.ini
2008-12-02 13:47 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-02 13:47 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-08 17:07 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-11-08 17:07 56 ---ha-w c:\programdata\ezsidmv.dat
2008-11-04 23:32 214 ----a-w c:\users\Florizwei\AppData\Roaming\wklnhst.dat
2008-07-31 13:26 27,744 ----a-w c:\users\Gast\AppData\Roaming\nvModes.dat
2008-06-21 13:03 22,328 ----a-w c:\users\Florizwei\AppData\Roaming\PnkBstrK.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-12-20 24260392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2008-11-30 172792]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-24 857648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-24 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-24 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-24 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-13 c:\windows\RtHDVCpl.exe]
c:\users\Florizwei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-02-11 3008336]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2009-02-20 29184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AEF93C65-FC34-47E6-96BA-E0C169B1E112}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{04BF8A2F-A82D-4BE0-9FCD-D1FB0975C2E3}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{58C61879-6AF0-4214-8931-222D07304DD4}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded
"UDP Query User{31C0CE86-178D-407B-9BB9-241ACB7DCB15}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded
"{A5E1E818-0932-49A4-93C4-0399510D144C}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4054DA00-7AB6-47B9-97D8-59F7BF1DC4E9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C32029BD-E090-42F1-A00B-BA2878321808}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3F3414B7-F74F-4662-8FDE-670C8B9F3891}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{2EFA23D7-D08F-4121-BB03-6948EFF11E6D}"= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{8F825598-0C01-44B9-A119-FA72EFEB20C3}"= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"TCP Query User{6F9510CD-AAEF-496C-9920-9BAF582204BF}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{BC8D5B01-4066-496A-86DE-31895688F071}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{81E4FD0B-DCCD-411F-98DB-C2F938FF4484}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{3AED077D-847C-491C-AE02-D2A4A7CFD03E}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{0E81A1AA-D036-4BB5-A044-81E08B82C70C}c:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{04B492AB-9EBF-4ACD-9614-338ABCE7BF29}c:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"TCP Query User{3CFC1881-C0E0-4E35-B0B2-89F6BC2B98DF}c:\\program files\\gamespy arcade\\aphex.exe"= UDP:c:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.08
"UDP Query User{CC4E22A0-C3AA-4BF3-8112-D3DD63E22193}c:\\program files\\gamespy arcade\\aphex.exe"= TCP:c:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.08
"{83C4A1B0-A021-4102-AFC1-013F2F50DE21}"= UDP:c:\program files\Unreal Tournament 3 (LG)\Binaries\UT3.exe:Unreal Tournament 3
"{CD4B9B3C-2CF4-4728-951E-237E04482E48}"= TCP:c:\program files\Unreal Tournament 3 (LG)\Binaries\UT3.exe:Unreal Tournament 3
"TCP Query User{D6CFC2BE-9C66-4102-A28B-8F984D6094AE}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B70B557F-C74A-4A3B-8448-36B5CCB60970}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{947424FC-AF5D-417A-94A4-1E2070135038}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{FAC7F89A-C142-4D9C-873E-492F0E9CDC0D}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{B9905A38-8CE8-4737-9503-A81E86A5DA31}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\fpupdate.exe"= UDP:c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe:fpupdate
"UDP Query User{3F10EFF6-26BE-40D2-9A5E-8803A3611AA8}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\fpupdate.exe"= TCP:c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe:fpupdate
"TCP Query User{F6C4BF30-E17E-40DE-B59C-7471ACE5A7F9}c:\\program files\\ubisoft\\blue byte\\die siedler - das erbe der könige\\bin\\settlershok.exe"= UDP:c:\program files\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe:THE SETTLERS - Heritage of Kings
"UDP Query User{133A0686-6F89-4203-BAF5-16B98A35F6DE}c:\\program files\\ubisoft\\blue byte\\die siedler - das erbe der könige\\bin\\settlershok.exe"= TCP:c:\program files\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe:THE SETTLERS - Heritage of Kings
"TCP Query User{B0ED50CD-3708-4360-9836-5806FBDEE892}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{E79F202D-3407-43DD-A0F2-3359D3725BC6}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{C90DA8F7-9F7C-4EFB-97CA-6B1B231676BF}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
"UDP Query User{75151376-109A-4601-9896-627F43DA540E}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
"TCP Query User{C8CA047D-C0AF-4628-8541-71E5014D7599}c:\\users\\florizwei\\downloads\\9dragons_downloader_us_6-20-2008.exe"= UDP:c:\users\florizwei\downloads\9dragons_downloader_us_6-20-2008.exe:9dragons_downloader_us_6-20-2008.exe
"UDP Query User{0BBFAB83-5986-4E39-AFAD-95927FE5111F}c:\\users\\florizwei\\downloads\\9dragons_downloader_us_6-20-2008.exe"= TCP:c:\users\florizwei\downloads\9dragons_downloader_us_6-20-2008.exe:9dragons_downloader_us_6-20-2008.exe
"{6CFAEC46-4801-4A79-8147-EE93905FBAAF}"= UDP:c:\program files\FRITZ!DSL\IGDCTRL.EXE:AVM FRITZ!DSL - igdctrl.exe
"{0FC24476-C0C4-4E94-9DC4-A6E04058E985}"= TCP:c:\program files\FRITZ!DSL\IGDCTRL.EXE:AVM FRITZ!DSL - igdctrl.exe
"{AD9FD85F-B0EF-4B4B-BAE8-791624B8F1CA}"= UDP:c:\program files\FRITZ!DSL\FBOXUPD.EXE:AVM FRITZ!DSL - fboxupd.exe
"{B93A5DB7-7699-4373-A141-210ECA352553}"= TCP:c:\program files\FRITZ!DSL\FBOXUPD.EXE:AVM FRITZ!DSL - fboxupd.exe
"{E9E150F9-7B8F-4A6D-83C4-732292EC81D5}"= UDP:c:\program files\FRITZ!DSL\WebwaIgd.exe:AVM FRITZ!DSL - webwaigd.exe
"{E15C0FB4-BBF2-4E85-87BC-7EFAEDC18EE9}"= TCP:c:\program files\FRITZ!DSL\WebwaIgd.exe:AVM FRITZ!DSL - webwaigd.exe
"TCP Query User{8E839761-9B44-4205-858B-E7BCA46452BF}c:\\users\\florizwei\\desktop\\9dragons_downloader_us_6-20-2008.exe"= UDP:c:\users\florizwei\desktop\9dragons_downloader_us_6-20-2008.exe:9dragons_downloader_us_6-20-2008.exe
"UDP Query User{EED93ACE-673B-40AF-BBED-DD9BC32F6811}c:\\users\\florizwei\\desktop\\9dragons_downloader_us_6-20-2008.exe"= TCP:c:\users\florizwei\desktop\9dragons_downloader_us_6-20-2008.exe:9dragons_downloader_us_6-20-2008.exe
"TCP Query User{6E175B3C-2B8C-43A8-B97F-8D1D1D885F56}c:\\program files\\common files\\pocketsoft\\rtpatch\\autortp\\artpschd.exe"= UDP:c:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe:artpschd
"UDP Query User{CF00887E-FACA-4302-A01B-5CA13ADC3FE7}c:\\program files\\common files\\pocketsoft\\rtpatch\\autortp\\artpschd.exe"= TCP:c:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe:artpschd
"TCP Query User{338BD657-452B-4461-BDCD-019CCE3F2504}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{E000F3CE-4CEF-4E92-9803-C96F9208E96C}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"TCP Query User{A8EFA53D-16EF-4E94-BEF6-792FB2C7E796}c:\\regnum online\\liveserver\\roclientgame.exe"= UDP:c:\regnum online\liveserver\roclientgame.exe:RegnumOnline
"UDP Query User{29FB7B77-363F-46CD-B48B-A70FBDA0F0A9}c:\\regnum online\\liveserver\\roclientgame.exe"= TCP:c:\regnum online\liveserver\roclientgame.exe:RegnumOnline
"{3D810A07-B587-4ADC-84E1-1A47886A9F04}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{24C62352-BD83-4E7C-8FE2-1978433A00EA}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{E2DD9CA7-D826-4963-8F2A-F82F4BF9A32F}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{AB5655CE-23BF-43D5-B236-3DE207BF90C6}c:\\program files\\gtactix\\gtactix.exe"= UDP:c:\program files\gtactix\gtactix.exe:Gtactix
"UDP Query User{5448DDFD-5A74-4FA2-A97D-38A6347C2E90}c:\\program files\\gtactix\\gtactix.exe"= TCP:c:\program files\gtactix\gtactix.exe:Gtactix
"{3AADE218-3381-4879-B06B-BB45CED126EC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3560F2CC-8033-481D-8A42-6910E1B65FC5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{50A58B55-42A9-4EB9-97B9-6C17C8DEBEAF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{13A51C9D-3D0A-42E7-AE03-C6E514028063}"= UDP:c:\program files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat
"{BE507B38-0439-4D55-A952-E116B8E1A28E}"= TCP:c:\program files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat
"{2D17DFE2-F366-489D-95E2-79730EB02E36}"= Disabled:UDP:E:\fsetup.exe:AVM FSetup Application
"{4184D9B9-9B4C-48AB-B5E3-4FCB85C8D2B2}"= Disabled:TCP:E:\fsetup.exe:AVM FSetup Application
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [2007-12-29 13312]
R2 SVKP;SVKP;c:\windows\System32\SVKP.sys [2008-07-31 2368]
S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{402bb94d-dde6-11dc-9416-806e6f6e6963}]
\shell\AutoRun\command - E:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{debfab10-55ae-11dd-ba93-806e6f6e6963}]
\shell\AutoRun\command - F:\start.bat
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\users\Florizwei\AppData\Roaming\Mozilla\Firefox\Profiles\aooygi5k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.tcm-gaming.de
1 Datei(en) verschoben.
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 17:09:02
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2009-02-28 17:11:17
ComboFix-quarantined-files.txt 2009-02-28 16:10:21
Vor Suchlauf: 20 Verzeichnis(se), 66.807.234.560 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 66,778,152,960 Bytes frei
274 --- E O F --- 2009-02-27 20:04:04
Ich habe mich überwunden. xD |
